General Info

File name

MBR.exe

Full analysis
https://app.any.run/tasks/ea46bc67-6794-4e41-ae26-92491185c6e3
Verdict
Malicious activity
Analysis date
3/14/2019, 19:16:10
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (console) Intel 80386, for MS Windows
MD5

c41ff0552868438f0743a40b99c28d0d

SHA1

45798205a33eb59d4f0143c886939aa267417ef5

SHA256

30809fcf117c10d3922bc45e095c944db3f39f395c5f97d53af5fbf4621b6587

SSDEEP

768:PSEwFTNMPmkpB7B8tPP3lLuzZPKqP2M11ceFZDoGd:ITaR6tPP3lLuBZPljcgZDoGd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads the Task Scheduler COM API
  • RogueKiller_portable32.exe (PID: 3748)
Application was dropped or rewritten from another process
  • RogueKiller_portable32.exe (PID: 3900)
  • RogueKiller_portable32.exe (PID: 3748)
Loads the Task Scheduler DLL interface
  • RogueKiller_portable32.exe (PID: 3748)
Executable content was dropped or overwritten
  • RogueKiller_portable32.exe (PID: 3748)
  • chrome.exe (PID: 2424)
Creates files in the driver directory
  • RogueKiller_portable32.exe (PID: 3748)
Creates files in the Windows directory
  • RogueKiller_portable32.exe (PID: 3748)
Removes files from Windows directory
  • RogueKiller_portable32.exe (PID: 3748)
Creates or modifies windows services
  • RogueKiller_portable32.exe (PID: 3748)
Low-level read access rights to disk partition
  • RogueKiller_portable32.exe (PID: 3748)
Creates files in the program directory
  • RogueKiller_portable32.exe (PID: 3748)
Starts Internet Explorer
  • RogueKiller_portable32.exe (PID: 3748)
Reads settings of System Certificates
  • RogueKiller_portable32.exe (PID: 3748)
  • chrome.exe (PID: 2424)
Application launched itself
  • chrome.exe (PID: 2424)
  • iexplore.exe (PID: 3428)
Reads Internet Cache Settings
  • chrome.exe (PID: 2424)
Changes internet zones settings
  • iexplore.exe (PID: 3428)
Creates files in the user directory
  • iexplore.exe (PID: 1760)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win64 Executable (generic) (64.6%)
.dll
|   Win32 Dynamic Link Library (generic) (15.3%)
.exe
|   Win32 Executable (generic) (10.5%)
.exe
|   Generic Win/DOS Executable (4.6%)
.exe
|   DOS Executable Generic (4.6%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2019:02:25 00:05:41+01:00
PEType:
PE32
LinkerVersion:
2.28
CodeSize:
11776
InitializedDataSize:
18432
UninitializedDataSize:
512
EntryPoint:
0x12e0
OSVersion:
4
ImageVersion:
1
SubsystemVersion:
4
Subsystem:
Windows command line
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date:
