General Info

URL

http://147.202.82.166/install/tfv.exe

Full analysis
https://app.any.run/tasks/8d36070f-dc54-4ac1-be61-1371cdeb7bdd
Verdict
Malicious activity
Analysis date
12/3/2019, 02:54:46
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • Transflo.Velocity.exe (PID: 3420)
  • Transflo.Velocity.exe (PID: 2916)
Application was dropped or rewritten from another process
  • Transflo.Velocity.exe (PID: 3420)
  • tfv.exe (PID: 2392)
  • tfv.exe (PID: 3468)
  • Transflo.Velocity.exe (PID: 2916)
Starts Visual C# compiler
  • Transflo.Velocity.exe (PID: 2916)
Downloads executable files from IP
  • chrome.exe (PID: 1912)
Downloads executable files from the Internet
  • chrome.exe (PID: 1912)
Executable content was dropped or overwritten
  • tfv.exe (PID: 2392)
  • tfv.exe (PID: 3468)
  • tfv.tmp (PID: 2584)
  • chrome.exe (PID: 1912)
  • chrome.exe (PID: 532)
Starts CMD.EXE for commands execution
  • tfv.tmp (PID: 2584)
Creates files in the program directory
  • Transflo.Velocity.exe (PID: 2916)
Reads settings of System Certificates
  • Transflo.Velocity.exe (PID: 2916)
Manual execution by user
  • Transflo.Velocity.exe (PID: 3420)
  • tfv.exe (PID: 3468)
Loads dropped or rewritten executable
  • tfv.tmp (PID: 2584)
Application was dropped or rewritten from another process
  • process.exe (PID: 3580)
  • tfv.tmp (PID: 2584)
  • tfv.tmp (PID: 2188)
Creates a software uninstall entry
  • tfv.tmp (PID: 2584)
Creates files in the program directory
  • tfv.tmp (PID: 2584)
Reads the hosts file
  • chrome.exe (PID: 532)
  • chrome.exe (PID: 1912)
Application launched itself
  • chrome.exe (PID: 532)
Reads Internet Cache Settings
  • chrome.exe (PID: 532)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
76
Monitored processes
31
Malicious processes
5
Suspicious processes
1

Behavior graph

+
start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs tfv.exe tfv.tmp no specs tfv.exe tfv.tmp chrome.exe no specs cmd.exe no specs process.exe no specs findstr.exe no specs cacls.exe no specs cmd.exe no specs transflo.velocity.exe chrome.exe no specs csc.exe cvtres.exe no specs csc.exe no specs cvtres.exe no specs transflo.velocity.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
532
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://147.202.82.166/install/tfv.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wpc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\wbem\wmiperfinst.dll
c:\windows\system32\pdh.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\users\admin\downloads\tfv.exe
c:\windows\system32\sxs.dll
c:\windows\system32\actxprxy.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\audioses.dll

PID
3864
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6ed2a9d0,0x6ed2a9e0,0x6ed2a9ec
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2336
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=992 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_watcher.dll

PID
1756
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1016,13295521692237414746,15435509559317568879,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=7558563487855319700 --mojo-platform-channel-handle=1036 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libegl.dll

PID
1912
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1016,13295521692237414746,15435509559317568879,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=17215195442321473877 --mojo-platform-channel-handle=1568 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\ntmarta.dll

PID
716
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,13295521692237414746,15435509559317568879,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15424139841796353461 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
184
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,13295521692237414746,15435509559317568879,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8830401560655178742 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2572
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,13295521692237414746,15435509559317568879,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=371589157734651611 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2516
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1016,13295521692237414746,15435509559317568879,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=8335087379489671441 --mojo-platform-channel-handle=4064 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
3468
CMD
"C:\Users\admin\Downloads\tfv.exe"
Path
C:\Users\admin\Downloads\tfv.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Pegasus TransTech
Description
TRANSFLO Velocity® Client Setup
Version
3.5.0.0183
Modules
Image
c:\users\admin\downloads\tfv.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-ifdis.tmp\tfv.tmp

PID
2188
CMD
"C:\Users\admin\AppData\Local\Temp\is-IFDIS.tmp\tfv.tmp" /SL5="$601D2,10978921,74752,C:\Users\admin\Downloads\tfv.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-IFDIS.tmp\tfv.tmp
Indicators
No indicators
Parent process
tfv.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-ifdis.tmp\tfv.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll

PID
2392
CMD
"C:\Users\admin\Downloads\tfv.exe" /SPAWNWND=$301EC /NOTIFYWND=$601D2
Path
C:\Users\admin\Downloads\tfv.exe
Indicators
Parent process
tfv.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Pegasus TransTech
Description
TRANSFLO Velocity® Client Setup
Version
3.5.0.0183
Modules
Image
c:\users\admin\downloads\tfv.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-gk4qo.tmp\tfv.tmp

PID
2584
CMD
"C:\Users\admin\AppData\Local\Temp\is-GK4QO.tmp\tfv.tmp" /SL5="$501D6,10978921,74752,C:\Users\admin\Downloads\tfv.exe" /SPAWNWND=$301EC /NOTIFYWND=$601D2
Path
C:\Users\admin\AppData\Local\Temp\is-GK4QO.tmp\tfv.tmp
Indicators
Parent process
tfv.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-gk4qo.tmp\tfv.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\is-e4p24.tmp\_isetup\_shfoldr.dll
c:\windows\system32\shfolder.dll
c:\users\admin\appdata\local\temp\is-e4p24.tmp\isxdl.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\riched20.dll
c:\windows\system32\msls31.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\propsys.dll
c:\windows\system32\profapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\pegasus transtech\transflo velocity\transflo.velocity.exe
c:\program files\pegasus transtech\transflo velocity\unins000.exe
c:\program files\pegasus transtech\transflo velocity\transflo.clientconfig.exe
c:\windows\system32\cacls.exe
c:\windows\system32\netutils.dll

PID
2796
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1016,13295521692237414746,15435509559317568879,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=6924940778685965938 --mojo-platform-channel-handle=908 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
2684
CMD
"C:\Windows\system32\cmd.exe" /C "C:\Users\admin\AppData\Local\Temp\is-E4P24.tmp\process.exe" -v | findstr Transflo.Velocity.exe
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
tfv.tmp
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-e4p24.tmp\process.exe
c:\windows\system32\findstr.exe

