General Info

URL

https://mega.nz/#!qHwRlAbL!0tUj1y8E56AH2EDXro_cGyUQiDxC6dbpYw_J6bmDRAI

Full analysis
https://app.any.run/tasks/28971e87-6ad0-4949-ba26-94a8bd1ad5fc
Verdict
Malicious activity
Analysis date
1/10/2019, 21:04:46
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
stealer
predator
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
240 seconds
Additional time used
180 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • Crypter.exe (PID: 3012)
PREDATOR was detected
  • Crypter.exe (PID: 3012)
Connects to CnC server
  • Crypter.exe (PID: 3012)
Stealing of credential data
  • Crypter.exe (PID: 3012)
Creates files in the user directory
  • Crypter.exe (PID: 3012)
Reads the cookies of Mozilla Firefox
  • Crypter.exe (PID: 3012)
Reads the cookies of Google Chrome
  • Crypter.exe (PID: 3012)
Reads Internet Cache Settings
  • Crypter.exe (PID: 3012)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 3156)
Application launched itself
  • chrome.exe (PID: 2844)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
39
Monitored processes
9
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe chrome.exe no specs #PREDATOR crypter.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2844
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://mega.nz/#!qHwRlAbL!0tUj1y8E56AH2EDXro_cGyUQiDxC6dbpYw_J6bmDRAI
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msisip.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\wshext.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\winshfhc.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
3592
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f6000b0,0x6f6000c0,0x6f6000cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2812
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2848 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
3988
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=188,2483152675597224098,10037370310120290366,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=1FAC90B25512B23239E11864D30D18B8 --mojo-platform-channel-handle=976 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2324
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=188,2483152675597224098,10037370310120290366,131072 --enable-features=PasswordImport --service-pipe-token=71810659047A3BFA6270B183881673F7 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=71810659047A3BFA6270B183881673F7 --renderer-client-id=4 --mojo-platform-channel-handle=1892 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2912
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=188,2483152675597224098,10037370310120290366,131072 --enable-features=PasswordImport --service-pipe-token=25BC7523653A3A29C34F7D057206BF29 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=25BC7523653A3A29C34F7D057206BF29 --renderer-client-id=3 --mojo-platform-channel-handle=2128 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3156
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\Crypter.rar"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
3824
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=188,2483152675597224098,10037370310120290366,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=3FCF87AD3588F725D7F822E1C212CE0C --mojo-platform-channel-handle=4168 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3012
CMD
"C:\Users\admin\Desktop\Crypter.exe"
Path
C:\Users\admin\Desktop\Crypter.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\crypter.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\quartz.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\qcap.dll
c:\windows\system32\msvfw32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\windows\system32\devenum.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll

Registry activity

Total events
960
Read events
880
Write events
79
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2844
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2844
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2844
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2844
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2844
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2844
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13191624316435250
2844
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307010004000A00140005001900BF0300000000
2844
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
2812
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2844-13191624314263375
259
2812
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2844-13191624314263375
0
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3156
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface
ShowPassword
0
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\Downloads\Crypter.rar
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\Downloads
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C800000000000000000000000000280102000000000039000000B40200000000000001000000
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C8000000000000000000000000003001020000000000160000002A0000000000000002000000
3156
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C800000000000000000000000000580101000000000016000000640000000000000003000000
3012
Crypter.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Crypter_RASAPI32
EnableFileTracing
0
3012
Crypter.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Crypter_RASAPI32
EnableConsoleTracing
0
3012
Crypter.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Crypter_RASAPI32
FileTracingMask
4294901760
3012
Crypter.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Crypter_RASAPI32
ConsoleTracingMask
4294901760
3012
Crypter.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Crypter_RASAPI32
MaxFileSize
1048576
3012
Crypter.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Crypter_RASAPI32
FileDirectory
%windir%\tracing
3012
Crypter.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Crypter_RASMANCS
EnableFileTracing
0
3012
Crypter.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Crypter_RASMANCS
EnableConsoleTracing
0
3012
Crypter.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Crypter_RASMANCS
FileTracingMask
4294901760
3012
Crypter.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Crypter_RASMANCS
ConsoleTracingMask
4294901760
3012
Crypter.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Crypter_RASMANCS
MaxFileSize
1048576
3012
Crypter.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Crypter_RASMANCS
FileDirectory
%windir%\tracing
3012
Crypter.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3012
Crypter.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3012
Crypter.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3012
Crypter.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
1
Suspicious files
53
Text files
83
Unknown types
14