24-Feb-2019 23:05:41
TLS Callbacks:
2 callback(s) detected.
Debug artifacts
Embedded COFF debugging symbols
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000080
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
13
Time date stamp:
24-Feb-2019 23:05:41
Pointer to Symbol Table:
0x00007200
Number of symbols:
475
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00002C44 0x00002E00 IMAGE_SCN_ALIGN_1024BYTES,IMAGE_SCN_ALIGN_16BYTES,IMAGE_SCN_ALIGN_1BYTES,IMAGE_SCN_ALIGN_2048BYTES,IMAGE_SCN_ALIGN_256BYTES,IMAGE_SCN_ALIGN_32BYTES,IMAGE_SCN_ALIGN_4096BYTES,IMAGE_SCN_ALIGN_4BYTES,IMAGE_SCN_ALIGN_64BYTES,IMAGE_SCN_ALIGN_8192BYTES,IMAGE_SCN_ALIGN_8BYTES,IMAGE_SCN_ALIGN_MASK,IMAGE_SCN_CNT_CODE,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.04561
.data 0x00004000 0x0000001C 0x00000200 IMAGE_SCN_ALIGN_1024BYTES,IMAGE_SCN_ALIGN_16BYTES,IMAGE_SCN_ALIGN_1BYTES,IMAGE_SCN_ALIGN_256BYTES,IMAGE_SCN_ALIGN_2BYTES,IMAGE_SCN_ALIGN_32BYTES,IMAGE_SCN_ALIGN_4096BYTES,IMAGE_SCN_ALIGN_4BYTES,IMAGE_SCN_ALIGN_512BYTES,IMAGE_SCN_ALIGN_64BYTES,IMAGE_SCN_ALIGN_8192BYTES,IMAGE_SCN_ALIGN_MASK,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0.217009
.rdata 0x00005000 0x000002E4 0x00000400 IMAGE_SCN_ALIGN_1024BYTES,IMAGE_SCN_ALIGN_16BYTES,IMAGE_SCN_ALIGN_1BYTES,IMAGE_SCN_ALIGN_256BYTES,IMAGE_SCN_ALIGN_2BYTES,IMAGE_SCN_ALIGN_32BYTES,IMAGE_SCN_ALIGN_4096BYTES,IMAGE_SCN_ALIGN_4BYTES,IMAGE_SCN_ALIGN_512BYTES,IMAGE_SCN_ALIGN_64BYTES,IMAGE_SCN_ALIGN_8192BYTES,IMAGE_SCN_ALIGN_MASK,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.02341
/4 0x00006000 0x000009B0 0x00000A00 IMAGE_SCN_ALIGN_1024BYTES,IMAGE_SCN_ALIGN_16BYTES,IMAGE_SCN_ALIGN_1BYTES,IMAGE_SCN_ALIGN_256BYTES,IMAGE_SCN_ALIGN_2BYTES,IMAGE_SCN_ALIGN_32BYTES,IMAGE_SCN_ALIGN_4096BYTES,IMAGE_SCN_ALIGN_4BYTES,IMAGE_SCN_ALIGN_512BYTES,IMAGE_SCN_ALIGN_64BYTES,IMAGE_SCN_ALIGN_8192BYTES,IMAGE_SCN_ALIGN_MASK,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.75857
.bss 0x00007000 0x00000070 0x00000000 IMAGE_SCN_ALIGN_1024BYTES,IMAGE_SCN_ALIGN_16BYTES,IMAGE_SCN_ALIGN_1BYTES,IMAGE_SCN_ALIGN_256BYTES,IMAGE_SCN_ALIGN_2BYTES,IMAGE_SCN_ALIGN_32BYTES,IMAGE_SCN_ALIGN_4096BYTES,IMAGE_SCN_ALIGN_4BYTES,IMAGE_SCN_ALIGN_512BYTES,IMAGE_SCN_ALIGN_64BYTES,IMAGE_SCN_ALIGN_8192BYTES,IMAGE_SCN_ALIGN_MASK,IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x00008000 0x000005F0 0x00000600 IMAGE_SCN_ALIGN_1024BYTES,IMAGE_SCN_ALIGN_16BYTES,IMAGE_SCN_ALIGN_1BYTES,IMAGE_SCN_ALIGN_256BYTES,IMAGE_SCN_ALIGN_2BYTES,IMAGE_SCN_ALIGN_32BYTES,IMAGE_SCN_ALIGN_4096BYTES,IMAGE_SCN_ALIGN_4BYTES,IMAGE_SCN_ALIGN_512BYTES,IMAGE_SCN_ALIGN_64BYTES,IMAGE_SCN_ALIGN_8192BYTES,IMAGE_SCN_ALIGN_MASK,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.66155