PID
3580
CMD
C:\Users\admin\AppData\Local\Temp\is-E4P24.tmp\process.exe -v
Path
C:\Users\admin\AppData\Local\Temp\is-E4P24.tmp\process.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
http://www.beyondlogic.org
Description
Command Line Process Utility
Version
2, 0, 0, 0
Modules
Image
c:\users\admin\appdata\local\temp\is-e4p24.tmp\process.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3392
CMD
findstr Transflo.Velocity.exe
Path
C:\Windows\system32\findstr.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Find String (QGREP) Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\findstr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2748
CMD
"cacls" "C:\Program Files\Pegasus Transtech\TRANSFLO Velocity" /T /E /G Users:F
Path
C:\Windows\system32\cacls.exe
Indicators
No indicators
Parent process
tfv.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Control ACLs Program
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\cacls.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
2952
CMD
"C:\Windows\system32\cmd.exe" /c exit
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
tfv.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2916
CMD
"C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Velocity.exe"
Path
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Velocity.exe
Indicators
Parent process
tfv.tmp
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Pegasus TransTech
Description
TRANSFLO $Velocity®
Version
3.5.0.0183
Modules
Image
c:\program files\pegasus transtech\transflo velocity\transflo.velocity.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\program files\pegasus transtech\transflo velocity\ptc.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\pegasus transtech\transflo velocity\transflo.now.core.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\program files\pegasus transtech\transflo velocity\ptc.forms.dll
c:\program files\pegasus transtech\transflo velocity\transflo.client.dll
c:\program files\pegasus transtech\transflo velocity\transflo.now.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\gac_msil\system.windows.forms\2.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.deployment\be74d258a0daa0e11197e1dcb1b3b0b9\system.deployment.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml.linq\70aac9dff3bdde548962557151c1ff49\system.xml.linq.ni.dll
c:\windows\system32\oleaut32.dll
c:\program files\pegasus transtech\transflo velocity\transflo.shared.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\pegasus transtech\transflo velocity\ptc.scanning.dll
c:\program files\pegasus transtech\transflo velocity\devexpress.xtraeditors.v11.1.dll
c:\program files\pegasus transtech\transflo velocity\devexpress.utils.v11.1.dll
c:\program files\pegasus transtech\transflo velocity\devexpress.data.v11.1.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.web.services\02d5be8209f0eac6f7725f8d83b87df6\system.web.services.ni.dll
c:\program files\pegasus transtech\transflo velocity\transflo.bridge.workflow.dll
c:\program files\pegasus transtech\transflo velocity\transflo.bridge.repository.dll
c:\program files\pegasus transtech\transflo velocity\transflo.server.entity.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\security.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll

PID
2992
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1016,13295521692237414746,15435509559317568879,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5184838236030837292 --mojo-platform-channel-handle=488 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3592
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\qrkpyc9s.cmdline"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
Indicators
Parent process
Transflo.Velocity.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual C# Command Line Compiler
Version
8.0.50727.4927 (NetFXspW7.050727-4900)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\microsoft.net\framework\v2.0.50727\cscomp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v2.0.50727\alink.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorpe.dll
c:\windows\system32\apphelp.dll

PID
736
CMD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RESD018.tmp" "c:\Users\admin\AppData\Local\Temp\CSCD007.tmp"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
Indicators
No indicators
Parent process
csc.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Resource File To COFF Object Conversion Utility
Version
8.00.50727.4940 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
3844
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\a5oimsl3.cmdline"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
Indicators
No indicators
Parent process
Transflo.Velocity.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual C# Command Line Compiler
Version
8.0.50727.4927 (NetFXspW7.050727-4900)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\microsoft.net\framework\v2.0.50727\cscomp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v2.0.50727\alink.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorpe.dll
c:\windows\system32\apphelp.dll

PID
320
CMD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RESD1FC.tmp" "c:\Users\admin\AppData\Local\Temp\CSCD1FB.tmp"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
Indicators
No indicators
Parent process
csc.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Resource File To COFF Object Conversion Utility
Version
8.00.50727.4940 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
3420
CMD
"C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Velocity.exe"
Path
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Velocity.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Pegasus TransTech
Description
TRANSFLO $Velocity®
Version
3.5.0.0183
Modules
Image
c:\program files\pegasus transtech\transflo velocity\transflo.velocity.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\program files\pegasus transtech\transflo velocity\ptc.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\pegasus transtech\transflo velocity\transflo.now.core.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\program files\pegasus transtech\transflo velocity\ptc.forms.dll
c:\program files\pegasus transtech\transflo velocity\transflo.client.dll
c:\program files\pegasus transtech\transflo velocity\transflo.now.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\gac_msil\system.windows.forms\2.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.deployment\be74d258a0daa0e11197e1dcb1b3b0b9\system.deployment.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml.linq\70aac9dff3bdde548962557151c1ff49\system.xml.linq.ni.dll
c:\windows\system32\oleaut32.dll
c:\program files\pegasus transtech\transflo velocity\transflo.shared.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\pegasus transtech\transflo velocity\ptc.scanning.dll
c:\program files\pegasus transtech\transflo velocity\devexpress.xtraeditors.v11.1.dll
c:\program files\pegasus transtech\transflo velocity\devexpress.utils.v11.1.dll
c:\program files\pegasus transtech\transflo velocity\devexpress.data.v11.1.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll

PID
236
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,13295521692237414746,15435509559317568879,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=864648218598804044 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1800
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,13295521692237414746,15435509559317568879,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11173516354695364565 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=896 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
640
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1016,13295521692237414746,15435509559317568879,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7165996045739814433 --mojo-platform-channel-handle=2036 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1780
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1016,13295521692237414746,15435509559317568879,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=16112016806701154696 --mojo-platform-channel-handle=2800 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3748
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,13295521692237414746,15435509559317568879,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8841783171242414460 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
1686
Read events
1487
Write events
198
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2336
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
532-13219811701868875
259
1912
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
1912
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
1912
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
1912
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
1912
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
1912
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
C:\Program Files\Common Files\Pegasus TransTech\Utilities\process.exe
1
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Client
InstallDir
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\Deployment\TRANSFLO Velocity® Client
3.5.0.0183
12-03-2019 01:55:55
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\Deployment\TRANSFLO Velocity® Client
CurrentVersion
3.5.0.0183
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Connection
URL
https://transflovelocity.pegasustranstech.com/Service.asmx
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Connection
Timeout
100000
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
Inno Setup: Setup Version
5.4.2 (a)
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
Inno Setup: App Path
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
InstallLocation
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
Inno Setup: Icon Group
TRANSFLO $Velocity®
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
Inno Setup: User
admin
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
Inno Setup: Setup Type
full
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
Inno Setup: Selected Components
velocity
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
Inno Setup: Deselected Components
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
Inno Setup: Selected Tasks
desktopicon
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
Inno Setup: Deselected Tasks
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
Inno Setup: Language
default
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
DisplayName
TRANSFLO Velocity® Client 3.5
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
UninstallString
"C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\unins000.exe"
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
QuietUninstallString
"C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\unins000.exe" /SILENT
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
DisplayVersion
3.5
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
Publisher
Pegasus TransTech
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
URLInfoAbout
http://www.transflovelocity.com
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
HelpLink
http://www.transflovelocity.com
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
URLUpdateInfo
http://www.transflovelocity.com
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
NoModify
1
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
NoRepair
1
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
InstallDate
20191203
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
MajorVersion
3
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
MinorVersion
5
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TRANSFLO Velocity-Client_is1
EstimatedSize
29733
2584
tfv.tmp
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Users\admin\AppData\Local\Temp\Setup Log 2019-12-03 #001.txt
2796
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2796
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
2796
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
2796
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@sendmail.dll,-4
Mail recipient
2796
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
532
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
532
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13219811703243875
532
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E3070C0002000300010037000D006C0000000000
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E3070C0002000300010037000D006E0000000000
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
A16F5DE37CA9D501
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Log
Level
3
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Log
DaysToKeep
7
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
EMail
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
FirstName
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
LastName
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
CompanyName
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
DocClasses
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
DocClassNames
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
DefaultDocClass
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
UserType
OwnerOperator
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
RegistrationDate
1/1/0001 12:00:00 AM
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
StreetAddress1
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
StreetAddress2
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
City
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
State
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
ZipCode
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
PhoneNumber
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
MccNumber
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
DocClassesHistory
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
DocClassNamesHistory
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Transflo_RASAPI32
EnableFileTracing
0
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Transflo_RASAPI32
EnableConsoleTracing
0
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Transflo_RASAPI32
FileTracingMask
4294901760
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Transflo_RASAPI32
ConsoleTracingMask
4294901760
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Transflo_RASAPI32
MaxFileSize
1048576
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Transflo_RASAPI32
FileDirectory
%windir%\tracing
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Transflo_RASMANCS
EnableFileTracing
0
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Transflo_RASMANCS
EnableConsoleTracing
0
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Transflo_RASMANCS
FileTracingMask
4294901760
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Transflo_RASMANCS
ConsoleTracingMask
4294901760
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Transflo_RASMANCS
MaxFileSize
1048576
2916
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Transflo_RASMANCS
FileDirectory
%windir%\tracing
2916
Transflo.Velocity.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
EMail
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
FirstName
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
LastName
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
CompanyName
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
DocClasses
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
DocClassNames
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
DefaultDocClass
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
UserType
OwnerOperator
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
RegistrationDate
1/1/0001 12:00:00 AM
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
StreetAddress1
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
StreetAddress2
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
City
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
State
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
ZipCode
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
PhoneNumber
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
MccNumber
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
DocClassesHistory
3420
Transflo.Velocity.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Pegasus TransTech\TRANSFLO Velocity\3.5\Registration
DocClassNamesHistory