Dropped files

PID
Process
Filename
Type
3156
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3156.24900\Crypter.exe
executable
MD5: c7b38bf6f853cd6000f655c9d91124c4
SHA256: b4d0c41e28305537190ab9da66314529bf37c2635dc664398f663f772899a09e
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3012
Crypter.exe
C:\Users\admin\AppData\Roaming\ptsts6q7w8w7t7q7w8w7t7\Actions.txt
text
MD5: 83aefadfb893ad31422c126dd71e40db
SHA256: c90059124ace0e3ca4d5b7d9302098f93fb8593db84d98d440153f4a832da4cc
3012
Crypter.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: c508b9d8559314f88cf9a1ac0ddd5c6f
SHA256: b05276c832b688d828c7e4f2cf94bea12385706df2486f9088cfbb8cc401be6b
3012
Crypter.exe
C:\Users\admin\AppData\Roaming\ptsts6q7w8w7t7q7w8w7t7\General\forms.txt
text
MD5: b5afc93bc39810236e1798d1710e5a30
SHA256: 5c3f4f9cc5cfe16d625d97679aca5577f168f58f03bcf15775c86b096597b77c
3012
Crypter.exe
C:\Users\admin\AppData\Roaming\ptsts6q7w8w7t7q7w8w7t7\General\passwords.txt
text
MD5: 37b09376904665e078ff97e5502988ee
SHA256: abac5f706a15cf26ada19fba0079d973febf9eb73ecbac4f030a321e60c5ca56
3012
Crypter.exe
C:\Users\admin\AppData\Roaming\ptsts6q7w8w7t7q7w8w7t7\Screenshot.jpeg
image
MD5: 7535628b3d5387f8dc6899ca32df9d9c
SHA256: 9a6f3430b757e7cfaee0a916103e2a3f3ea405e386ef2487a9de875a46461732
3012
Crypter.exe
C:\Users\admin\AppData\Local\Temp\vl{lolz}ygb2968.col
sqlite
MD5: 60b51ba20224ac3783e213ea9f55f125
SHA256: 0e305ba02985f26b29b234cd79d2c2af0a51085da2db2bed98d20f8c61b76254
3012
Crypter.exe
C:\Users\admin\AppData\Local\Temp\vl{lolz}ygb2968.col
––
MD5:  ––
SHA256:  ––
3012
Crypter.exe
C:\Users\admin\AppData\Roaming\ptsts6q7w8w7t7q7w8w7t7\History\Chrome.txt
text
MD5: 83ab93c8840a1c08e8413a938b3964a3
SHA256: f6ed48befd699650d54b5b7c0a8a7013e042fff5ae16e64ddc6695be61991b95
3012
Crypter.exe
C:\Users\admin\AppData\Roaming\ptsts6q7w8w7t7q7w8w7t7\Cookies\Chrome_0.log
text
MD5: f5f1b46e7600395dd8763ba991cc5d17
SHA256: 6d7f9c63468d036e4a224aecf6ef2561a5b6ccc6c678b1fa3c341f30c2a8796c
3012
Crypter.exe
C:\Users\admin\AppData\Roaming\zpars6q7w8w7t7q7w8w7t7.zip
compressed
MD5: dfadd11ad57c685cd65fe678d06609b2
SHA256: 5613724a970d07cec39ee231b655350a389be72e563d39bf3ca79c2ddc3d7ca8
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG
text
MD5: a70d36bb4a246c8c287b650c1c73870a
SHA256: c5622285b7ea9ed11f6a23353a0262ff94aa77343e044e2fd9f1320733b46653
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000003.log
binary
MD5: 7967dc4224c4fde89093b2f09fd68005
SHA256: a1b3a75262e8436e8a0c90a4b3d5379ea0d8e8a42d447970be029b07c8633cd7
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\000003.log
binary
MD5: b3cf6f9b6d19013bab72cfeb7c49edff
SHA256: f29842de4bd2229be29a8ce65c7a1497a426daf454d3655d5cb8bb83b4249d9d
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\LOG
text
MD5: 290885aaff7f912013d7f19498e3c262
SHA256: 70aa4d21ae9f25bc16f90c5d59849160640f22534568acd2174fc996476fbfdb
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: 4071e93c050f126a642cf0c3175b6966
SHA256: 0026787c6f00aa4ba9ec6288896eaee76fb1b80e981ea63818670b1d40427f58
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
binary
MD5: c50a0b97ce35afc24767f2ab4998388b
SHA256: f255afb4a3b605bfe9f4579407339ec88dcdc55f2812a17ec547cf45afd135e9
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: 83506b9b0ef29db1842cd3e26ed9ecef
SHA256: f09ffb704e88916c012b2b975886b5f59a9273fe34c8792653006637f6431a55
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 597281f80a9360c9e0e6e9cb0fc9a52a
SHA256: 8775e774cad04ab1fede6b850b02854f274684f815e4952d0c2a22a001f9b212
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF19edb2.TMP
text
MD5: 597281f80a9360c9e0e6e9cb0fc9a52a
SHA256: 8775e774cad04ab1fede6b850b02854f274684f815e4952d0c2a22a001f9b212
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: 0ba925632cea2d241e66b02ef1c13cba
SHA256: 355035f83ed5eac2c9e404f0b731fdd491553f9b8f7d801f7209792ee1373d1e