.CRT 0x00009000 0x00000018 0x00000200 IMAGE_SCN_ALIGN_1024BYTES,IMAGE_SCN_ALIGN_16BYTES,IMAGE_SCN_ALIGN_1BYTES,IMAGE_SCN_ALIGN_256BYTES,IMAGE_SCN_ALIGN_2BYTES,IMAGE_SCN_ALIGN_32BYTES,IMAGE_SCN_ALIGN_4096BYTES,IMAGE_SCN_ALIGN_4BYTES,IMAGE_SCN_ALIGN_512BYTES,IMAGE_SCN_ALIGN_64BYTES,IMAGE_SCN_ALIGN_8192BYTES,IMAGE_SCN_ALIGN_MASK,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0.114463
.tls 0x0000A000 0x00000020 0x00000200 IMAGE_SCN_ALIGN_1024BYTES,IMAGE_SCN_ALIGN_16BYTES,IMAGE_SCN_ALIGN_1BYTES,IMAGE_SCN_ALIGN_256BYTES,IMAGE_SCN_ALIGN_2BYTES,IMAGE_SCN_ALIGN_32BYTES,IMAGE_SCN_ALIGN_4096BYTES,IMAGE_SCN_ALIGN_4BYTES,IMAGE_SCN_ALIGN_512BYTES,IMAGE_SCN_ALIGN_64BYTES,IMAGE_SCN_ALIGN_8192BYTES,IMAGE_SCN_ALIGN_MASK,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0.22482
/14 0x0000B000 0x00000038 0x00000200 IMAGE_SCN_ALIGN_16BYTES,IMAGE_SCN_ALIGN_2048BYTES,IMAGE_SCN_ALIGN_32BYTES,IMAGE_SCN_ALIGN_4096BYTES,IMAGE_SCN_ALIGN_64BYTES,IMAGE_SCN_ALIGN_8192BYTES,IMAGE_SCN_ALIGN_8BYTES,IMAGE_SCN_ALIGN_MASK,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 0.216207
/29 0x0000C000 0x00001CFF 0x00001E00 IMAGE_SCN_ALIGN_1024BYTES,IMAGE_SCN_ALIGN_16BYTES,IMAGE_SCN_ALIGN_1BYTES,IMAGE_SCN_ALIGN_256BYTES,IMAGE_SCN_ALIGN_4096BYTES,IMAGE_SCN_ALIGN_4BYTES,IMAGE_SCN_ALIGN_64BYTES,IMAGE_SCN_ALIGN_MASK,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 5.76684
/41 0x0000E000 0x0000012F 0x00000200 IMAGE_SCN_ALIGN_1024BYTES,IMAGE_SCN_ALIGN_16BYTES,IMAGE_SCN_ALIGN_1BYTES,IMAGE_SCN_ALIGN_256BYTES,IMAGE_SCN_ALIGN_4096BYTES,IMAGE_SCN_ALIGN_4BYTES,IMAGE_SCN_ALIGN_64BYTES,IMAGE_SCN_ALIGN_MASK,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 3.04408
/55 0x0000F000 0x000001C8 0x00000200 IMAGE_SCN_ALIGN_1024BYTES,IMAGE_SCN_ALIGN_16BYTES,IMAGE_SCN_ALIGN_1BYTES,IMAGE_SCN_ALIGN_256BYTES,IMAGE_SCN_ALIGN_4096BYTES,IMAGE_SCN_ALIGN_4BYTES,IMAGE_SCN_ALIGN_64BYTES,IMAGE_SCN_ALIGN_MASK,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 4.31736
/67 0x00010000 0x00000038 0x00000200 IMAGE_SCN_ALIGN_1024BYTES,IMAGE_SCN_ALIGN_16BYTES,IMAGE_SCN_ALIGN_1BYTES,IMAGE_SCN_ALIGN_256BYTES,IMAGE_SCN_ALIGN_2BYTES,IMAGE_SCN_ALIGN_32BYTES,IMAGE_SCN_ALIGN_4096BYTES,IMAGE_SCN_ALIGN_4BYTES,IMAGE_SCN_ALIGN_512BYTES,IMAGE_SCN_ALIGN_64BYTES,IMAGE_SCN_ALIGN_8192BYTES,IMAGE_SCN_ALIGN_MASK,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 0.674577
Resources

