General Info

URL

http://www.tehlit.ru

Full analysis
https://app.any.run/tasks/b999c365-6058-43a9-8459-e9652105e5c6
Verdict
Malicious activity
Analysis date
12/2/2019, 22:38:47
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads the hosts file
  • chrome.exe (PID: 856)
  • chrome.exe (PID: 532)
Application launched itself
  • chrome.exe (PID: 532)
Changes settings of System certificates
  • chrome.exe (PID: 856)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
49
Monitored processes
14
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
532
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.tehlit.ru"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wpc.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\samlib.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wbem\wmiperfinst.dll
c:\windows\system32\pdh.dll

PID
3752
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6ed2a9d0,0x6ed2a9e0,0x6ed2a9ec
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
1044
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=992 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_watcher.dll

PID
3680
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=980,11730090466670949264,8819684291380496565,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=17776301920764027021 --mojo-platform-channel-handle=992 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libegl.dll

PID
856
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=980,11730090466670949264,8819684291380496565,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=17248449079226374191 --mojo-platform-channel-handle=1584 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ntmarta.dll

PID
2180
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,11730090466670949264,8819684291380496565,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18236359092874552474 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3452
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,11730090466670949264,8819684291380496565,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12617119353177752720 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1780
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,11730090466670949264,8819684291380496565,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10589619628296307376 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1756
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,11730090466670949264,8819684291380496565,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14341780763833749734 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2124
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,11730090466670949264,8819684291380496565,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4138971382899373666 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2040
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,11730090466670949264,8819684291380496565,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2531035718486539199 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1748
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,11730090466670949264,8819684291380496565,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2373611183910079859 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3720
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=980,11730090466670949264,8819684291380496565,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4024309404453730371 --mojo-platform-channel-handle=4132 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
1944
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=980,11730090466670949264,8819684291380496565,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=450931721256200429 --mojo-platform-channel-handle=2224 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

Registry activity

Total events
591
Read events
540
Write events
50
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
532
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
532
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13219796344603625
532
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
1044
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
532-13219796343134875
259
856
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
856
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
856
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
856
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
856
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
856
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
856
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\EAB040689A0D805B5D6FD654FC168CFF00B78BE3
Blob
030000000100000014000000EAB040689A0D805B5D6FD654FC168CFF00B78BE31400000001000000140000005379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB040000000100000010000000DB78CBD190952735D940BC80AC2432C00F0000000100000030000000435FE6564241D6B3828352EF9BE443D511C21F0AFB325C4038A5820F00D87774A8EF2193DDAAE065B2572FAF2BF0EE63190000000100000010000000EA6089055218053DD01E37E1D806EEDF18000000010000001000000045ED9BBC5E43D3B9ECD63C060DB78E5C4B0000000100000044000000350034003500370041003800430045003400420032004100370034003900390046003800320039003900410030003100330042003600450031004300370043005F00000020000000010000007B050000308205773082045FA003020102021013EA28705BF4ECED0C36630980614336300D06092A864886F70D01010C0500306F310B300906035504061302534531143012060355040A130B416464547275737420414231263024060355040B131D41646454727573742045787465726E616C20545450204E6574776F726B312230200603550403131941646454727573742045787465726E616C20434120526F6F74301E170D3030303533303130343833385A170D3230303533303130343833385A308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010080126517360EC3DB08B3D0AC570D76EDCD27D34CAD508361E2AA204D092D6409DCCE899FCC3DA9ECF6CFC1DCF1D3B1D67B3728112B47DA39C6BC3A19B45FA6BD7D9DA36342B676F2A93B2B91F8E26FD0EC162090093EE2E874C918B491D46264DB7FA306F188186A90223CBCFE13F087147BF6E41F8ED4E451C61167460851CB8614543FBC33FE7E6C9CFF169D18BD518E35A6A766C87267DB2166B1D49B7803C0503AE8CCF0DCBC9E4CFEAF0596351F575AB7FFCEF93DB72CB6F654DDC8E7123A4DAE4C8AB75C9AB4B7203DCA7F2234AE7E3B68660144E7014E46539B3360F794BE5337907343F332C353EFDBAAFE744E69C76B8C6093DEC4C70CDFE132AECC933B517895678BEE3D56FE0CD0690F1B0FF325266B336DF76E47FA7343E57E0EA566B1297C3284635589C40DC19354301913ACD37D37A7EB5D3A6C355CDB41D712DAA9490BDFD8808A0993628EB566CF2588CD84B8B13FA4390FD9029EEB124C957CF36B05A95E1683CCB867E2E8139DCC5B82D34CB3ED5BFFDEE573AC233B2D00BF3555740949D849581A7F9236E651920EF3267D1C4D17BCC9EC4326D0BF415F40A94444F499E757879E501F5754A83EFD74632FB1506509E658422E431A4CB4F0254759FA041E93D426464A5081B2DEBE78B7FC6715E1C957841E0F63D6E962BAD65F552EEA5CC62808042539B80E2BA9F24C971C073F0D52F5EDEF2F820F0203010001A381F43081F1301F0603551D23041830168014ADBD987A34B426F7FAC42654EF03BDE024CB541A301D0603551D0E041604145379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF30110603551D20040A300830060604551D200030440603551D1F043D303B3039A037A0358633687474703A2F2F63726C2E7573657274727573742E636F6D2F416464547275737445787465726E616C4341526F6F742E63726C303506082B0601050507010104293027302506082B060105050730018619687474703A2F2F6F6373702E7573657274727573742E636F6D300D06092A864886F70D01010C050003820101009365F63783950F5EC3821C1FD677E73C8AC0AA09F0E90B26F1E0C26A75A1C779C9B95260C829120EF0AD03D609C476DFE5A68195A746DA8257A99592C5B68F03226C3377C17B32176E07CE5A14413A05241BF614063BA825240EBBCC2A75DDB970413F7CD0633621071F46FF60A491E167BCDE1F7E1914C9636791EA67076BB48F8BC06E437DC3A1806CB21EBC53857DDC90A1A4BC2DEF4672573505BFBB46BB6E6D3799B6FF239291C66E40F88F2956EA5FD55F1453ACF04F61EAF722CCA7560BE2B8341F26D97B1905683FBA3CD43806A2D3E68F0EE3B4716D4042C584B440952BF465A04879F61D8163969D4F75E0F87CE48EA9D1F2AD8AB38CC721CDC2EF
1944
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
1944
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
1944
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
1944
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@sendmail.dll,-4
Mail recipient
1944
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient

Files activity

Executable files
0
Suspicious files
60
Text files
64
Unknown types
2

Dropped files

PID
Process
Filename
Type
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
compressed
MD5: cb9ceb31bc038e94d6de32929933eb19
SHA256: 19c55466f9ec054b39bf113d4360e876fa554813d1caefc247034086e50ed37d
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: ca7b258fa125431c3cd08b57e2977d93
SHA256: 020467808629b447cdd1c54e7e7781030482637b31951e958e1a2c66c3a48c31
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF3a6cc9.TMP
text
MD5: ca7b258fa125431c3cd08b57e2977d93
SHA256: 020467808629b447cdd1c54e7e7781030482637b31951e958e1a2c66c3a48c31
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\da8c0add-bde1-4213-ae80-ef3864232e99.tmp
––
MD5:  ––
SHA256:  ––
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF3a647c.TMP
text
MD5: fd2b0ef37c4ab567da989cb6b8357b16
SHA256: a9c8379eec362c242f23a5847e578cd69ea5350d521553f7156c98a0f23626ba
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: fd2b0ef37c4ab567da989cb6b8357b16
SHA256: a9c8379eec362c242f23a5847e578cd69ea5350d521553f7156c98a0f23626ba
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\612ca5ca-5f22-49d1-b98c-e5de5cdbe5e0.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 6f5421b451e9bec9c79115053b4f7a3f
SHA256: 5fb1e01e98acfc8bd63d37d11b0960e4988c5a06b7f8ae712ffd00456e124c3d
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3a4636.TMP
text
MD5: 6f5421b451e9bec9c79115053b4f7a3f
SHA256: 5fb1e01e98acfc8bd63d37d11b0960e4988c5a06b7f8ae712ffd00456e124c3d
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\3be1703f-7ecc-4c2d-b825-1c6fb79b21db.tmp
––
MD5:  ––
SHA256:  ––
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF3a32cd.TMP
text
MD5: 8a8ab27df1a6d8ff585cfd30b6a94461
SHA256: 4811574563888be67816c59c1b9076389659b64fd38f47fa731c305f9b591430
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 8a8ab27df1a6d8ff585cfd30b6a94461
SHA256: 4811574563888be67816c59c1b9076389659b64fd38f47fa731c305f9b591430
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\8c9c3b18-8efc-4239-8f76-4eb5a1b7d451.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
binary
MD5: 22b178a6cc30863168675c90dc3204d9
SHA256: dcaee5404c6cbf8a8232b18a1d7bcd5edb709c373d6803ff8bf5d9ee261dc845
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RF3a116a.TMP
binary
MD5: 22b178a6cc30863168675c90dc3204d9
SHA256: dcaee5404c6cbf8a8232b18a1d7bcd5edb709c373d6803ff8bf5d9ee261dc845
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 43ed5eeff6467031cc7936cda9eb1a9c
SHA256: 8f21005d33a44d666fee39b43b06e460045075d4dce01e36555ce7f2a57753c5
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF3a0dff.TMP
text
MD5: 43ed5eeff6467031cc7936cda9eb1a9c
SHA256: 8f21005d33a44d666fee39b43b06e460045075d4dce01e36555ce7f2a57753c5
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\9997bb10-7aed-4aeb-8b38-03ef390bcd1f.tmp
––
MD5:  ––
SHA256:  ––
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF3a0034.TMP
text
MD5: 91367d00ec750d0a18eb4725817cfa6a
SHA256: 505f3b982c11e937d50b9cb9b8b7819322758ceff9ad978bd3795ad5574ab8d3
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 91367d00ec750d0a18eb4725817cfa6a
SHA256: 505f3b982c11e937d50b9cb9b8b7819322758ceff9ad978bd3795ad5574ab8d3
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\082ffce6-c079-4af0-8265-84893e48ca75.tmp
––
MD5:  ––
SHA256:  ––
856
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD
binary
MD5: 9185d33c2905952dae9bb08803f39c90
SHA256: 8842d901fef70eeb3162a34c9311ab9e81adc5058560cb3b9d94d910e5390c99
856
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
der
MD5: db78cbd190952735d940bc80ac2432c0
SHA256: 1a5174980a294a528a110726d5855650266c48d9883bea692b67b6d726da98c5
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF39d3a6.TMP
text
MD5: 99a038cdcc50daf187fbaf8705a0cb7a
SHA256: c5d951aba00e30beda57415944a25ec66a1e016da4829a3323d83e448260b35e
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 99a038cdcc50daf187fbaf8705a0cb7a
SHA256: c5d951aba00e30beda57415944a25ec66a1e016da4829a3323d83e448260b35e
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1dbaeae3-eae2-4798-8693-1ee4cd69cbd1.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 0df28c88ae1e25737a047e8d7884c551
SHA256: b409a947899480d57c5ae951927973b5d4a8babd1f044fd0a0b4a0623d988b95
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF39cfed.TMP
text
MD5: 0df28c88ae1e25737a047e8d7884c551
SHA256: b409a947899480d57c5ae951927973b5d4a8babd1f044fd0a0b4a0623d988b95
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4562d260-0f15-4901-8b5c-402bcef2a95e.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 065c52cdd2586e8ba524d3510c7468af
SHA256: 844c986c58f4092724a94c7bfdc02e35b93bec8319abd6b1dd52826e55933684
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF39cf02.TMP
text
MD5: 065c52cdd2586e8ba524d3510c7468af
SHA256: 844c986c58f4092724a94c7bfdc02e35b93bec8319abd6b1dd52826e55933684
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\9a8c0f10-2636-47a3-a0d2-e85730031d9b.tmp
––
MD5:  ––
SHA256:  ––
856
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 4833297d2d2ff44854c92f58eea04651
SHA256: f1857e58dbe5cc7dc16e5e2f1eb965e8e69e0f5a0242d0da2866ab398e008745
856
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarCAB2.tmp
––
MD5:  ––
SHA256:  ––
856
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabCAB1.tmp
––
MD5:  ––
SHA256:  ––
856
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 5ad071a3917588e8cd883b123b395b21
SHA256: de62965c15528da598b0079d2d20d953dd6f71b13a23807bff0666d03f69c0fa
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fe44898c69ac0fc2_0
binary
MD5: 7c5013ab802b214392cd200bdcbd3a39
SHA256: cd2655d4fc84628c90e7c2c21352614c4c49884e13b1aac52533db232c9d4fec
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9c9d1d45a09c479d_0
binary
MD5: ed9ba4229ae2262ec85f81e4ad4e3d56
SHA256: 6a36ddcf390a4352ac3d5c273c36b31e5e35ccea7dd410b9f0e438f54cd49fb5