Files activity

Executable files
52
Suspicious files
40
Text files
94
Unknown types
6

Dropped files

PID
Process
Filename
Type
532
chrome.exe
C:\Users\admin\Downloads\41e3bd3e-a135-40e8-b243-5d2b5b7bd1a6.tmp
executable
MD5: 4e74d53d3a6460136d4d69fb31cd011b
SHA256: 69ce5169a6d527154366a9aae8eb4894bb0597dea25c040772809f811a72c554
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Infragistics.Shared.v5.3.dll
executable
MD5: 2c9a2f23bf7146f9399a9f4e40ad1767
SHA256: 0dc895027f28499a0fb8fbcbfe05adc023c2bebbb96e5a17bb19ca5ecc966751
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\PTC.Scanning.dll
executable
MD5: 939444d6fe43792f757e62babb73d78f
SHA256: 52354d1c92eec5d30c22d76f0d6f23294006c6567ae69576dccc69bd71c78ea1
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Infragistics.Win.UltraWinMaskedEdit.v5.3.dll
executable
MD5: 846d8a17e47adcf1829c757c3faa45aa
SHA256: f3811a56e140ec17d225855806b5b5dca74d2d823d73c895d4bd7837a6f1e398
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\PTC.Forms.dll
executable
MD5: 492566b8461ce91d92007b0cd5128c64
SHA256: 3b77499bebef2ddee70079978f99c1dce62a155efb2f6ce29d3d40c1dbc22c2b
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\PTC.dll
executable
MD5: 44b4860338a4d05db42576669eb5ea8c
SHA256: 7a01848dd5f1a10e4d82028e271a8800e1328fcdb7fb3066a03c2b09c779e2ac
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\PTC.Forms.Advanced.dll
executable
MD5: 6991328ed001b0f352cea58da85355a1
SHA256: 7ff5b642be0ed00164920a522adb0d2cec082b597a7aa5253cc28f058ff23cbd
2584
tfv.tmp
C:\Program Files\Common Files\Pegasus TransTech\Utilities\process.exe
executable
MD5: 7397f6ee4a9601a123b645c0cd428017
SHA256: 5aaf73ef89f0efab963abb170bc9b7cd7d4d5bd7a691cd83137b4cc39cd120de
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\PTC.Scanning.Twain.dll
executable
MD5: 802cdf15b885e263b35510bbd70fe014
SHA256: a15b9e24a42a34d7a1a90f288fb6f7c6db837f2cc2bc224ab274dba6bc0084d5
2584
tfv.tmp
C:\Users\admin\AppData\Local\Temp\is-E4P24.tmp\process.exe
executable
MD5: 7397f6ee4a9601a123b645c0cd428017
SHA256: 5aaf73ef89f0efab963abb170bc9b7cd7d4d5bd7a691cd83137b4cc39cd120de
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Shared.dll
executable
MD5: ae51d87b3c1737f77ff0b0f498013049
SHA256: 918eabc453400dee0eeceadefc872814ea145e7e907923fdeef962f89075b14b
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Infragistics.Win.v5.3.dll
executable
MD5: 7ffd8d7200cc3915324a794407374a96
SHA256: f2b58e942b334c8fbcdacccbd7204461b21a0cc92948d233e691ce5963bb4296
2584
tfv.tmp
C:\Users\admin\AppData\Local\Temp\is-E4P24.tmp\isxdl.dll
executable
MD5: 02ecc74f7f91e9ffd84de708683236a6
SHA256: 30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\PTC.Drawing.dll
executable
MD5: e08f341e04623cbc9a9694f633299f81
SHA256: 972abdf84ae93fac822449a7ed8c281de0a8e0f05e9eb0d6c475c880de9fd2a4
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Now.Core.dll
executable
MD5: 3b3769d13b2195c87c4ec5be70b70068
SHA256: c3e4c22594235f43f67dd16f2225f557214b13ff078d8339263965d530a6000d
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Microsoft.Web.Services3.dll
executable
MD5: e42998e3bb92e6696a82ef796efac507
SHA256: 5a7ca101fd8efe0006f2f69d786989adc968d82cea35d83e976fb12d9baace32
2584
tfv.tmp
C:\Users\admin\AppData\Local\Temp\is-E4P24.tmp\_isetup\_shfoldr.dll
executable
MD5: 92dc6ef532fbb4a5c3201469a5b5eb63
SHA256: 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\PTC.Drawing.Advanced.dll
executable
MD5: 57d77aa628bf1c3d7f2e481351a8ed0e
SHA256: c38557480534fd2ecc77f3b7bff7c7fab3ea7de4193fcdaae8c2d48cd726a8ba
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Now.dll
executable
MD5: 333ee34d29eb76671450a306d6e6e860
SHA256: 021b5d3426272b94b8f568843cb25378a7eb52c6c9a4f5fb6fbddfdb8a303e34
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\NZipLib.TF.dll
executable
MD5: b56ff256b55b752827ab364fa34a4f5d
SHA256: 89cb70a312f84fc88a3bc4aa09a037ee8c2fd37f2690c43964b4c53092ba0df5
2584
tfv.tmp
C:\Users\admin\AppData\Local\Temp\is-E4P24.tmp\_isetup\_RegDLL.tmp
executable
MD5: 0ee914c6f0bb93996c75941e1ad629c6
SHA256: 4dc09bac0613590f1fac8771d18af5be25a1e1cb8fdbf4031aa364f3057e74a2
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\PTC.Database.dll
executable
MD5: 143ccfde82b3c115ee9795524197242d
SHA256: e7161d6cdb967454f0eea567cad8e8917030c0af2f1da5d6e37e0f0319bd4bf2
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Velocity.exe
executable
MD5: d018be26d99d23f4d4b820948bb24677
SHA256: 202342d072a0eac64226663e86c412810c8f7ebc1866895226eb7cfbba9003d7
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\DevExpress.XtraEditors.v11.1.dll
executable
MD5: 40125c02c80a295ea9dc5b6bc11548d5
SHA256: 64c228d1c8ce69cfa1ce8b2a5753bfc5ab0e1dcc3bbfb1d43c99aab37e754595
2392
tfv.exe
C:\Users\admin\AppData\Local\Temp\is-GK4QO.tmp\tfv.tmp
executable
MD5: 4755945b669c58b423b56c5ba8c40656
SHA256: 48ea21de18ed46117cc0d41bc88b08259672243e17be98b57c692ac170047935
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Client.dll
executable
MD5: 824760548870dd677afb979433d8e305
SHA256: 3fac65d9d3b5144d38656555024297392f1e2d8f14a3863d7dde44e865fd8d7b
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\pdf2tiff.dll
executable
MD5: add83b1c486c3f45da16b3910d88a71e
SHA256: 7bc5b7a446eb286af901d85b7928b5fe12d864e06b937403eaf5db3d59ee2a63
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\DevExpress.XtraBars.v11.1.dll
executable
MD5: c3a75210d889a40e16f57ff386335f6b
SHA256: 9d5957d1345faca9041d93a50818f89d70a5f77cc32b0d2b9932a53fbe0e5821
3468
tfv.exe
C:\Users\admin\AppData\Local\Temp\is-IFDIS.tmp\tfv.tmp
executable
MD5: 4755945b669c58b423b56c5ba8c40656
SHA256: 48ea21de18ed46117cc0d41bc88b08259672243e17be98b57c692ac170047935
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\PTC.Components.dll
executable
MD5: 7fbe3caf3fa2ebd0bc2d86d4f2599336
SHA256: 113896fe1eed514a55b2691f4bbf440fc30d752983705ef11fbee51430c80634
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Vintasoft.Imaging.dll
executable
MD5: 0bde2bbfb02f8c064f86218e4f7bd34e
SHA256: b134fa490018e1c9abc562ae59f4db29369fe468c5c1fa8cad18fb1a054f39f7
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\DevExpress.Utils.v11.1.dll
executable
MD5: 2dc4bed24671153d41827305d42b03ec
SHA256: 35f5036ad36094c35b0269176a19eef82ae0317c7af44ff19ddaafa48095e81d
532
chrome.exe
C:\Users\admin\Downloads\tfv.exe
executable
MD5: a76fd703dc9bbbfcb3f1e94ff9227326
SHA256: 3dd418123be1808d6b9fe0db2107b881fa1412203b5586dd80b8a2aa39395a9e
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Server.Entity.dll
executable
MD5: 5ea2c56c35a4d228e6ab3d0a97d5f979
SHA256: 9439e26a88a2aaf5e3a606536e434a9a1b9cc5a0c4cb7360f2fa810433bc1bcf
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Vintasoft.Imaging.DocCleanup.dll