No resources.

Imports
    KERNEL32.dll

    msvcrt.dll

Exports

    No exports.

Screenshots

Processes

Total processes
53
Monitored processes
17
Malicious processes
3
Suspicious processes
0

Behavior graph

+
start drop and start drop and start mbr.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs roguekiller_portable32.exe no specs chrome.exe no specs roguekiller_portable32.exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3616
CMD
"C:\Users\admin\Desktop\MBR.exe"
Path
C:\Users\admin\Desktop\MBR.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\mbr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll

PID
2424
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\users\admin\downloads\roguekiller_portable32.exe
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
592
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6fdd00b0,0x6fdd00c0,0x6fdd00cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2384
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2420 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
3564
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=956,8498394460029850103,4324173934656859807,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=535E719327EDE8B9726F86BCB942CFF0 --mojo-platform-channel-handle=1004 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2348
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=956,8498394460029850103,4324173934656859807,131072 --enable-features=PasswordImport --service-pipe-token=3CC8A95FA316EAAD2E179E193C5111A5 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3CC8A95FA316EAAD2E179E193C5111A5 --renderer-client-id=5 --mojo-platform-channel-handle=1924 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2788
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=956,8498394460029850103,4324173934656859807,131072 --enable-features=PasswordImport --service-pipe-token=40920006F4DC9D65BDA763AA73A2D7E1 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=40920006F4DC9D65BDA763AA73A2D7E1 --renderer-client-id=3 --mojo-platform-channel-handle=2100 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3604
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=956,8498394460029850103,4324173934656859807,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=EDAD682DE77185246678797F566D59A4 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=EDAD682DE77185246678797F566D59A4 --renderer-client-id=6 --mojo-platform-channel-handle=3436 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3660
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=956,8498394460029850103,4324173934656859807,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=AC3EA50E9A0D63B0D03706352FED86F1 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=AC3EA50E9A0D63B0D03706352FED86F1 --renderer-client-id=7 --mojo-platform-channel-handle=3576 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3440
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=956,8498394460029850103,4324173934656859807,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=CA949E2DF0EDC194EEFE4E952D5ECD2E --mojo-platform-channel-handle=3804 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3908
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=956,8498394460029850103,4324173934656859807,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=F62C8E88FCE112C33378B5A60D003505 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=F62C8E88FCE112C33378B5A60D003505 --renderer-client-id=9 --mojo-platform-channel-handle=3476 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2324
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=956,8498394460029850103,4324173934656859807,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=51EF7A4925643C3DE12FA066DB63BB2A --mojo-platform-channel-handle=3936 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3900
CMD
"C:\Users\admin\Downloads\RogueKiller_portable32.exe"
Path
C:\Users\admin\Downloads\RogueKiller_portable32.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\roguekiller_portable32.exe
c:\systemroot\system32\ntdll.dll

PID
2772
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=956,8498394460029850103,4324173934656859807,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=F6D9DBA3EFF597B733F0BF8E6D8807D5 --mojo-platform-channel-handle=2768 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
3748
CMD
"C:\Users\admin\Downloads\RogueKiller_portable32.exe"
Path
C:\Users\admin\Downloads\RogueKiller_portable32.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\roguekiller_portable32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\sspicli.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mstask.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\imageres.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\windanr.exe
c:\windows\system32\ncrypt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\xmllite.dll

PID
3428
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "https://adlice.com/thanks-downloading-roguekiller/?utm_campaign=roguekiller&utm_source=soft&utm_medium=btn"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
RogueKiller_portable32.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll

PID
1760
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3428 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