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\590bb53238dcb509_0
binary
MD5: 18e9f820eba368c3e1fff4e2b2f07d30
SHA256: 0a6ad854d5f2a0d960e94b3bccf29200d211e376ff8e2c2312dcf3a7a288369b
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fdde441248a0c88b_0
binary
MD5: 9be1ad361b5dfee202a62ec470ed5109
SHA256: 7f2a6fa40272a003ead192ec3c2283acbb2cef43b6fb0fdb637be3fe3cad2d4a
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a9c65b7dfd3c3b4e_0
binary
MD5: 5e8bbf2d234f27ec0dd275c60e20e2d6
SHA256: 1de8e0e2babc512ee8e15b6184fe4f55fd0e79f4c6967f86b10c047cc4baf606
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
mp3
MD5: 4c6dc892335bc91f35820e4ac65aea5a
SHA256: 64513c6b57eb75e6f32f078c15cba1946a42191e9bd25c20684365338360553e
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eecefeca3d6248d6_0
binary
MD5: ee9a1f4ab2b103344e6058accdaca660
SHA256: 20df6dc52da032e2a82fc5a88acbf6a2d8155440d6e7fc9a5c6c7d1fd82d3640
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3a9301a09e170ace_0
binary
MD5: 90d50d81e62aafeab4fa9a1f56b84f06
SHA256: 766ce350cf52c368fbf0726a8ed622e80f87c3efcae57641ac08084c0c86129e
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4128da5ce2be43fe_0
binary
MD5: 67416318c762d51ed4cf6416355a5125
SHA256: fee860f8b8af081a5f7faaaaeb61309bca90cb86ed68d381da5c1662dcb6228d
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
binary
MD5: 2b001725954906d7aa3c01a721d9603f
SHA256: 1c6cec506fb8bd05cd2bed69c9f0aa316e91d6154d25ef3ec18ae24ee1294fa0
856
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarBCC6.tmp
––
MD5:  ––
SHA256:  ––
856
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabBCC5.tmp
––
MD5:  ––
SHA256:  ––
856
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarBCA4.tmp
––
MD5:  ––
SHA256:  ––
856
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabBCA3.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2f2c9bb60729f749_0
binary
MD5: 87b71356347792337f05061523f0fbee
SHA256: e03f82992296ac716f79a1ad96222015e301b425e996527512afd1563abdc7bc
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
compressed
MD5: 52f137548fe0ad4ab5d1f69c3d5abcea
SHA256: 62f095b4d720e3ef80005cefdca3a60ace1895e09dc8c66437201b9e1dad49fc
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c1b33da0a1a5dfdd_0
binary
MD5: 205d2e49b84aa4a67db05716c7ad3f61
SHA256: ab8bcf1c326b2223b1fe689b198eca1b9a42b9742641d97f2359ff5b667c174a
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\48a323b5d2c13725_0
binary
MD5: 9f764a5f9028860b4e6e46467d480c17
SHA256: 2c148991165bea519d7dd2f7b6f4e9509fda6a702fc1d2e549ef6ebd21167f93
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
image
MD5: a024620558c5ce95a2893dedd2e142ba
SHA256: 17bd54ed789e63e201a2eede381cc66dfb8ce1c960851e871af44264e98efc54
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5fe2cc8867e69d84_0
binary
MD5: d60fb430c0fc83c3990130819cc14658
SHA256: c828b1c622d7fb3fb4859609aae668a21f46c7fb71b5acc3c31e8fb447f49ac2
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eff36d4d3abd111b_0
binary
MD5: c7ba65f7ebe3a633fdcd8e0dad44fefc
SHA256: 1a540789a4c71b62dff759cc483b5367572bc81e180adea6999507de2db6a296
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000001.dbtmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\716f045ba9849594_0
binary
MD5: 805f4dabe768526be0c58cf8167ce5cf
SHA256: 0b40393d38f9e524a0548c25c0e0a7582c39f20fcc979e5567136f39adf78d4c
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
ini
MD5: bbdcf6f86484a2d85996d0b119681846
SHA256: f5df4ebcd2ceffd4d6c69b7cc202da1c17d0fb3d9c9e2375f87502de40769c9f
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a8913a69e8f58f48_0
binary
MD5: a658031fd0b1334753f23d082acf8013
SHA256: bda1e489bf8d4cdd1b9f756f192b382c8e5a4c91852b58d8c7e3d40706b1b2f4
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
compressed
MD5: 5e56d0854ff104e07443ee55de39503b
SHA256: 6fb601dcb245d52aee15e16388f28d59f27aef24b2eeab414bbd388d7ddcbbc3
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7aab95628d06ed65_0
binary
MD5: dfe8fb5d0a7995c95c84ffa4e0c12831
SHA256: fe42d7317ffd2cfadbd3e55268c32818ac1ae827ef2dc1a1d74f438e8b4f44ed
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a155410ee0c0730b_0
binary
MD5: b0e4a32e3e05008f7ba4353f311b09b9
SHA256: 7b2e76a76f83a45ce8d84ca2a7ce4639978658d98be1be9156993c48d8fc5a57
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c56785ede3db478_0
binary
MD5: 60526a6775b70d8f915e7f4018b50eee
SHA256: ac05e810f9baaf6098dcaa3c4cd06e7ab9416e589f2c03d62b06d612c9e3c4f8
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d3143bac9be1d5ca_0
binary
MD5: f13e3df816db8793918cd5556b659aa8
SHA256: 65f773cc5756d3cb9257d74ae3b5e5bf072f0037ea560c7336de5a868dc2fa7e
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8bbf68798aadfa17_0
binary
MD5: 8b945aa3d53dbc97f343a64540922bdc
SHA256: 67e210bd2fefeec2a334fb2c80c27ffb96820e9647c2891b7478fb314ec65a62
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f8f5f6d11b80e0de_0
binary
MD5: aff03e7738dc8e86669281604cf5e8ac
SHA256: d18440ed50858b8ae8dff7c2fe8c7ed8565178af10d85f60c8289e55f9359494
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d58aa31a9aae3691_0
binary
MD5: e48eb36aee9c5524a62a14c7391edfcb
SHA256: 6e03d931c45b380d941674b487afb4b1efaeadc96209dd3902b8ea576f7fa4df
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\517acb44b4adfb23_0
binary
MD5: 26a7445a7398b7c5be1885684e039591
SHA256: e9c396cc2c3fe33f68a35369f56c857cf0440128bdb0017f5bfffe8eb64b767f
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
binary
MD5: 3d046affc088c923202563b6c015c26a
SHA256: d9082899a6ce22a6c8af8fd2b310a4c24cd7af48ed99e0c281222e7925f2762e
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c13c854dd40ddbd0_0
binary
MD5: aac6781f054208bca012df114097e2bc
SHA256: dbc3fd458ea968cd583242e1e87d158c26c00378d48da6ddee8a30aad0d907db
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ba1d54cb472d38d4_0
binary