executable
MD5: 95ca0d6ee65f62880fd0fb9b38aba19a
SHA256: 458e1e6fdf5e704abdf28bc90296767f51eb6c729ea9f6a89f68429433f65dd8
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\DevExpress.Data.v11.1.dll
executable
MD5: 82df40e2ae0a0a3706cc42eed5b8c20b
SHA256: e19371b096cc7d1b8a2776ca1148a080709155e0a4ab4304cfb446f0aba4100a
532
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 699467.crdownload
executable
MD5: a76fd703dc9bbbfcb3f1e94ff9227326
SHA256: 3dd418123be1808d6b9fe0db2107b881fa1412203b5586dd80b8a2aa39395a9e
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\DevExpress.XtraGrid.v11.1.dll
executable
MD5: bbf8e67ffc368ed17f3b7c8e7b649376
SHA256: 9a239c083184a44bee7075a7050f115dd3a880c7db0defdcddf5f1c27dba501c
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Vintasoft.Pdf.dll
executable
MD5: d6396566b68623543e80ab4bd88c65d4
SHA256: a81d87dc5c252c04f2951216d033016949548e3a3549f518b9c75812d7f2ad72
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\DevExpress.XtraLayout.v11.1.dll
executable
MD5: 7e7555f4f1c6f2c690affa8f8e10c47e
SHA256: 3ef522eb5f4b74e50188cb09e97b3c1a9b05cd9d1e3323efea4636fecc22c6d4
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
executable
MD5: a76fd703dc9bbbfcb3f1e94ff9227326
SHA256: 3dd418123be1808d6b9fe0db2107b881fa1412203b5586dd80b8a2aa39395a9e
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\DevExpress.Printing.v11.1.Core.dll
executable
MD5: bf5ac4cc828129586162ad00888814f6
SHA256: 2dd1e0a7ac75eb194ce1a5aad8e5b3918964f162354c81daa7e03b104045e85b
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Vintasoft.Twain.dll
executable
MD5: 19328b8bd64d2e4fe27bfe54e812b5c6
SHA256: 7469fcb7a2bda075305e7084e67dad7f00cceddd564e90413ef814e91458e933
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\System.Core.dll
executable
MD5: 5b7bd8f5f22917c449e16ae4b64ab7a2
SHA256: 0848a7a4b79d05c16c03ee8a8f140a909ced55b22a4b037387e9584e863dc971
532
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 699467.crdownload
executable
MD5: 15a6282855e7576d91a0edda6109e48e
SHA256: ca532e691697e64bff2e5ec27c562adb1d46b16c2c7e145822e45c5d4b0eb9a0
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Capture.dll
executable
MD5: 98c6fa1f91faf5a84ed1e06bd720698e
SHA256: b5f3be3e43c33a1bfb0739d453d2d9179d1f1c9cd1f71d323798411e162ef551
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.ClientConfig.exe
executable
MD5: af77c9e3de46856c3f7458353b12539f
SHA256: 570df4fd3e2de59a0df77706d3aba95c99994a4fb5de6bef2471f35b4eb10cab
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\System.Data.DataSetExtensions.dll
executable
MD5: 3be6910a70806530d0fd6b59071c9eec
SHA256: 210d821a41d90217cc09f604777d62a2b7a7fac215bb0eaf692a9e26e8f2c23b
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Bridge.Repository.dll
executable
MD5: 80114ddea4d7a96f2d75cd649261357c
SHA256: 0bd8dabd44763c11cf35659c862145553aef3d5d7e46ae97d4ca0b1bdecac693
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\System.Xml.Linq.dll
executable
MD5: e6f7013c95119527cd288359d700a601
SHA256: a6f9daaf462f58c8808b63a78db9c4502e1d26dbadb560e8fcc212358f7b93c7
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Bridge.Workflow.dll
executable
MD5: 39a2eb20a7bc83aedf2341631a42e433
SHA256: a7b0aa6496dcebeb0d17d7eafe3bf66aad0a388f09b22854df24fd8c2f5b62a1
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\unins000.exe
executable
MD5: 80def19832d18e92288e0e778f60cd4d
SHA256: c2cb1f5101ae947215b54baa43583fffa68e91ab34b134bd266c21829ceaa7d3
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-3UR30.tmp
––
MD5:  ––
SHA256:  ––
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
binary
MD5: 8e0ebb38cbad41c7075110466cfc4c4b
SHA256: a4a3d11a9e5437310974e9bf09f12138bc1ab3534266c8cce5dd65e44afeb771
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: fea0c40cda4ca69ad2bcb68e38568879
SHA256: a0127b7c27a2432510de6983e3acd1cb99445244fd3c42a8e30bce5097e93292
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3be62a.TMP
text
MD5: fea0c40cda4ca69ad2bcb68e38568879
SHA256: a0127b7c27a2432510de6983e3acd1cb99445244fd3c42a8e30bce5097e93292
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e5eeb240-9038-4b8a-9b80-85e34aceb941.tmp
––
MD5:  ––
SHA256:  ––
2916
Transflo.Velocity.exe
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Logs\Transflo.Velocity\USER-PC_Transflo.Velocity_20191203.log
text
MD5: d70f6e6c91d8da21810b8aeed9e08db3
SHA256: 8cb2cd44d8c1dff616952c16c4cb341a14a15dfcd940c36711240258b86ef1f9
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF3afa63.TMP
text
MD5: f41e1a1787442f03c4bddb54c60a9796
SHA256: c04c75bf57eaf76577d8dff6360e8920a73b3e69de869191d248da56d0c3f3c2
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\d7db5edf-e506-439e-b91c-ffa6c2f0362f.tmp
––
MD5:  ––
SHA256:  ––
2916
Transflo.Velocity.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: da0ab85ed18c4233c9060fad6012cf6e
SHA256: 203aea713deaa18219eab4abc089e210008b695ba4dcded9754eca4266b91f66
2916
Transflo.Velocity.exe
C:\Users\admin\AppData\Local\Temp\TarD491.tmp
––
MD5:  ––
SHA256:  ––
2916
Transflo.Velocity.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 5ad071a3917588e8cd883b123b395b21
SHA256: de62965c15528da598b0079d2d20d953dd6f71b13a23807bff0666d03f69c0fa
2916
Transflo.Velocity.exe
C:\Users\admin\AppData\Local\Temp\CabD490.tmp
––
MD5:  ––
SHA256:  ––
2916
Transflo.Velocity.exe
C:\Users\admin\AppData\Local\Temp\CabD3F1.tmp
––
MD5:  ––
SHA256:  ––
2916
Transflo.Velocity.exe
C:\Users\admin\AppData\Local\Temp\TarD3F2.tmp
––
MD5:  ––
SHA256:  ––
2916
Transflo.Velocity.exe
C:\Users\admin\AppData\Local\Temp\TarD3E1.tmp
––
MD5:  ––
SHA256:  ––
2916
Transflo.Velocity.exe
C:\Users\admin\AppData\Local\Temp\CabD3E0.tmp
––
MD5:  ––
SHA256:  ––
3844
csc.exe
C:\Users\admin\AppData\Local\Temp\a5oimsl3.out
––
MD5:  ––
SHA256:  ––
3844
csc.exe
C:\Users\admin\AppData\Local\Temp\a5oimsl3.dll
––
MD5:  ––
SHA256:  ––
320
cvtres.exe
C:\Users\admin\AppData\Local\Temp\RESD1FC.tmp
––
MD5:  ––
SHA256:  ––
3844
csc.exe
C:\Users\admin\AppData\Local\Temp\CSCD1FB.tmp
––
MD5:  ––
SHA256:  ––
2916
Transflo.Velocity.exe
C:\Users\admin\AppData\Local\Temp\a5oimsl3.0.cs
text
MD5: b488ae54af20070249e679c3cdd8ee89
SHA256: e6dfb423a7f21834ccae5af74609ce61e29c8c5144afbcabfcfb8f9d2835643b
2916
Transflo.Velocity.exe
C:\Users\admin\AppData\Local\Temp\a5oimsl3.cmdline
text
MD5: ae2362b6f67579ebd8e4c490a0c33cc8
SHA256: eb8a6b8534237b08e3e5afbf9d83af80e459af61c4b5771ee8517871fd6b82f2
3592
csc.exe
C:\Users\admin\AppData\Local\Temp\qrkpyc9s.out
––
MD5:  ––
SHA256:  ––
3592
csc.exe
C:\Users\admin\AppData\Local\Temp\qrkpyc9s.dll
––
MD5:  ––
SHA256:  ––
736
cvtres.exe
C:\Users\admin\AppData\Local\Temp\RESD018.tmp
––
MD5:  ––
SHA256:  ––
3592
csc.exe
C:\Users\admin\AppData\Local\Temp\CSCD007.tmp