Registry activity

Total events
1316
Read events
1175
Write events
140
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2424
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2424
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2424
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2424
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2424
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2424
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13197061007617875
2424
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307030004000E00120011000700BE0100000000
2424
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
2384
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2424-13197061006539750
259
2384
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2424-13197061006539750
0
2772
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
EnableFileTracing
0
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
EnableConsoleTracing
0
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
FileTracingMask
4294901760
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
ConsoleTracingMask
4294901760
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
MaxFileSize
1048576
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
FileDirectory
%windir%\tracing
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
EnableFileTracing
0
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
EnableConsoleTracing
0
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
FileTracingMask
4294901760
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
ConsoleTracingMask
4294901760
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
MaxFileSize
1048576
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
FileDirectory
%windir%\tracing
3748
RogueKiller_portable32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3748
RogueKiller_portable32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\RogueKiller_portable32.exe
DumpFolder
C:\ProgramData\RogueKiller\Debug
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\RogueKiller_portable32.exe
DumpCount
10
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\RogueKiller_portable32.exe
DumpType
2
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\RogueKiller_portable32.exe
CustomDumpFlags
0
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight
Type
1
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight
ImagePath
\??\C:\Windows\System32\drivers\truesight.sys
3748
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight
Start
3
3748
RogueKiller_portable32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{711F2409-4685-11E9-BEEC-5254004A04AF}
0
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307030004000E001200110024003303
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307030004000E001200110024003303
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3428
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307030004000E00120011002400C403
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
12
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307030004000E00120011002400D403
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
37
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307030004000E001200110025004900
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
24
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006C000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1760
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
4
Suspicious files
96
Text files
79
Unknown types
11