MD5: b68c2f43a6d6f11fbec060277c7e720e
SHA256: bc98b1295e4e910025f441a92a5d7cd70237adf6a054c2c47848d4003bce7255
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
image
MD5: 6108e92cb7e6aac8eb6f229a000be475
SHA256: d16663ee113a1d62cc343d43b05eea4a6fcbf1b8d868e82731621398e163e0f6
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f8f5f6d11b80e0de_0
binary
MD5: f2b710a97ead711d11c765a3c9756abf
SHA256: eac13b2e80fb1aa018cfd86299562369d76a03b54f0942ec58275719fc9b3f87
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\50c1da6d46db92e0_0
binary
MD5: a464ba0340f2c76bcb1fdbaf20c8c20e
SHA256: 1992141591575fc0efa8587c923ac66c2f3ad7df99ad9de3e291d76273ffdc17
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ee77ff91e0ca9f9c_0
binary
MD5: f560f73ac290787c05366ed5250a6ce7
SHA256: 8764afb43fd85fb8816be8479baae2314dd43d3c0f66fe872c4c21b959ae5c00
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
compressed
MD5: 0561d60e42d1ee1fd0b7f8acf33a3e26
SHA256: 2b826bcd97a68ed4f3f7fcea8eb15d126feb1a34804a3fd2df71b8e4fe6a404f
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
compressed
MD5: 8c2fc451dc8d3a8c54ad8dee441ef6c3
SHA256: 7f1fc01267fd3dbf9cbfc998d2ab441e43d868eaa0752c6c7861beec5c7db286
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
binary
MD5: 307256cbf8818560027139cbcc24c603
SHA256: 2c089b323e4dc58d718518a1fb37fde1061ed993f5995cb29add6bacff98dfb4
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cffffce75c5b1231_0
binary
MD5: 34131c7c025c9eacc8e45113088c8323
SHA256: 01fa21fdc1c2f079fdf41612039f379af1509da7c273f79c777d866095d8d541
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 97aa7678fb9d338d08c371711b54a104
SHA256: 4657635b66fa68ae1550b7bff4e54016f8874b4df43a004c9a7244c8465c6ca8
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a3277ad484fe43c1_0
binary
MD5: ca60f5c440c8daeec6e52fea76a4a780
SHA256: f9e4632464459b82e335407158bc05c3c76b9a52687846a5cba1504de8f4101d
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
compressed
MD5: 536e53439546ebc861e008b2147a102e
SHA256: 47a575345803222c44570b6c3f48b952baedbc844b78743e978438cfa7cdabce
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 92eb31d830454841999ecdb4a714d301
SHA256: 63f01870e03b0329f3ae859435ef5610661a45085390af36275ae7d6808c8ffb
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\955d8aaeddfa074b_0
binary
MD5: 2c78bcf4aad61cfad8b01ae68acc844a
SHA256: 0e5f05cd260297f333f575d54ad4f5ed7604c49666755dbf1915010ce17716cf
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\955d8aaeddfa074b_0
binary
MD5: fd504004a22dfc13cf513517e29fac12
SHA256: e09d11ded361bb56ec666a76f6f382c173dc0f48a3c6ddc0e763a227276d9c49
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF39afe2.TMP
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF39af65.TMP
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
compressed
MD5: 843419dc7fbe5bed97d43c7269004844
SHA256: cc3417f554f34ee64aba07272e65a89a7ad0c7da6625143c3a18dfc57def811c
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
text
MD5: f22023c847715c32901ef9c1762d5602
SHA256: 1a0fc51c99cd12a668d48446ae07655cd3aaf54b7d293ecdafac2880a45fc8c3
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
binary
MD5: 891a884b9fa2bff4519f5f56d2a25d62
SHA256: e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old
text
MD5: 722d616be0caaf9ed585c9aea7f3742c
SHA256: f86c514fa380332be463670b3b334c8feedc2f6cb9b4118ea367729b056de0fb
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old
text
MD5: 911b244e4a362b56f2478647d2d61a40
SHA256: 3a5aec1ea537d8841e604d0aa4cd5f9241c805a3d4eb4e372cfb7eeb3678a361
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 0acecca4cf9ade756da7cc9dcdf02d50
SHA256: 18f910775132b4fee014ea0fab836d857f367e76232fab4ae6a86a92e4c3ebee
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF39aa54.TMP
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF39aa54.TMP
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF39a9f6.TMP
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\cecf1330-7ba1-4755-bcbc-7a24287f59fe.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: a519780ed0a2f4336db4f5651d79c369
SHA256: da5b71bd0075b55757bf757bf5f4d4a1dcbcf0762cda5b31b28680963e068c75
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF39a9c7.TMP
text
MD5: a519780ed0a2f4336db4f5651d79c369
SHA256: da5b71bd0075b55757bf757bf5f4d4a1dcbcf0762cda5b31b28680963e068c75
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 0686d6159557e1162d04c44240103333
SHA256: 3303d5eed881951b0bb52cf1c6bfa758770034d0120c197f9f7a3520b92a86fb
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 213ae3da120d7862d60b5763b6c9d466
SHA256: 5736534d6ee654c1bf1a8e79e73330af58f622e8657285330d2c7189a55604f4
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF39a979.TMP
text
MD5: 213ae3da120d7862d60b5763b6c9d466
SHA256: 5736534d6ee654c1bf1a8e79e73330af58f622e8657285330d2c7189a55604f4
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF39a969.TMP
text
MD5: c4d6cbb269c626168a5d6d0d8cce6c30
SHA256: b62cdbb758278a0c2e50593357390119441d8de09428eb29027f3dfd1332e348
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: dc32343f45b01764b6267ad36548102a
SHA256: a250f5ad57d4bd58aae92810d50278e3be2dbf869f126a3a3519691bcdfc2075
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: c4d6cbb269c626168a5d6d0d8cce6c30
SHA256: b62cdbb758278a0c2e50593357390119441d8de09428eb29027f3dfd1332e348
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF39a93b.TMP
text
MD5: dc32343f45b01764b6267ad36548102a
SHA256: a250f5ad57d4bd58aae92810d50278e3be2dbf869f126a3a3519691bcdfc2075
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: 1a89a1bebe6c843c4ff582e7ed33ca1f
SHA256: 65099ca087b66aa8ca420ab121daad713e1db5a61c5a574d9b1c0df24f012520
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3752
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: 9543068b6751e1f3e11f91d72ee78d95
SHA256: d060ad21ae6e04cb58668caa52adfca573e018102cc07554d2ed3eae11ab7785