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 16696ecc699265ea7689ef660adcc8b9
SHA256: 7e4e4b699e69f695308ed98211ba97df57d4300884b622eb7a0a5586bf4208c5
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF19ed92.TMP
text
MD5: 16696ecc699265ea7689ef660adcc8b9
SHA256: 7e4e4b699e69f695308ed98211ba97df57d4300884b622eb7a0a5586bf4208c5
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
sqlite
MD5: f01e828d2e4a744c1da65960e67e2c25
SHA256: d84a561e5fd6c8af33c7e275ace9830bcf91b9264d8b3eb78322e03b7c281dcb
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF19ed83.TMP
text
MD5: 67fa00405aebcf81d36d16ce1c278b60
SHA256: 53b22b20cd04e6fb6b007781bc2c4a7db057fdaaea97f3990b7996d84da9c90c
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a4432f90-fbc2-4787-9fc3-99be1a06a953.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\a319791d-0030-44f1-8904-f11cc09117d4.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
sqlite
MD5: ef3f9a6faea976ba6e17a6a569260d21
SHA256: 70205290aa7c49b563f33ead6847850bddccbbec15bd1de281668dbb718840a5
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: d932a31a0fb91833edb0325c6b434b34
SHA256: 8049465356163740d6e4c0bb56b9dcaa90149631646fa6bb56d01de223bd1f8e
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5cfe5cbd-1a8a-4a43-b6b6-be226e91856d.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: ed3d1c71e33729de7febf8fe5e6ec916
SHA256: 69c86a85adc870f4b414d529894f622580db21bbefb5e2c4da4ba14141c7b1fc
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: 2acc6b0abd7e949b48a615e6fc4583a5
SHA256: 427e7dff478b58c5d62051483fdd5c9434aacf7e9e469da7fc42a96f322e6419
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF19ed63.TMP
text
MD5: 67fa00405aebcf81d36d16ce1c278b60
SHA256: 53b22b20cd04e6fb6b007781bc2c4a7db057fdaaea97f3990b7996d84da9c90c
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
binary
MD5: 89d17316c7af3d62bc103f67c625266c
SHA256: 54ee8a4313d62a6a8f77cfc8464db2f6fd74f906425e2d72e083acc4ec5032a7
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: edad1cad182b2af1174a394587124287
SHA256: f3393446c8d8cd4a9b6912da8352cb76b788f196bf6352ed547ebe2b06134357
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 9409bab446b7204c6235dfddd6066e89
SHA256: 68c1cb50ec24ac5a1dbdc7d9c845e94a1e9d60f312cf92a694f0791cd7ea105e
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
text
MD5: 56067bd83e541e6fd3dba644f14216a5
SHA256: 8abcc6401c70db76759b80fc11cb605d72001967c24fa915f4a43db27e58cb74
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: 4c7412b285173332c8355f46669e0138
SHA256: e3b1ebfb8a755f996ac880f1706e64acd0a9a56c2466d2d421d7b6d9491797e3
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: 7a92a61c1661f7e05a1bc85fb0a3a1bf
SHA256: 4b13116c4daa08ded9e65da41e9c38ddddf361d08bb896a1ad0375d8ac44b366
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
binary
MD5: 94a8f767e8e85d107930f2341f8500c2
SHA256: 232d4ec297e87fd9e84c9d2a4bb76efa304d89ab2bd3f320f8f10a198d9730ea
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 67fa00405aebcf81d36d16ce1c278b60
SHA256: 53b22b20cd04e6fb6b007781bc2c4a7db057fdaaea97f3990b7996d84da9c90c
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: 8604016e5cff441186b55708c9efac6c
SHA256: 23de9038e51b2eef60e513bedfb9e3733dceb3960c3ff73beb3af282ab10a339
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: d0f24a3d6a5d5f6395959b8a5634ea61
SHA256: 5b17324fdffc721ea3070acc1acbe9997006f7e329706bed7140a955cf0cf53b
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
text
MD5: 56d98c0aca214f64a4b96773488dfd09
SHA256: abb61d5d60ffdca3eb2330f70e6126e6d0d055a73418a4ab9df065138fa81018
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG
text
MD5: b10e47d0a208e433ff9e14f91a5d60e5
SHA256: 5a81986f362d80a7932706cfe77249a609273ed1b84ff63bce401c998ab8365e
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: a13e7a67ea36651784836fbb16d7de68
SHA256: f74fa8743aad77493a0793578d40aa01eef7e329b6cc629d819d1b23517c845b