Dropped files

PID
Process
Filename
Type
3748
RogueKiller_portable32.exe
C:\Windows\system32\drivers\truesight.sys
executable
MD5: 0c997b061e3c66bd9e927c1288eb1cc7
SHA256: 3807e9a1bc159b9e8fc0c7caad10d7213ff8ed8ad1cea9ea552b093c81bf624b
2424
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 599570.crdownload
executable
MD5: c8190db9ce2a521735eed3097acaffae
SHA256: bd7aaa40a64fce8968a6033028bbe205cc33613f152238d84782799af21107bc
2424
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 599570.crdownload
executable
MD5: f0bbdd867b6676dce05932327fa04b9f
SHA256: 57fba4fe43c2746cbc461a4d576c84730d4e913d8b011d1fea4e2ff14fa38611
2424
chrome.exe
C:\Users\admin\Downloads\RogueKiller_portable32.exe
executable
MD5: c8190db9ce2a521735eed3097acaffae
SHA256: bd7aaa40a64fce8968a6033028bbe205cc33613f152238d84782799af21107bc
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 5bea931b0de8566419d33d30d84d5a3e
SHA256: b69e082f6e8036edee65e0e4e6fe8b99e16a53a6e9b56f4481069d4a77815690
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\wmi
binary
MD5: 5236c0a35a7a6100c380324150f6b256
SHA256: 6996a464499042952c7a93ab4ce5ca7c3505375c70ab55e2857d4bd46e6cf63b
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\__test
binary
MD5: 700cd0219347aced80e8badcfb80e568
SHA256: 5c20ce0541961962ff05292a92a1aea35e92435cdecc6d06b028fd5ef179d789
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\version
text
MD5: d314e6ab425e95f1f7838854a2306308
SHA256: 1a379f4c1ccfe58a974c029c63a9cafd5145fa5ff6f7d9362f48b4d1017dc779
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\webconfig
binary
MD5: b9f47ad58eb158d9ea2b3c578c8ffb47
SHA256: 0e7055306dfdc314dbedaa9777894d55d0e290fad63a83d8a443e44fc4f201bd
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\windows
binary
MD5: 3272abc6b9fe9cacd8753100c0ec5321
SHA256: 9d68dcfadec23a6f128b52b6a0cb5e7b97a0f6ae46ecd65bf6e469e012d3e35b
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\tasks
binary
MD5: 5e75fdab384bb27d96c3c39e22d7b72a
SHA256: 64f20e5f6e145b4a3b939a2f0daec7e5afccb6d03c991362646ed892a549c0ff
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\services
flc
MD5: b8b054aa2b5665a06fc8c509e8da185a
SHA256: 28aae300deacfca3aba57e821f2ec8ea418a785384075e8c3e3739e6eedf6286
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\signatures
binary
MD5: 71b40551681565e30e9918f7efe19902
SHA256: 55ecc360db2a09ad49a512fed6a8f68ed85e87459bc6c84c90bb33b7e77654f1
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\regnames
––
MD5:  ––
SHA256:  ––
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\hosts
binary
MD5: 9f5de055e06af020d362842d9dc1d976
SHA256: 2053dcceaa73ac395c35214ffadda805198e6200de094b08bcbed086d455cf84
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\mbr
binary
MD5: ebc7b0bd75762fd7c129b3e3eab71c5f
SHA256: b84a81ac1c3d57375c517941d67bf17d09643179d8f9da967880508926314a92
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\pdb
binary
MD5: 08e7f87aa4c2d1e828590e921ffac35d
SHA256: e80f1e374356b6289a11dec358f5dcc4d938e7f3f7243e65af22ffe9c768c265
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\ips
binary
MD5: 58a97f285d5882342d4583a9a81948fd
SHA256: 1314c40ff90559b6a58e888625515f8e62901cae0867462844485f4bc774f70f
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\guid
––
MD5:  ––
SHA256:  ––
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\filenames
––
MD5:  ––
SHA256:  ––
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\digisig
binary
MD5: a663bbcd01f1251b83e11d504bfcee41
SHA256: 6ba4d9867e3ca05937de8cfb5fae72ceaf6e13903a4101d3a27a0bfdb7981700
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\domains
binary
MD5: 35883d6510a53d7357e1f69fa1b6f186
SHA256: 0a5b8758a06a578ce09f63b3b61f954f3f93110b9402485adaff0e3cbba04224
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\addons
––
MD5:  ––
SHA256:  ––
3748
RogueKiller_portable32.exe
C:\Users\admin\AppData\Local\Temp\as_3AB0.tmp.zip
compressed
MD5: a68bd5162f47618cdd822463279d57f1
SHA256: c0df79e156e9811464104f349f245d50a01daaac2009554c2829c70eb250505e
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 5e973d89a1890077706b2eec4bd8dca2
SHA256: 251c8e51d2608b971fd24e55969e24016dc130c28cda001545549d8933b0caf3