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
69
TCP/UDP connections
159
DNS requests
95
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
856 chrome.exe GET 200 31.131.251.75:80 http://www.tehlit.ru/ RU
html
unknown
856 chrome.exe GET 200 31.131.251.75:80 http://www.tehlit.ru/images/MsSpacer.gif RU
image
unknown
856 chrome.exe GET 200 172.217.22.98:80 http://pagead2.googlesyndication.com/pagead/show_ads.js US
text
whitelisted
856 chrome.exe GET 302 77.88.55.70:80 http://www.yandex.ru/cycounter?www.tehlit.ru RU
––
––
whitelisted
856 chrome.exe GET 200 138.201.159.191:80 http://tools.spylog.ru/counter2.2.js DE
text
unknown
856 chrome.exe GET 404 31.131.251.75:80 http://www.tehlit.ru/_borders/images/MsSpacer.gif RU
html
unknown
856 chrome.exe GET 204 91.192.148.204:80 http://autocontext.begun.ru/autocontext2.js RU
––
––
unknown
856 chrome.exe GET 200 81.19.89.22:80 http://counter.rambler.ru/top100.cnt?1185751 RU
image
whitelisted
856 chrome.exe GET 302 217.69.133.145:80 http://d9.ca.b3.a1.top.list.ru/counter?id=1288658;t=48 RU
––
––
unknown
856 chrome.exe GET 200 216.58.210.19:80 http://api.cloudleadia.com/wnew.js?wc=leadia/default/blade&w=5734&p=lawyer US
text
malicious
856 chrome.exe GET 302 217.69.133.145:80 http://top-fwz1.mail.ru/counter?id=1288658;t=48;ver=30 RU
––
––
whitelisted
856 chrome.exe GET 200 217.69.133.145:80 http://top-fwz1.mail.ru/counter2?id=1288658;t=48;ver=30 RU
image
whitelisted
856 chrome.exe GET 404 31.131.251.75:80 http://www.tehlit.ru/_borders/images/MsSpacer.gif RU
html
unknown
856 chrome.exe GET 404 31.131.251.75:80 http://www.tehlit.ru/_borders/images/MsSpacer.gif RU
html
unknown
856 chrome.exe GET 200 77.88.21.90:80 http://an.yandex.ru/resource/context.js?rnd=11710 RU
text
whitelisted
856 chrome.exe GET 404 31.131.251.75:80 http://www.tehlit.ru/_borders/images/MsSpacer.gif RU
html
unknown
856 chrome.exe GET 200 216.58.210.19:80 http://api.cloudleadia.com/static/js/jquery.min.js US
text
malicious
856 chrome.exe GET 200 195.201.243.72:80 http://www.acint.net/aci.js RU
text
unknown
856 chrome.exe GET 200 195.201.243.72:80 http://www.acint.net/hit/?v=0.2.1&uid=dd52ce5e-4eae-4df8-a2a6-356270990fd8&dp=10&tz=%2B00%3A00&nc=70033669&u=http%3A%2F%2Fwww.tehlit.ru%2F&r=&rs=1280x720&t=%D0%93%D0%9E%D0%A1%D0%A2.%20%D0%A2%D0%B5%D1%85%D0%BD%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B0%D1%8F%20%D0%BB%D0%B8%D1%82%D0%B5%D1%80%D0%B0%D1%82%D1%83%D1%80%D0%B0.%20WWW.TEHLIT.RU-%D0%91%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%B0%D1%8F%20%D1%8D%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B0%D1%8F%20%D0%B1%D0%B8%D0%B1%D0%BB%D0%B8%D0%BE%D1%82%D0%B5%D0%BA%D0%B0%20%D1%82%D0%B5%D1%85%D0%BD%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%BE%D0%B9%20%D0%BB%D0%B8%D1%82%D0%B5%D1%80%D0%B0%D1%82%D1%83%D1%80%D1%8B.&oE=1&oP=1&dT=2019-12-02T21%3A39%3A07.926&fu=b330d2ff-f75c-412a-9c14-6d4bd2e061d9 RU
image
unknown
856 chrome.exe GET 302 88.212.201.198:80 http://counter.yadro.ru/hit?t13.6;r;s1280*720*24;uhttp%3A//www.tehlit.ru/;0.6362546190131353 RU
html
whitelisted
856 chrome.exe GET 302 195.201.243.72:80 http://www.acint.net/mc/?dp=10 RU
html
unknown
856 chrome.exe GET 200 216.58.210.19:80 http://api.cloudleadia.com/wnew.js?wc=leadia/default/blade&w=5734&p=lawyer&loadwidget=true&isMobile=0&unique=1&9001fe0763f92ef349432f4c7fe31949d03a05c3 US
text
malicious
856 chrome.exe GET 200 195.201.243.72:80 http://www.acint.net/mc/?dp=10&tc=1 RU
html
unknown
856 chrome.exe GET 200 88.212.201.198:80 http://counter.yadro.ru/hit?q;t13.6;r;s1280*720*24;uhttp%3A//www.tehlit.ru/;0.6362546190131353 RU
image
whitelisted
856 chrome.exe GET 200 216.58.210.19:80 http://api.cloudleadia.com/static/widget_source/leadia/default/blade/lawyer/script.min.js?e36c2f290377605851d2cda1cbe8825ccfcc3a9d US
text
malicious
856 chrome.exe GET 200 87.250.247.183:80 http://avatars.mds.yandex.net/get-direct/28208/bkgMRxRevZgm5htZoz1IMQ/y180 RU
image
whitelisted
856 chrome.exe GET 302 188.42.191.196:80 http://ads.betweendigital.com/match?bidder_id=73&external_user_id=0100007F7C84E55D8905E27B02033B59 LU
––
––
whitelisted
856 chrome.exe GET 200 193.200.65.5:80 http://t.trafmag.com/images/1px-matching-rtbsape.gif?id=0100007F7C84E55D8905E27B02033B59 NL
––
––
whitelisted
856 chrome.exe GET 302 95.181.171.214:80 http://ssp-rtb.sape.ru/rmatch/?r=%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D RU
html
unknown
856 chrome.exe GET 302 136.243.75.35:80 http://px.adhigh.net/p/cm/sape?u=0100007F7C84E55D8905E27B02033B59 DE
––
––
whitelisted
856 chrome.exe GET 302 62.149.0.72:80 http://sync.vertamedia.com/csync/?t=p&ep=281184&extuid=0100007F7C84E55D8905E27B02033B59&redir=http%3A%2F%2Facint.net%2Fmatch%3Fdp%3D24%26euid%3D%7Buid%7D UA
image
whitelisted
856 chrome.exe GET 200 94.100.180.197:80 http://ad.mail.ru/cm.gif?p=48&id=0100007F7C84E55D8905E27B02033B59 RU
image
whitelisted
856 chrome.exe GET 307 194.190.117.33:80 http://sync.republer.com/match?dsp=sape RU
––
––
unknown
856 chrome.exe GET 204 91.192.149.14:80 http://profile.ssp.rambler.ru/sync2.204?pid=152&anket_id=0100007F7C84E55D8905E27B02033B59 RU
––
––
whitelisted
856 chrome.exe GET 302 82.202.224.36:80 http://rtb.beroll.ru/uuid?r=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D40%26euid%3D RU
––
––
unknown
856 chrome.exe GET 200 87.250.247.183:80 http://avatars.mds.yandex.net/get-direct/203221/RFutEatLygorL7L9Uztd5w/y300 RU
image
whitelisted
856 chrome.exe GET 302 37.18.16.16:80 http://dm.hybrid.ai/match?id=106&vid=0100007F7C84E55D8905E27B02033B59 RU
html
whitelisted
856 chrome.exe GET 200 195.201.243.72:80 http://acint.net/match?dp=14&euid=0100007F7C84E55DF2008CA002938D05 RU