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: 61221dce7adc286548c84af0a3e5e530
SHA256: a17b4ea76c08b2cd2eca47d566d56889c66e43c6a545ce390ac689eedc1589c5
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\2977a255-c515-415a-8370-2f02f18f807e.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
binary
MD5: 322ebf1405f7fe48ff7eaecd1eb7ee20
SHA256: 0ce0538f4317517b9f70ce2056b90604c729a334c6f40c8ef6a8a8f96fb4178f
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: 33970052e059b95f9870e510b74418f4
SHA256: 24d37e98e26eb772b5cf42152352ac321a4c7451de92b223d6bb597e49a1579b
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: f321f1ff60abf03ddfb1480559e7bad8
SHA256: 097c803e32c9d4b226b19139d792bdce81c186c82d7d29a658242348a6e00fdf
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: 2225af4b00757750f3f94b3a6aa3423d
SHA256: 5cf48d890e3afb94ca8a567855d01b56474816fcbe602dbe96268857bcacf7ee
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 54ad1e10b6b57bc9b9eed994e581dd5f
SHA256: 24d2a7516de320c3e91b1513cad94ce5ce2b964bbb8a3d1f66e8083b3205b19c
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: 590bf288d03dd4fd0a4c17aeb306dbea
SHA256: 0cf73bd7c8db009403c592d89438864a924bfa0bbe908911ecf116e1f389cec3
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 9a06be43b4107eb3171ef69403571698
SHA256: 6cec8df899562a9a15a686bae4ed95d06a8f9bd5950e42d1bec039341c40f91d
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF19d2a8.TMP
binary
MD5: 9a06be43b4107eb3171ef69403571698
SHA256: 6cec8df899562a9a15a686bae4ed95d06a8f9bd5950e42d1bec039341c40f91d
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\74363112-145d-4744-af1d-0253f202c0ac.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 2c44be3602a1834d7f970636272ba946
SHA256: ba8eb549a2fd078ace82a766ec56deb83ea8ec9f1654e9a181214b1ce5b83cf7
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF19c2c9.TMP
text
MD5: 2c44be3602a1834d7f970636272ba946
SHA256: ba8eb549a2fd078ace82a766ec56deb83ea8ec9f1654e9a181214b1ce5b83cf7
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e2fd77bf-b865-4fdb-b22a-b5e044f49dc3.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF19c22d.TMP
text
MD5: ff44e97908859200dba2b0f7a5b82bac
SHA256: 86a0f2f12d4003380f64646e90b274ff9bae73d1a823255fe30e0a42ee425459
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: ff44e97908859200dba2b0f7a5b82bac
SHA256: 86a0f2f12d4003380f64646e90b274ff9bae73d1a823255fe30e0a42ee425459
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\96a2c0ae-141d-42bb-89df-424949cdf03b.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 636226edfa59a7e1be6ec32b2bc48098
SHA256: d934d72d60101ecc24091503137f006a9d608ed017a2f466834834b56bed3f58
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF19c181.TMP
text
MD5: 636226edfa59a7e1be6ec32b2bc48098
SHA256: d934d72d60101ecc24091503137f006a9d608ed017a2f466834834b56bed3f58
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\60a49776-08f8-4450-87e9-6e4184591a03.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF19c123.TMP
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: ea2ff49eddd62546b03d7ee4a6f4d78e
SHA256: b16746cf78befda04aa217b0e863362eb2a6a8beb7b64d3aa54b26f3330d6125
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bc4306d7-72b7-45dd-93a1-cc1b6b116b5f.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\70ed2e22-d080-45d9-9a32-d76e8f1d827f.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\Downloads\Crypter.rar:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2844
chrome.exe
C:\Users\admin\Downloads\Crypter.rar
compressed
MD5: 41af13300cb9ef13489e940d2865754e
SHA256: 13713f69003afb17a66e26c36b96bde60db3e0831e17bb1de50a8010c073f810
2844
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 922190.crdownload
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\.usage
binary
MD5: 0edec5128c1ad9f14033aac67608f4a7
SHA256: dd9d85694ffd4d6b18c0d6803e70b426d32f78b4324a5eded75c9be5a213f184