––
MD5:  ––
SHA256:  ––
2916
Transflo.Velocity.exe
C:\Users\admin\AppData\Local\Temp\qrkpyc9s.cmdline
text
MD5: 2e23d7ba35506301d5210dd0426a1b7a
SHA256: 1d2552a2d7aef2c8673f00e60dab3a35ecd28ea245ff826ba13adfb83a7f58a8
2916
Transflo.Velocity.exe
C:\Users\admin\AppData\Local\Temp\qrkpyc9s.0.cs
text
MD5: be199bd821ec724fbb592c6316ff37bf
SHA256: cfa9c4e5d67180369e4a88875c9bd601781fefea6c571a338ae9f568ca4471d0
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF3abc31.TMP
text
MD5: f41e1a1787442f03c4bddb54c60a9796
SHA256: c04c75bf57eaf76577d8dff6360e8920a73b3e69de869191d248da56d0c3f3c2
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: f41e1a1787442f03c4bddb54c60a9796
SHA256: c04c75bf57eaf76577d8dff6360e8920a73b3e69de869191d248da56d0c3f3c2
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\e016d34d-4bda-4d02-bf8b-6c694afa23d8.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: c924c81485f742d2c72349cdf37abd13
SHA256: dd880cc412de38be83ae951fcd2d469362fc057fe4f1063d6833e9ffdd6dadd9
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3ababa.TMP
text
MD5: c924c81485f742d2c72349cdf37abd13
SHA256: dd880cc412de38be83ae951fcd2d469362fc057fe4f1063d6833e9ffdd6dadd9
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\cafc48fe-e40d-45bc-aaa4-19434cb2a7fb.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Users\admin\AppData\Local\Temp\Setup Log 2019-12-03 #001.txt
text
MD5: 206f5c99abed0e5a2d0d29057df9728a
SHA256: 7c38c9a1cb04119e9045ad97e403665b5884ca973bcc5cda2c6e3a597d026719
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\InstallationLogFile.log
text
MD5: e6108685fa0571e1ce4a91d8dbdbeb9c
SHA256: 94f69070eea519ade9675822fcdbcf4a3a3623437ae68197cf13a238fabc94d4
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\unins000.dat
dat
MD5: 401e36c2a03e91f43cdfb8276218189c
SHA256: 7deee14c5a5de66b29829c36e04d9784918a36792477b038bb6aa7deb751b8f1
2584
tfv.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TRANSFLO $Velocity®\TRANSFLO $Velocity® Client Configuration.lnk
lnk
MD5: 54e585732d5c35aeca7aa2397d7e8396
SHA256: c74976535208361d5230afed7e0ebaa118dcb845d1d6e1ab067d07a121c01f7c
2584
tfv.tmp
C:\Users\Public\Desktop\TRANSFLO $Velocity®.lnk
lnk
MD5: 2376c7b21f96015d2080d63e62d0903b
SHA256: 5719811ad24da2c26a4fec22bd3e0bb17e5fe6c5d99a3defdcb85a2128edb251
2584
tfv.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TRANSFLO $Velocity®\Uninstall TRANSFLO $Velocity.lnk
lnk
MD5: c528bfb442057fdb5c005dd374a00b6e
SHA256: fecb5f58d5b08019a42e4fc93ce6dfa0affb8dd8e8c902a0c85fbe17abca5788
2584
tfv.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TRANSFLO $Velocity®\TRANSFLO $Velocity®.lnk
lnk
MD5: 24a2c934c7697f3a45c9cc871d103e38
SHA256: dc8a4c2926e0c684b2f9306ca7eb8edfa951f0a32f962b4bdcfbe08ffc1754b8
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\images\ptc_main.gif
image
MD5: 663f74d5a34476b5c097a78260747f98
SHA256: 46406882894ecca92f5f9b78725ca213e3bb2dd7d60f30f410aefa4a7929418a
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\images\ptc_logo.gif
image
MD5: 774da9389332861b51b2346c82d4bcf5
SHA256: a9d0127e09a2af0d60ed2973552649b476b287f413251e8539020847203513cb
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\EULA.rtf
text
MD5: 46e37cd338046e4e4bd8c2982514a37d
SHA256: b6d65b55d9f2b49faa836ed82e8707ab8d23bd3c59a10024c093da685cca9634
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\help.chm
chm
MD5: 8afea4ca937129caf8b422af3160dae3
SHA256: caa2dc61110e11e00844489091a0f55b9e58b00fd645674bb29f6ec5b13b4709
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Banner.html
html
MD5: b58c8b30afe6edff4f9b855f602235f4
SHA256: 272698d5c1b9806bdbee1bc7675c6b90e0642ec604646acb4f8e2d755a8dc4ec
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-8I5IM.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-MIN3D.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\images\is-TR24P.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\images\is-VVTRN.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-0AQ3I.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.ClientConfig.exe.Config
xml
MD5: 5af4fc49f6ee61eed5112d1b6f1dcb20
SHA256: 92b07899024928dc26413ed5d67b86a19d6fec2b9aa8f59025293273c095d864
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF3c4ded.TMP
text
MD5: b74051adb09d225ca316f2b6681d694b
SHA256: c1883fac89779de334d075888c3dd5223ae9f5d1dccc5165e7ba89ce7a0b2140
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
binary
MD5: 0ff94e6c88bca97d96d62da44cc8e52b
SHA256: 585fb0f43c548db7e2dbb636efb8b4317458f075521b0f2f659a5aa5c3d49ced
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-F83VC.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-E03TC.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-545NK.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RF3c4830.TMP
binary
MD5: 0ff94e6c88bca97d96d62da44cc8e52b
SHA256: 585fb0f43c548db7e2dbb636efb8b4317458f075521b0f2f659a5aa5c3d49ced
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-KS10U.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlBilling.store
binary
MD5: 26d9c112fafdcc2ece33614369b14eec
SHA256: f12e47aad54e93d533f77de590e526514dc435eaf54783b512d6a2a0204f79f4
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-N8012.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-EQU74.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlBilling.store_new
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-8DGDC.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store
binary
MD5: db77beaff9ddf137e9952ca2db007f01
SHA256: 3a0fc7707eace8743248e0b5c2da883cb37d7a916010c1e990acf5d663d47073
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\Transflo.Velocity.exe.config
xml
MD5: 07fd9272a44fb34f9ce28195d661844c
SHA256: 98f180bc82e71820fb17f6c9215439196478fd68850698248a2f17a6d36f4544
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store
binary
MD5: 1f7aed28868358fa0032525fc4b290e5
SHA256: a4ab577f88f75b0f48bf0b6a9dca4705ec5215dc18d72b6ae1a60fa30324d9b9
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-UO0D3.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-THNLM.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-MAHU8.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store_new
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-M72S7.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store_new
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-RU4E8.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store
binary
MD5: bd2a05bc63a946ea99e1de94c59059c0
SHA256: 46a9238c3152029a3371ba7b757cac42b7feb9bfbf9f196b1fdd990261065978
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store_new
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store
binary