image
unknown
856 chrome.exe GET 307 194.190.117.33:80 http://sync.republer.com/match?dsp=sape&qset=1 RU
––
––
unknown
856 chrome.exe GET 200 185.15.175.130:80 http://tag.digitaltarget.ru/adcm.js RU
text
unknown
856 chrome.exe GET 301 195.201.108.196:80 http://sync.dmp.otm-r.com/match/sape?id=0100007F7C84E55D8905E27B02033B59 RU
html
unknown
856 chrome.exe GET 302 176.9.8.252:80 http://sync.upravel.com/image?source=sape&id=0100007F7C84E55D8905E27B02033B59 DE
––
––
unknown
856 chrome.exe GET 204 94.130.38.41:80 http://eu.track.digitaladsystems.com/sync/pixel?source=sape&uid=0100007F7C84E55D8905E27B02033B59 DE
––
––
whitelisted
856 chrome.exe GET 200 195.201.243.72:80 http://acint.net/match?dp=24&euid=aeca2e13d7857f8a RU
image
unknown
856 chrome.exe GET 302 176.9.8.252:80 http://sync.upravel.com/image?source=sape&id=0100007F7C84E55D8905E27B02033B59&session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cDovL3d3dy5hY2ludC5uZXQvbWMvP2RwXHUwMDNkMTBcdTAwMjZ0Y1x1MDAzZDEiXX19 DE
––
––
unknown
856 chrome.exe GET 302 109.248.237.36:80 http://stat.adlabs.ru/merge_gpsid/?sid=50&id=0100007F7C84E55D8905E27B02033B59 RU
––
––
unknown
856 chrome.exe GET 301 185.99.9.123:80 http://relap.io/partners/sprcs?uid=0100007F7C84E55D8905E27B02033B59 RU
html
whitelisted
856 chrome.exe GET 200 142.93.230.191:80 http://matching.adtags.pro/sync?dspId=1116&uid=0100007F7C84E55D8905E27B02033B59 CA
––
––
unknown
856 chrome.exe GET 204 80.78.249.254:80 http://tt.ttarget.ru/rtb/republer/sync?id=3a64fcc7-08c8-4840-99fd-912901361f22 RU
––
––
unknown
856 chrome.exe GET 302 148.251.236.118:80 http://08c705e3-364b-40e6-a1bd-920791ef452d.sync.upravel.com/image?source=sape&id=0100007F7C84E55D8905E27B02033B59&ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cDovL3d3dy5hY2ludC5uZXQvbWMvP2RwXHUwMDNkMTBcdTAwMjZ0Y1x1MDAzZDEiLCJodHRwOi8vd3d3LmFjaW50Lm5ldC9tYy8_ZHBcdTAwM2QxMFx1MDAyNnRjXHUwMDNkMSJdfX0 DE
––
––
unknown
856 chrome.exe GET 200 95.211.66.35:80 http://adlmerge.com/merge_gpsid/?sid=50&id=0100007F7C84E55D8905E27B02033B59 NL
image
unknown
856 chrome.exe GET 302 78.46.100.125:80 http://sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007F7C84E55D8905E27B02033B59 DE
––
––
whitelisted
856 chrome.exe GET 302 148.251.54.137:80 http://sync.datamind.ru/cookie/accepter?source=sape&id=0100007F7C84E55D8905E27B02033B59 DE
––
––
whitelisted
856 chrome.exe GET 302 172.217.16.194:80 http://cm.g.doubleclick.net/pixel?google_nid=agentstvo_sape_limited&google_hm=AQAAf3yE5V2JBeJ7AgM7WQ US
html
whitelisted
856 chrome.exe GET 302 217.118.87.139:80 http://ssp1.rtb.beeline.ru/userbind?src=sape&pbf=1&id=0100007F7C84E55D8905E27B02033B59 RU
––
––
unknown
856 chrome.exe GET 200 78.46.100.125:80 http://sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007F7C84E55D8905E27B02033B59&cs=1 DE
image
whitelisted
856 chrome.exe GET 302 194.87.190.115:80 http://ut.rktch.com/matchspm?pi=1000005&pui=0100007F7C84E55D8905E27B02033B59 RU
––
––
unknown
856 chrome.exe GET 200 185.15.175.130:80 http://tag.digitaltarget.ru/processor.js?i=66573420044927 RU
text
unknown
856 chrome.exe GET 200 195.201.243.72:80 http://www.acint.net/match?dp=111&euid= RU
image
unknown
856 chrome.exe GET 302 185.15.175.146:80 http://dmg.digitaltarget.ru/1/1093/i/i?i=23617586757349.571846708861419&a=77&e=0100007F7C84E55D8905E27B02033B59&c=ss:77.up:0100007F7C84E55D8905E27B02033B59.sync:up.xdua:duIo1wdvL2aGVuFX9h3SvaEo.xps:xpscUY6_ZsFHP5e2zl6rlBMOy.dn:acint__net.tg:adcmjs_init%20adcmjs_noorient.cr:http%3A%2F%2Fwww.tehlit.ru%2F RU
––
––
unknown
856 chrome.exe GET 302 185.15.175.146:80 http://dmg.digitaltarget.ru/1/1093/i/i?i=23617586757349.775723074004563&a=77&e=0100007F7C84E55D8905E27B02033B59&c=ss:77.up:0100007F7C84E55D8905E27B02033B59.sync:up.xdua:duIo1wdvL2aGVuFX9h3SvaEo.xps:xpscUY6_ZsFHP5e2zl6rlBMOy.dn:acint__net.tg:adcmjs_noorient RU
––
––
unknown
856 chrome.exe GET 204 185.15.175.146:80 http://dmg.digitaltarget.ru/1/1093/i/i?i=23617586757349.571846708861419&a=77&e=0100007F7C84E55D8905E27B02033B59&c=ss:77.up:0100007F7C84E55D8905E27B02033B59.sync:up.xdua:duIo1wdvL2aGVuFX9h3SvaEo.xps:xpscUY6_ZsFHP5e2zl6rlBMOy.dn:acint__net.tg:adcmjs_init%20adcmjs_noorient.cr:http%3A%2F%2Fwww.tehlit.ru%2F&q=scc RU
––
––
unknown
856 chrome.exe GET 204 185.15.175.146:80 http://dmg.digitaltarget.ru/1/1093/i/i?i=23617586757349.775723074004563&a=77&e=0100007F7C84E55D8905E27B02033B59&c=ss:77.up:0100007F7C84E55D8905E27B02033B59.sync:up.xdua:duIo1wdvL2aGVuFX9h3SvaEo.xps:xpscUY6_ZsFHP5e2zl6rlBMOy.dn:acint__net.tg:adcmjs_noorient&q=scc RU
––
––
unknown
856 chrome.exe GET 200 216.58.210.19:80 http://api.cloudleadia.com/getgeoip?t=ip US
text
malicious
856 chrome.exe GET 200 195.201.243.72:80 http://www.acint.net/ping/?v=0.2.1&uid=dd52ce5e-4eae-4df8-a2a6-356270990fd8&dp=10&tz=%2B00%3A00&nc=61319601&dT=2019-12-02T21%3A39%3A10.928 RU
image
unknown
856 chrome.exe GET 302 148.251.54.137:80 http://sync.datamind.ru/cookie/emitter?source=google&nolog=true DE
––
––
whitelisted
856 chrome.exe GET 302 148.251.236.118:80 http://08c705e3-364b-40e6-a1bd-920791ef452d.sync.upravel.com/google/sync?ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cDovL3d3dy5hY2ludC5uZXQvbWMvP2RwXHUwMDNkMTBcdTAwMjZ0Y1x1MDAzZDEiXX19 DE
––
––
unknown
856 chrome.exe GET 200 195.201.243.72:80 http://www.acint.net/ping/?v=0.2.1&uid=dd52ce5e-4eae-4df8-a2a6-356270990fd8&dp=10&tz=%2B00%3A00&nc=93758776&dT=2019-12-02T21%3A39%3A30.929 RU
image
unknown
856 chrome.exe GET 404 31.131.251.75:80 http://www.tehlit.ru/favicon.ico RU
html
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
856 chrome.exe 216.58.207.35:443 Google Inc. US whitelisted