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
binary
MD5: df8d28293492f3ae5caa4842268d31ec
SHA256: bc1734f6f22ca3ddc4a69689349e36f86b61ad233885c8541647e57bf41c6fc7
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF19bf4f.TMP
binary
MD5: df8d28293492f3ae5caa4842268d31ec
SHA256: bc1734f6f22ca3ddc4a69689349e36f86b61ad233885c8541647e57bf41c6fc7
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ee6c065e-a325-48be-bb13-f70dedba503c.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\Downloads\e77db13e-cee4-430d-9ffa-1a091265b926.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b
compressed
MD5: 21417d49d25e7a7fac4ff7ef62bac9db
SHA256: 93cb492daf8bf30143483f383da6a912a1d134638e7badf30ee40ea5e1116f89
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a
image
MD5: 4df277282d1bf40cc4f22cd7c36302cb
SHA256: b69fb07a2591c649a9f55cb3fb7c572a1bd148bf73f00d4b504bee73d7c0b95e
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\000001.dbtmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029
image
MD5: 741b2082eb1dad1e24fd213984bd8f2d
SHA256: 39219d286a9edff5b5a516793a008ac235f4f656ab97b0d28b7931b0b4123834
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028
image
MD5: 60ce738a716aa52dd27cd625db56ae4d
SHA256: 78814cc2a0b3a482e162fa4dc92d61fe98c60d6970b52dc8f37f699d26eae3af
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027
woff2
MD5: bd03a2cc277bbbc338d464e679fe9942
SHA256: 983b0caf336e8542214fc17019a4fc5e0360864b92806ca14d55c1fc1c2c5a0f
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000026
image
MD5: 7962f44d40c4f4d89fd15c25c32079a0
SHA256: b87be6cf62dccf82dcd360a57b827d922003ddd942c789b97866f30ab17d8d58
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025
image
MD5: 0c6de92af5efc1a29d1bb6028d34bf6f
SHA256: 7d3352d31a02330497f0eec7800078e80d998756e6286a7fd6e69c3370acb215
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000001.dbtmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024
image
MD5: 1efc5f77615275fcc1ee5df7ccfcb382
SHA256: ddbcc98b66d77293b08ba3ed7f4881751c34cb6bb31e9da3c395f8b8885bc63a
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023
image
MD5: 356be05945bceeca46727ea9e3613d7d
SHA256: 7b945995978f6930b8cf1f2bd3b33e8be3ccaec26156e52a3716cf143a2c494e
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
woff2
MD5: dbff459b6d78be91f839a60745c39de7
SHA256: 09936489b1d0e73c854c010ac21e51539d27b7ed6ea9d71fce9b756ed31b2816
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021
woff2
MD5: d399d4c74f921e63e12fb8074b862025
SHA256: 27e6a5f002c32766e355c2e2eceebf1248877d2c99171319e2f268742e9f13c1
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
image
MD5: 21cc9964f4da6bb2b6192a09cea5e06d
SHA256: e9b4db948824f1f2ab560fcae536c22ce8f0e48b9c2586674cd5cea10ccba2dc
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
image
MD5: 37fe2c1d64f429d76767a483eaeb0b7f
SHA256: ad37106afe71fbe1ae621e7133d1ac0e4c0f34988618bf84513ef45ca79c6f9e
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
woff2
MD5: 94676e314a869cea8b70fc6698cb2c48
SHA256: 92090a2fc2ee13f67411a5e5778e3265e7401163c87beffa8e0392ccc765a8e8
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
compressed
MD5: f5cf3bbed521ba7cf494373fc15afff2
SHA256: b5be6a3f8fea57659222b1ad2e5ed6371db8a241a202c9c1aa96966bf9490e6b
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
compressed
MD5: 77794092a869e070bf87a6ee4e1cef8c
SHA256: b2460ed9cdab0a12243e7fb76af1fcedfc543f903c70d9fbe0a39813f9e96020
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
compressed
MD5: 00494eda234c295f9a06063ba097bc52
SHA256: 7e4293137b0a4360b8ac066da24b4b78a784e28cbd50330d9405362eaba2f78d
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
compressed
MD5: 29ddafaa18068418abc037f4c0ae01b2
SHA256: f12dbc4fba16a183af05d27f0d8575121fc81d8f0282e8aa8aec8288521cfd3a
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF19a454.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
compressed