MD5: d7d05d4891f16e92010850ae8cca373f
SHA256: 430e81f5854abb2b36ebc506167e70a513fddcf63fef5174ac57bfd0e76f77f2
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store
binary
MD5: 126a99d81b3c579acb921061beeb2548
SHA256: c72ac7c994fd1b5e02e66da93476c5da38bd63a05fd143f46236c8a03c5d1c3e
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-VSUUG.tmp
––
MD5:  ––
SHA256:  ––
3864
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-71QNC.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-DKHEM.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store
binary
MD5: 4cff9355c4e6539c00bae4d259f2e45a
SHA256: dbac042702402bd87016928ef4827eeb34a36671935f5049ead11468fe84c47a
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store
binary
MD5: caeafb64cc45d1f6de0b645f9ca3f467
SHA256: ebfadd74e8ddfa56c23f4b017b1d631f35176455bc855b33e1a52006ec98e115
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store_new
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-RHRGQ.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-GGIPM.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-GP863.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store_new
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store_new
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store
binary
MD5: fc0134624adab2a22f93b6b212f196b7
SHA256: bb801a98c4aaa65e6109034883b61a63957c41af64330dead8d74e6a7e70779e
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-UEELP.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-O2LSK.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-H2HAF.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-8D83L.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store_new
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-OSSAB.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-38VAN.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store_new
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store
binary
MD5: 9484bf26d10d93d1c76fed194caf5c58
SHA256: ac5ab8a27fb5914100d3993f22009fa5a7948ccf950af2f4d774290a9b2dad2b
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store_new
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-LRG1L.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-30TV9.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-GGTE2.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store
binary
MD5: 43424ec9a25f29f141319f796f26ce91
SHA256: 2906a981195b60d9d011e0447981e7f9082c2b2089517e81f42b380f5c9248d8
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-AV40S.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store
binary
MD5: da00f5f8a1e4bdb532342a9f0ab950a3
SHA256: 48efa99cdf638eb242b760569e6dbf15c0d0c78d6fa1e4e64ea15543d6bbca5a
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-L9BFG.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-CEDS8.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store_new
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-33I22.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 69293e0cf893ba6a74e79c8ae86ce8f9
SHA256: da473ac1e0ebf809ef03ee04bafe3bf8300eb622beaa06df7241e4e7d68c392b
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-E2CTF.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3c1f9a.TMP
text
MD5: 69293e0cf893ba6a74e79c8ae86ce8f9
SHA256: da473ac1e0ebf809ef03ee04bafe3bf8300eb622beaa06df7241e4e7d68c392b
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-RT587.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4e3a0f71-2fec-4bd8-83af-2024fd39d2ff.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-HVMHQ.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: b74051adb09d225ca316f2b6681d694b
SHA256: c1883fac89779de334d075888c3dd5223ae9f5d1dccc5165e7ba89ce7a0b2140
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-TF54I.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF3c1067.TMP
text
MD5: b74051adb09d225ca316f2b6681d694b
SHA256: c1883fac89779de334d075888c3dd5223ae9f5d1dccc5165e7ba89ce7a0b2140
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-8HDPP.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\b816fdc6-dcfa-4c50-b1e4-5964855e703e.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-1G642.tmp
––
MD5:  ––
SHA256:  ––
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: d39e266b88d34c91da60187de56efb52
SHA256: b3d60912f4c88bea86d6f180b0dbdd7f6d704d5c26b3d20e6787055437999d01
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-7SBB6.tmp
––
MD5:  ––
SHA256:  ––
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF3c08a7.TMP
text
MD5: d39e266b88d34c91da60187de56efb52
SHA256: b3d60912f4c88bea86d6f180b0dbdd7f6d704d5c26b3d20e6787055437999d01
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f07b57f0-9ec4-4814-92bf-fa82e6026583.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-IJ5NR.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-AE831.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\271cb1d35d781aa5_0
binary
MD5: 860b299d8e68a9d00dbcaa05967bd0e0
SHA256: 857fa7a21bc471f88aec10fe51458101b01ad7df223463deec2a1de4b8d585c4
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\487cdb1c4e908be6_0
binary
MD5: d1f098938cb5b058f643daddbd58d226
SHA256: 6ec09191bb79792e0a5b22b7e5d181a15badef632f1f2b363cde8d8ca832a1eb
2584
tfv.tmp
C:\Program Files\Common Files\Pegasus TransTech\Utilities\is-C1VVA.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Program Files\Pegasus Transtech\TRANSFLO Velocity\is-NSE7K.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF3a6c9a.TMP
text
MD5: ef7723081fd76a362fed50ff634fe35a
SHA256: d4fff10ed521b141ab42fd2234f10babc511084518847abd56551071992af00d
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: ef7723081fd76a362fed50ff634fe35a
SHA256: d4fff10ed521b141ab42fd2234f10babc511084518847abd56551071992af00d
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\c52d5e7f-4488-4885-b226-57401eac5284.tmp
––
MD5:  ––
SHA256:  ––
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
binary
MD5: 295d6580336261cd44fd7cdb4f83b27c
SHA256: 00f5dd61a2c6bf73c41d8139e0bd2cd5748816f0fa4d64eb66c5a0b497c41740
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 53d342c249328333f8e7f46e80253c72
SHA256: 6c13433976790189674c139e850baa63b6fb2527b4952afd66676e0656357f50
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3a45a9.TMP
text
MD5: 53d342c249328333f8e7f46e80253c72
SHA256: 6c13433976790189674c139e850baa63b6fb2527b4952afd66676e0656357f50
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\efb88b86-94b0-49ef-ba42-a4891a6cd76d.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF3a0dff.TMP
text
MD5: 6dbd0cbf3994c48c3f0602167d7ea5e4
SHA256: 747594d2f09ec0ac8ac085a9af7667a840dc2a884792f5a1c8fded3448e91645
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 6dbd0cbf3994c48c3f0602167d7ea5e4