856 chrome.exe 31.131.251.75:80 OOO Network of data-centers Selectel RU unknown
856 chrome.exe 172.217.22.109:443 Google Inc. US whitelisted
–– –– 172.217.22.98:80 Google Inc. US whitelisted
856 chrome.exe 91.192.148.204:80 ZAO Begun RU unknown
856 chrome.exe 81.19.89.22:80 Rambler Internet Holding LLC RU unknown
856 chrome.exe 81.19.89.1:80 Rambler Internet Holding LLC RU unknown
856 chrome.exe 217.69.133.145:80 Limited liability company Mail.Ru RU unknown
–– –– 138.201.159.191:80 Hetzner Online GmbH DE unknown
–– –– 77.88.55.70:80 YANDEX LLC RU whitelisted
856 chrome.exe 216.58.210.19:80 Google Inc. US whitelisted
856 chrome.exe 77.88.55.70:443 YANDEX LLC RU whitelisted
856 chrome.exe 172.217.18.100:443 Google Inc. US whitelisted
–– –– 217.69.133.145:80 Limited liability company Mail.Ru RU unknown
856 chrome.exe 172.217.18.174:443 Google Inc. US whitelisted
856 chrome.exe 172.217.22.98:443 Google Inc. US whitelisted
856 chrome.exe 172.217.23.130:443 Google Inc. US whitelisted
856 chrome.exe 172.217.18.2:443 Google Inc. US whitelisted
856 chrome.exe 216.58.205.226:443 Google Inc. US whitelisted
856 chrome.exe 77.88.21.90:80 YANDEX LLC RU whitelisted
856 chrome.exe 172.217.16.130:443 Google Inc. US whitelisted
856 chrome.exe 77.88.21.90:443 YANDEX LLC RU whitelisted
856 chrome.exe 172.217.16.129:443 Google Inc. US whitelisted
856 chrome.exe 93.158.134.119:443 YANDEX LLC RU whitelisted
856 chrome.exe 88.212.201.198:80 United Network LLC RU unknown
856 chrome.exe 138.201.159.191:443 Hetzner Online GmbH DE unknown
856 chrome.exe 172.217.21.206:443 Google Inc. US whitelisted
856 chrome.exe 172.217.22.106:443 Google Inc. US whitelisted
856 chrome.exe 195.201.243.72:80 Awanti Ltd. RU unknown
856 chrome.exe 87.250.247.183:80 YANDEX LLC RU whitelisted
–– –– 188.42.191.196:80 Servers.com, Inc. LU unknown
–– –– 193.200.65.5:80 HZ Hosting Ltd NL unknown
856 chrome.exe 178.154.131.216:443 YANDEX LLC RU whitelisted
–– –– 95.181.171.214:80 QWARTA LLC RU unknown
856 chrome.exe 136.243.75.35:80 Hetzner Online GmbH DE unknown
856 chrome.exe 62.149.0.72:80 7heaven LLC UA unknown
856 chrome.exe 94.100.180.197:80 Limited liability company Mail.Ru RU unknown
856 chrome.exe 81.222.128.216:443 PVimpelCom RU unknown
856 chrome.exe 82.202.224.36:80 OOO Network of data-centers Selectel RU unknown
–– –– 91.192.149.14:80 ZAO Begun RU unknown
856 chrome.exe 194.190.117.33:80 Kavanga LLC RU unknown
856 chrome.exe 37.18.16.16:80 Hybrid LLC RU unknown
856 chrome.exe 136.243.75.35:443 Hetzner Online GmbH DE unknown
856 chrome.exe 195.201.243.72:443 Awanti Ltd. RU unknown
856 chrome.exe 185.15.175.130:80 SafeData LLC RU unknown
856 chrome.exe 195.201.108.196:80 Awanti Ltd. RU unknown
856 chrome.exe 188.42.191.196:443 Servers.com, Inc. LU unknown
856 chrome.exe 37.18.16.16:443 Hybrid LLC RU unknown
856 chrome.exe 176.9.8.252:80 Hetzner Online GmbH DE unknown
856 chrome.exe 195.201.108.196:443 Awanti Ltd. RU unknown
856 chrome.exe 94.130.38.41:80 Hetzner Online GmbH DE unknown
856 chrome.exe 109.248.237.36:80 Centre of server systems Ltd RU unknown
856 chrome.exe 172.217.16.194:80 Google Inc. US whitelisted
856 chrome.exe 148.251.54.137:80 Hetzner Online GmbH DE unknown
856 chrome.exe 185.99.9.123:80 Dataline Ltd RU unknown
856 chrome.exe 142.93.230.191:80 CA unknown
856 chrome.exe 35.190.16.14:443 Google Inc. US whitelisted
856 chrome.exe 80.78.249.254:80 Domain names registrar REG.RU, Ltd RU unknown
856 chrome.exe 92.53.68.205:443 AO Infolika RU unknown
856 chrome.exe 185.99.9.123:443 Dataline Ltd RU unknown
856 chrome.exe 148.251.236.118:80 Hetzner Online GmbH DE unknown
856 chrome.exe 95.211.66.35:80 LeaseWeb Netherlands B.V. NL unknown
856 chrome.exe 78.46.100.125:80 Hetzner Online GmbH DE unknown
856 chrome.exe 2.20.188.20:80 Akamai International B.V. –– whitelisted
856 chrome.exe 138.201.8.33:443 Hetzner Online GmbH DE unknown
856 chrome.exe 78.46.100.125:443 Hetzner Online GmbH DE unknown
856 chrome.exe 148.251.41.166:443 Hetzner Online GmbH DE unknown
856 chrome.exe 212.11.152.207:443 Moscow Mayor's Office RU unknown
856 chrome.exe 91.192.149.14:443 ZAO Begun RU unknown
856 chrome.exe 185.15.175.146:443 SafeData LLC RU unknown
856 chrome.exe 138.201.8.32:443 Hetzner Online GmbH DE unknown
856 chrome.exe 138.201.10.134:443 Hetzner Online GmbH DE unknown
856 chrome.exe 136.243.15.62:443 Hetzner Online GmbH DE unknown
856 chrome.exe 217.118.87.139:80 Public Joint Stock Company Vimpel-Communications RU unknown
856 chrome.exe 172.217.16.194:443 Google Inc. US whitelisted
856 chrome.exe 34.95.81.88:443 US unknown
856 chrome.exe 185.146.158.61:443 JSC ISPsystem RU unknown
856 chrome.exe 37.252.173.27:443 AppNexus, Inc –– unknown
856 chrome.exe 194.87.190.115:80 Domain names registrar REG.RU, Ltd RU unknown
856 chrome.exe 34.240.143.140:443 Amazon.com, Inc. IE unknown
856 chrome.exe 185.15.175.146:80 SafeData LLC RU unknown
856 chrome.exe 87.250.250.114:443 YANDEX LLC RU unknown
856 chrome.exe 172.217.18.99:443 Google Inc. US whitelisted
856 chrome.exe 148.251.54.137:443 Hetzner Online GmbH DE unknown
856 chrome.exe 91.199.212.52:80 Comodo CA Ltd GB unknown
856 chrome.exe 176.9.8.252:443 Hetzner Online GmbH DE unknown
856 chrome.exe 148.251.236.118:443 Hetzner Online GmbH DE unknown
856 chrome.exe 216.58.210.6:443 Google Inc. US whitelisted
856 chrome.exe 172.217.22.35:443 Google Inc. US whitelisted
856 chrome.exe 178.154.131.217:443 YANDEX LLC RU whitelisted
856 chrome.exe 91.192.148.14:443 ZAO Begun RU unknown
856 chrome.exe 5.9.154.76:443 Hetzner Online GmbH DE unknown
856 chrome.exe 185.15.175.147:80 SafeData LLC RU unknown