MD5: 365f63d925f2393c91d8c7dabe93f617
SHA256: 63f0aba14a30b463a84e7471b072ed9a4d34ff0851a1a2643b7111ba92460e37
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
compressed
MD5: 12dfa9b86812bfd248cfe7a28f46cea4
SHA256: 741ab3c264bf1649a9f903d79847c399be6a554b6ec7698bfac6c05d2d12a8fa
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
compressed
MD5: e20b8073cd0ca338fac391d80f09b33c
SHA256: b898fd0fbbb04e7dabd12b090de68efe28fa339ab96da7373cb8fda121fed9ea
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
compressed
MD5: 5585cc4f6863717091938f567bae7726
SHA256: ec6cfcb6f952aad3a4cc69a45f68c3ad4c8622079a94c4fcd10d45e081bf1ad0
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
compressed
MD5: 7455e1b6b295f9f1bdd38ca0d871bf0d
SHA256: 731af8f5df11f7ab242a40f9d512438beb997385f9ca0251a886ddc5bc2bc3d5
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
compressed
MD5: 5e0a0486894a3a9beb16def48d547ba7
SHA256: b4724892491caa6ef0c8abf780e423b181b55d95a4d378f18858d4c1665170b6
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
compressed
MD5: 3b06e80845c1a843ea77c5b80ea574a1
SHA256: 6a3fa407adefa575175ec21ac0bf6194421c1d0c17c82b16916bdc40fc26d38c
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
compressed
MD5: af8529b358a3de96174016563ac577b9
SHA256: aff2edf6275577ba09d4a60f5d85068646ade763a42e76f4501a2e3c29fae636
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
compressed
MD5: 8d14dc3fbe788559e3f80277a3d4aad2
SHA256: 6a64179bf10319c66d3aba371839f577568ca11712e4f1dbc923666d3133bd90
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
compressed
MD5: 268e589dde2b59a217b89e8d067848a6
SHA256: 85056e3174f39b519b899906cf6a31b0ce844de3bff61e1efa633669c18fa3d3
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
compressed
MD5: 72061c3d6ce5846e07fa0eeab61d97f6
SHA256: 2bea67b2eb1eb370d52ef5df35026c695c0c9c22335f1a1b26279153bfb7974c
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
compressed
MD5: 1d876f5d422d4ebf4b1117f4b045af3d
SHA256: 4c84e43e9d75405e9f57b119587c6a6a2fe476a33033b41bc3bb79ce4e66a3d9
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
compressed
MD5: 269803fdaa9dbcb482e5750f5bf0e7da
SHA256: f1da99c79c5c1d7dbea3b7f52f1be17e724bed4b13be1f9c57df1e2d8e60d807
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: baaab076f6345f21f14c09b36f8e9f85
SHA256: 224070d017c1da93f3fec5ee9f307c20fbfa51848c429a3b74cf4303bfae2e4d
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF19a0ab.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF19a04d.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF19a02e.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: bdbe38787e3044467f6cf69a31f46eeb
SHA256: a0f33dc5d724e3d267518a01c62e97acbeaeb27e828f62e4036a3c3ed669b51f
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF199f05.TMP
binary
MD5: bdbe38787e3044467f6cf69a31f46eeb
SHA256: a0f33dc5d724e3d267518a01c62e97acbeaeb27e828f62e4036a3c3ed669b51f
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1b1e8587-cf81-41ff-89b2-e0d8d468d495.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF199c65.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF199c07.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF199bf8.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF199bc9.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\7deb4aec-cc8f-403c-9785-cbc5c113f0af.tmp
––
MD5:  ––
SHA256:  ––
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF199b9a.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF199b6b.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF199b6b.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2844
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
3592
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
3012
Crypter.exe
C:\Users\admin\AppData\Roaming\ptsts6q7w8w7t7q7w8w7t7\Information.txt
text
MD5: 68b62765caad955248eea2597b89a4c6
SHA256: 666ddd4e878d5af8b19de55ab6d1564f6f0386c41903e3837da1be47e132f872