SHA256: 747594d2f09ec0ac8ac085a9af7667a840dc2a884792f5a1c8fded3448e91645
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\56781e21-394f-42d3-b7ad-474f1ba34586.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Users\admin\AppData\Local\Temp\is-E4P24.tmp\TFV_Logo.bmp
image
MD5: c52c358ab101ca9aba6785687bf0dc4f
SHA256: f38579e61b478b55ec21646324e8e04d965286f6eee4af268bf38bdc3e05bd45
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF39fda4.TMP
text
MD5: 23416a24e1f7320ce668dde278459636
SHA256: ebd2679008869a3f58c09f367770fc845210437b6be28fa281b221bf27ff611b
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 23416a24e1f7320ce668dde278459636
SHA256: ebd2679008869a3f58c09f367770fc845210437b6be28fa281b221bf27ff611b
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9f145f92-db34-4360-8b46-c7f0883cc5c0.tmp
––
MD5:  ––
SHA256:  ––
2584
tfv.tmp
C:\Users\admin\AppData\Local\Temp\is-E4P24.tmp\ptc_small_logo.bmp
image
MD5: ce9b6caf02cf37476e58ed786d0887fe
SHA256: aa0850b5f139bbe1ba43aaa7417e22a5002ad459d632796b6dd476138759ada8
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\249a2dd792382b1e_0
binary
MD5: 0c58191a1f969f4f2ba467860302b0f6
SHA256: ae56a5837eb50c1237f25d80053640cf271a31d4d3dcb58ac3651e168ef9bbc3
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
binary
MD5: 3842b9925ddb60add13525ffdca9d23d
SHA256: 0f5168a66b677e9ed2fd8903049aa0c5cbfc64e0f1657ac29dce15f34c25725e
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f5ed3666d008bab4_0
binary
MD5: 8a7653abffba87cf3939dcbe5549ecec
SHA256: 141bcfa4e840c07700557ecb67447454bb988db0be33fb95709b9f26fab958d1
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\899699efdaedd859_0
binary
MD5: bad3ee6182411f81c96213d74b4cad47
SHA256: 21bbe3792cdc3950971f0379bfb187dad843a1e42a5d001027302f11a41aaa9a
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
compressed
MD5: 211c5d2863df351515d0e3b689892d41
SHA256: a97e9677cef3151d06228db9c67ffb5e0b54fc9d325a0de644dc26f5c781bc09
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 42ee16f1f5d3d1fd2be49524c387b20c
SHA256: 0166f1857c613f158832a32c75871ce04d7d61e65764ffeb72936bdb56423f8c
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF39d396.TMP
text
MD5: 42ee16f1f5d3d1fd2be49524c387b20c
SHA256: 0166f1857c613f158832a32c75871ce04d7d61e65764ffeb72936bdb56423f8c
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a9892b2e-1b4f-488f-8a5c-e2a6a239fd40.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 37804049142d678b5e0f10eecb6199c2
SHA256: b537c4360e192706b6e55023069a6355dbf431527df358e0d751afaf05de0a40
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d4ff4ab1-984e-4fa2-878d-71e2ed0615ea.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\Downloads\tfv.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 42ff9e3637556b47ce2eabc2f32a7d27
SHA256: d2d731b06bcb7e0e8a3fda665ee80e7348a33e50e41fda2cd6a94c5b3c0760ff
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF39cffc.TMP
text
MD5: 42ff9e3637556b47ce2eabc2f32a7d27
SHA256: d2d731b06bcb7e0e8a3fda665ee80e7348a33e50e41fda2cd6a94c5b3c0760ff
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\cf0dbe4b-81c9-4ef8-a868-b19feff7616a.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: c84e50d52bde704d90cc61590dc5869d
SHA256: 5215aea4551e0efa9d495b82221b1a6db632f2aaca3601bbd00e12efe7764bd5
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF39cf41.TMP
text
MD5: c84e50d52bde704d90cc61590dc5869d
SHA256: 5215aea4551e0efa9d495b82221b1a6db632f2aaca3601bbd00e12efe7764bd5
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\088f9379-e629-461b-939f-a464d67e7a77.tmp
––
MD5:  ––
SHA256:  ––
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
binary
MD5: 79a352da404a7d78aedcc257cfe40522
SHA256: dd5908f9603f2eae8e56e886678eb0e9aa6bcc8f5e0ee01dea8d0ecb8c1f1747
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\54436da0a7fc04cc_0
binary
MD5: 1150f6c3e497f6169a4d814eff13f164
SHA256: fd953253e865be9eca55e55bcdbe8af95531f77f0daf9567b6a620a60bfaed01
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
compressed
MD5: 0b43430f7311553d82a287f1bd8bda81
SHA256: e6733b90b3e034f9af5795f07d266c43c264a21dc5d9c8a7d9ac095ec176f284
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 97aa7678fb9d338d08c371711b54a104
SHA256: 4657635b66fa68ae1550b7bff4e54016f8874b4df43a004c9a7244c8465c6ca8
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 92eb31d830454841999ecdb4a714d301
SHA256: 63f01870e03b0329f3ae859435ef5610661a45085390af36275ae7d6808c8ffb
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d64da2bb0a556215_0
binary
MD5: afd099b0a75755508dfd4446265b3508
SHA256: 83aa6424039679347176e1b2bc4961a3e1524d5c6f58da72f31c75725212496c
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF39afa3.TMP
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF39af17.TMP
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
1912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
compressed
MD5: 7171d5a08fa1780e1dbcbaf977f74f53
SHA256: d14cc94be4b5b7e5dcc898a392f3bbf6f20dbe485e522fa95163c72654c724aa
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT~RF39ae3c.TMP
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
text
MD5: 7ed7bb959a05065f51f082559b5041df
SHA256: 5f4b81e5a0555d95eb2079a37e8002f61efc68f67711f4cfda69adca9c0316b6
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
binary
MD5: 891a884b9fa2bff4519f5f56d2a25d62
SHA256: e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old
text
MD5: 722d616be0caaf9ed585c9aea7f3742c
SHA256: f86c514fa380332be463670b3b334c8feedc2f6cb9b4118ea367729b056de0fb
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF39aa54.TMP
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 0acecca4cf9ade756da7cc9dcdf02d50
SHA256: 18f910775132b4fee014ea0fab836d857f367e76232fab4ae6a86a92e4c3ebee
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old
text
MD5: 911b244e4a362b56f2478647d2d61a40
SHA256: 3a5aec1ea537d8841e604d0aa4cd5f9241c805a3d4eb4e372cfb7eeb3678a361
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF39a9e6.TMP
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF39a989.TMP
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\7132e73a-5daf-47f8-aec3-15068d4517ff.tmp
––
MD5:  ––
SHA256:  ––
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF39a969.TMP
text
MD5: a519780ed0a2f4336db4f5651d79c369
SHA256: da5b71bd0075b55757bf757bf5f4d4a1dcbcf0762cda5b31b28680963e068c75
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: a519780ed0a2f4336db4f5651d79c369
SHA256: da5b71bd0075b55757bf757bf5f4d4a1dcbcf0762cda5b31b28680963e068c75
532
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 0686d6159557e1162d04c44240103333
SHA256: 3303d5eed881951b0bb52cf1c6bfa758770034d0120c197f9f7a3520b92a86fb