DNS requests

Domain IP Reputation
clientservices.googleapis.com 216.58.207.35
whitelisted
www.tehlit.ru 31.131.251.75
unknown
accounts.google.com 172.217.22.109
shared
pagead2.googlesyndication.com 172.217.22.98
whitelisted
autocontext.begun.ru 91.192.148.204
91.192.149.204
unknown
counter.rambler.ru 81.19.89.22
81.19.89.13
81.19.89.8
81.19.89.11
81.19.89.12
81.19.89.23
81.19.89.20
81.19.89.10
81.19.89.21
81.19.89.9
unknown
top100-images.rambler.ru 81.19.89.1
unknown
tools.spylog.ru 138.201.159.191
138.201.187.103
138.201.187.111
138.201.191.51
unknown
d9.ca.b3.a1.top.list.ru 217.69.133.145
unknown
www.yandex.ru 77.88.55.70
5.255.255.70
5.255.255.60
77.88.55.66
whitelisted
api.cloudleadia.com 216.58.210.19
malicious
www.google.com 172.217.18.100
whitelisted
top-fwz1.mail.ru 217.69.133.145
whitelisted
cse.google.com 172.217.18.174
whitelisted
adservice.google.it 172.217.23.130
whitelisted
www.ohranatruda.ru 82.202.197.129
unknown
adservice.google.com 172.217.18.2
whitelisted
googleads.g.doubleclick.net 216.58.205.226
whitelisted
www.council.gov.ru 95.173.132.73
unknown
ksrf.ru 95.173.151.218
unknown
www.arbitr.ru 141.101.228.53
unknown
www.duma.gov.ru 95.173.130.42
95.173.130.41
unknown
www.duma.ru 212.11.128.31
unknown
www.government.gov.ru 95.173.136.162
95.173.136.163
95.173.136.168
unknown
www.president.kremlin.ru 95.173.136.80
unknown
www.scrf.gov.ru 95.173.135.142
unknown
an.yandex.ru 77.88.21.90
213.180.193.90
93.158.134.90
87.250.250.90
213.180.204.90
whitelisted
www.supcourt.ru 95.173.156.120
unknown
www.googletagservices.com 172.217.16.130
whitelisted
tpc.googlesyndication.com 172.217.16.129
whitelisted
mc.yandex.ru 93.158.134.119
87.250.250.119
77.88.21.119
87.250.251.119
whitelisted
counter.yadro.ru 88.212.201.198
88.212.201.204
88.212.201.210
88.212.201.216
whitelisted
www.acint.net 195.201.243.72
195.201.243.71
unknown
spylog.com 138.201.159.191
138.201.187.103
138.201.187.111
138.201.191.51
unknown
okna-sofos.ru 178.210.72.84
unknown
resproekt.ru 188.120.246.159
unknown
top.mail.ru 217.69.139.241
unknown
clients1.google.com 172.217.21.206
whitelisted
www.infosait.ru 31.131.251.75
unknown
www.liveinternet.ru 88.212.202.35
whitelisted
top100.rambler.ru 81.19.89.1
unknown
translate.googleapis.com 172.217.22.106
whitelisted
openstat.net 138.201.159.191
138.201.187.103
138.201.187.111
138.201.191.51
unknown
avatars.mds.yandex.net 87.250.247.183
87.250.247.184
87.250.247.181
87.250.247.182
whitelisted
ssp-rtb.sape.ru 95.181.171.214
195.201.243.114
193.232.121.241
95.181.171.232
193.232.121.218
unknown
px.adhigh.net 136.243.75.35
136.243.75.29
136.243.75.7
136.243.75.30
136.243.75.34
136.243.75.32
136.243.75.33
136.243.75.31
136.243.75.11
136.243.75.10
136.243.75.28
136.243.75.8
136.243.75.9
136.243.75.6
195.201.85.163
138.201.11.202
136.243.72.231
148.251.0.39
136.243.131.195
148.251.232.149
78.46.85.79
whitelisted
t.trafmag.com 193.200.65.5
unknown
ads.betweendigital.com 188.42.191.196
188.42.196.115
whitelisted
yastatic.net 178.154.131.216
178.154.131.217
178.154.131.215
whitelisted
sync.vertamedia.com 62.149.0.72
unknown
ad.mail.ru 94.100.180.197
whitelisted
profile.ssp.rambler.ru 91.192.149.14
91.192.148.14
91.192.149.30
91.192.148.30
whitelisted
rtb.beroll.ru 82.202.224.36
unknown
ssp.adriver.ru 81.222.128.216
81.222.128.213
81.222.128.214
81.222.128.215
whitelisted
sync.republer.com 194.190.117.33
194.190.117.32
unknown
dm.hybrid.ai 37.18.16.16
whitelisted
acint.net 195.201.243.72
195.201.243.71
unknown
tag.digitaltarget.ru 185.15.175.130
185.15.175.134
unknown
sync.dmp.otm-r.com 195.201.108.196
195.201.106.117
159.69.72.5
195.201.57.28
148.251.9.22
195.201.8.30
138.201.65.66
138.201.65.75
138.201.65.74
138.201.65.68
unknown
sync.upravel.com 176.9.8.252
78.46.16.13
88.198.16.238
136.243.48.22
144.76.138.28
148.251.78.49
148.251.129.43
148.251.236.115
148.251.236.118
148.251.237.106
unknown
tt.ttarget.ru 80.78.249.254
unknown
eu.track.digitaladsystems.com 94.130.38.41
whitelisted
stat.adlabs.ru 109.248.237.36
109.248.237.37
unknown
sync.datamind.ru 148.251.54.137
148.251.87.137
46.4.106.111
78.46.94.184
94.130.35.164
94.130.35.188
whitelisted
cm.g.doubleclick.net 172.217.16.194
whitelisted
relap.io 185.99.9.123
185.99.9.116
185.99.9.124
185.99.9.117
whitelisted
matching.adtags.pro 142.93.230.191
unknown
redirect.frontend.weborama.fr 35.190.16.14
whitelisted
133921.selcdn.ru 92.53.68.205
92.53.68.202
92.53.68.204
92.53.68.201
92.53.68.203
unknown
08c705e3-364b-40e6-a1bd-920791ef452d.sync.upravel.com 148.251.236.118
148.251.236.115
78.46.16.13
148.251.78.49
88.198.16.238
148.251.129.43
136.243.48.22
176.9.8.252
144.76.138.28
148.251.237.106
unknown
adlmerge.com 95.211.66.35
unknown
www.download.windowsupdate.com 2.20.188.20
2.20.188.10
whitelisted
sync.1dmp.io 78.46.100.125
95.216.101.186
136.243.148.229
whitelisted
sape-sync.rutarget.ru 138.201.8.33
unknown
sonar.semantiqo.com 148.251.41.166
5.9.154.76
unknown
stats.mos.ru 212.11.152.207
212.11.152.206
whitelisted
dmg.digitaltarget.ru 185.15.175.146
185.15.175.147
185.15.175.148
185.15.175.144
185.15.175.145
unknown
yandex-dmp-sync.rutarget.ru 138.201.8.32
whitelisted
x01.aidata.io 136.243.15.62
94.130.112.156
144.76.85.254
whitelisted
yandex-sync.rutarget.ru 138.201.10.134
unknown
ssp1.rtb.beeline.ru 217.118.87.139
unknown
s-cs.rmp.rakuten.com 34.95.81.88
unknown
zefirgood1.ru 185.146.158.61
unknown
ib.adnxs.com 37.252.173.27
37.252.172.250
37.252.172.249
37.252.173.22
37.252.173.62
37.252.173.38
whitelisted
ut.rktch.com 194.87.190.115
unknown
yandex.ru 77.88.55.66
77.88.55.70
5.255.255.60
5.255.255.70
whitelisted
dpm.demdex.net 34.240.143.140
34.240.220.248
34.247.58.231
3.248.168.38
34.241.149.220
34.247.192.223
108.128.26.6
34.253.43.81
whitelisted
to.do No response unknown
ysa-static.passport.yandex.ru 87.250.250.114
whitelisted
www.googleadservices.com 172.217.18.2
whitelisted
www.google.it 172.217.18.99
whitelisted
crt.usertrust.com 91.199.212.52
whitelisted
ad.doubleclick.net 216.58.210.6
whitelisted
ssl.gstatic.com 172.217.22.35
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.