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
3
TCP/UDP connections
27
DNS requests
12
Threats
3

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3012 Crypter.exe GET 200 185.231.155.4:80 http://mylolzteam.site/api/info.get unknown
text
malicious
3012 Crypter.exe POST 200 185.231.155.4:80 http://mylolzteam.site/api/gate.get?p1=1&p2=7&p3=0&p4=2&p5=0&p6=0&p7=0 unknown
binary
binary
malicious
3012 Crypter.exe GET 200 185.231.155.4:80 http://mylolzteam.site/api/download.get unknown
binary
binary
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2844 chrome.exe 31.216.148.10:443 Datacenter Luxembourg S.A. LU unknown
2844 chrome.exe 216.58.206.3:443 Google Inc. US whitelisted
2844 chrome.exe 172.217.16.131:443 Google Inc. US whitelisted
2844 chrome.exe 172.217.22.13:443 Google Inc. US whitelisted
2844 chrome.exe 216.58.207.42:443 Google Inc. US whitelisted
2844 chrome.exe 31.216.148.13:443 Datacenter Luxembourg S.A. LU unknown
2844 chrome.exe 31.216.147.133:443 Datacenter Luxembourg S.A. LU unknown
2844 chrome.exe 172.217.18.14:443 Google Inc. US whitelisted
2844 chrome.exe 31.216.144.52:443 Datacenter Luxembourg S.A. LU unknown
2844 chrome.exe 172.217.22.46:443 Google Inc. US whitelisted
3012 Crypter.exe 185.231.155.4:80 –– malicious

DNS requests

Domain IP Reputation
clientservices.googleapis.com 216.58.206.3
whitelisted
mega.nz 31.216.148.10
89.44.169.135
whitelisted
www.gstatic.com 172.217.16.131
whitelisted
accounts.google.com 172.217.22.13
whitelisted
safebrowsing.googleapis.com 216.58.207.42
whitelisted
eu.static.mega.co.nz 31.216.148.13
89.44.169.132
89.44.169.134
31.216.148.11
shared
g.api.mega.co.nz 31.216.147.133
31.216.147.134
31.216.147.135
31.216.147.136
shared
clients1.google.com 172.217.18.14
whitelisted
gfs270n042.userstorage.mega.co.nz 31.216.144.52
unknown
sb-ssl.google.com 172.217.22.46
whitelisted
ssl.gstatic.com 216.58.206.3
whitelisted
mylolzteam.site 185.231.155.4
malicious

Threats

PID Process Class Message
3012 Crypter.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/Spy.Agent.PLQ (Predator Stealer) CnC Checkin

2 ETPRO signatures available at the full report

Debug output strings

No debug info.