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: d75b01d2643eba66bab096b97a3f2a72
SHA256: 6d43e4dab625a5b2c7233894f224c7f8e5c2bffba9492865e80cf237610697d8
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 230a3463e091ec4e83ecf54e20c5132b
SHA256: ae3fa583f9058923e42fb9e63c1a50e0288fd4e78a1e3e6d2580a7875729ce15
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 505b67848498785ae011bc6e59440c50
SHA256: cf8fc4a44860f1c2278aaefcb5aba9570337d338dba32ad74eae440ddfac2d10
3428
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF79426FB7DFE6CAFB.TMP
––
MD5:  ––
SHA256:  ––
3428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{711F2409-4685-11E9-BEEC-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
1760
iexplore.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: 0c89d04e585b4a655ead3dea7f8fa330
SHA256: 9b59c075529fc43ee27a20dc6903ac9c71d20ac289fd9d3c7cee0837b53db5d7
3428
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFBC5187B52F9BC962.TMP
––
MD5:  ––
SHA256:  ––
3428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{711F240A-4685-11E9-BEEC-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{711F240B-4685-11E9-BEEC-5254004A04AF}.dat
binary
MD5: 2db475566f6c2dbbc9c159aaf7b57665
SHA256: 02ec3326f1b0fdfcf1122cb0dafa919dfe0bb4d5ab1afa89a954cbd43b111021
3428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{711F240C-4685-11E9-BEEC-5254004A04AF}.dat
binary
MD5: 72ed0439b4d6cc650d8ebb7b5a7527d6
SHA256: 19a19e3a2b89f6b242a2eec58a9de59363104e585a11759c70436010dbe3e05a
3428
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF1AB1DADA41F287EC.TMP
––
MD5:  ––
SHA256:  ––
3428
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFBAA151EC267492A4.TMP
––
MD5:  ––
SHA256:  ––
1760
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: b837f3e4f2e98eed57748eac26196413
SHA256: 05dd13453ff51c7f922564db4125b4b6f4d49a10ce51603fca8e6647f0e147cc
3428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[2].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3428
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3428
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 1594c5c4eaf3c2076e2aeaf916cb3343
SHA256: 4d04181e40261d5f9c7c245070cddc3fe2a66d4f4b8a28ec30c21bbd5364ace3
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 150a3b4cf3c9bd4091fd340c56c180b7
SHA256: 9691bad6ab626f9c687afaa3f80b04c6121d010696ebffbe91fe9f4ff05e661e
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: f6088e39997fd4ccc0bfd343c1fb9c19
SHA256: e6b73ec99c64c0dc6888f81693cf70885297d9882ed53f571b17e05b4f108aac
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
binary
MD5: d4b3c0416ec53545e820ad202643fc69
SHA256: b0b4505102cf16bf9e7ee89d3cf31021c43b95d346f23e4c2422155ff184ead0
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: 566f88fabd3c1969798dcd4329f19428
SHA256: f9765fc0cf3cf2aada211e310146997db4f5c11e9d73fc568ec1662bf131a200
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1bdd6c.TMP
text
MD5: db323602e67dba7229d8186ff0d38ef7
SHA256: 4460ae953beda96769487cc57ce7cbdca338d95d63971d18b56caf028ca7f9bf
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 52e82f35cabfd2836dafa09442e5fe6c
SHA256: 2ff24e95b1f202ffa5fabcaf5b9e39e220ae17c5193259c9ce88b83badde8c7d
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF1bdd5c.TMP
text
MD5: 52e82f35cabfd2836dafa09442e5fe6c
SHA256: 2ff24e95b1f202ffa5fabcaf5b9e39e220ae17c5193259c9ce88b83badde8c7d
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: 84c2f4a75e51e84b594b183a320a3d96
SHA256: 62908d22183c984d957a06350c574187b377b1abcd051c06bb4c79b7e9378d2d
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\c7e60bb1-7844-4e57-ac39-beb98de4679d.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\528e877f-e48b-4fb1-8580-b6d0e039cfc3.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: f72cd485f1e7563bb60c14770a6d830e
SHA256: f8488bcfed8857d187ef67bf90b1fd160dc0c626e06052c37710d7e4c2a103c1
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: 4cf854e3b4f07b51541aba25047ce436
SHA256: 8935cd924f3138543b5a671d917b157c016c8a55b40dd615459b7ddce18fe5b2
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1bdd3d.TMP
text
MD5: f72cd485f1e7563bb60c14770a6d830e
SHA256: f8488bcfed8857d187ef67bf90b1fd160dc0c626e06052c37710d7e4c2a103c1
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs
sqlite
MD5: 0799523e0725ad5e831da4306daf7ac0
SHA256: 9c94164d76371289b1ab7bcb029ba47102bc64e30065801beea87917474a2062
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF1bdd3d.TMP
binary
MD5: 5b5d3d5bfcc31b2c195d2a6f652d7400
SHA256: 20f756820e21b19817acdab76a221ab7ccdc6e4727e6274daf730605560b7ad3
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: 100f9b60c4703ec25a2275734027f1e1
SHA256: db5f7e8f3949a911dd039ed2c648ae522f449a999631e32c183092cfc9fe9981
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1bdd2d.TMP
text
MD5: db323602e67dba7229d8186ff0d38ef7
SHA256: 4460ae953beda96769487cc57ce7cbdca338d95d63971d18b56caf028ca7f9bf
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
binary
MD5: 0667a177643005fb4ad5e5af696e1f15
SHA256: 5918bd282d457cc532b9e8bcdaac80aa028483b31b4248d863e14e7331d0cd04
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: 4cf9e3be8bf7be7a0d9b8febdd29beee
SHA256: efdc25be6c94d844fbf49d6859331e73d705b8a16e8bca38fd8bc5d0ec1cbf84
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\67dcce82-cd65-45de-8453-42a5d530f1cd.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: 169adf8979d941d25dcd22452f24f7eb
SHA256: 976ebca1a0a2c239fd44d494171d449305afef5e0d40e42b385b653d0ddc7264
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: 6a827b52e0b9efd1dc7b76d947b04f53
SHA256: ca3904ca4bfc255165635c4679f1783096dfbb590df5f6dc931cd5398c946099
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: 5b5d3d5bfcc31b2c195d2a6f652d7400
SHA256: 20f756820e21b19817acdab76a221ab7ccdc6e4727e6274daf730605560b7ad3
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
sqlite
MD5: 4067e5a563b38ea40ebf0d5656acaac2
SHA256: 1a301470c7c418b46a7fec09ba7eea7f69c0f3b3ce041e7162b958f873f2055b
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: db323602e67dba7229d8186ff0d38ef7
SHA256: 4460ae953beda96769487cc57ce7cbdca338d95d63971d18b56caf028ca7f9bf
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
text
MD5: b3c91c20bdf0f6fc7758ed4b040aca86
SHA256: 73bfb7f53dac4468d47fc175009ef94e0632bacfb3c23960917a657669ed1f89
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
binary
MD5: c1359f30f5a4d7c2b6b80c5528ce7345
SHA256: 681af624ba0f76e1b211f23cea8b3cc01a2af7ad8597afa7de419df91dc60ae2
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: bcb10efd0e68ff367a507ddf0036cb3b
SHA256: 9cec186c885c0e4c90b5cf7e32808d33599d16bb64a98b4b68ef628289429416
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
binary
MD5: 2a6fa0598e724c33a5da98a3aa244e27
SHA256: 213be0bf9fb76a91d42321c3d1d57b8cf9f90d256e66bca7d0314c3d1ac21f1e
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: 637340357c6014da40b5218276872cf1
SHA256: ecb430755c709844368c822276d128e4ffd5b93488c80885a5f2ffc98f904fd0
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\73116c1d-78fd-4439-8a98-f3f6d9d036d5.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 9409bab446b7204c6235dfddd6066e89
SHA256: 68c1cb50ec24ac5a1dbdc7d9c845e94a1e9d60f312cf92a694f0791cd7ea105e
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
sqlite
MD5: 83607ee2c10da9bf7fbc7a6330a7f468
SHA256: ee56118aeaf63d7ca80472afc3831db30328142369c56e251a58e0a6f995bc20
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
sqlite
MD5: 7bb072f4f969445b30d91fc8cd4183c3
SHA256: dd8f4e5af2a9d1238d127fa1839eeea2ab742251efc5c207c572e04f31cac6b3
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: 9b90047bf56da429ad507f7058bbef21
SHA256: 01f9b30ebd89229940bc16e0f27160adc929d0273f1640ff011d7a42d73e0cb6
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
text
MD5: b780af6cdc2f5440a7da23da52289516
SHA256: 16c83768850594f432f52a34dbad0256f6101901b8d16b507442a1f4239969cc
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: 3b7c75ae45e1e05e6fd0f7d427c9dbcb
SHA256: 86a07dd2fec990c95259333e88eefe7d9520d6135b3a6fe0df432acdf9448a9a
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: decef01e35baec68745be47ec20da25a
SHA256: 07854520754ffdeff6d49fa862da5dc8461fa7827cc1a8ba427ace6fd2bc1d75
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG
text
MD5: eaf8542a52183df9408956b2292f2203
SHA256: 9ea417c58e3a6dfec45fad6671d165228c22f298e26ed83daaef357d457d2caa
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
sqlite
MD5: 2b5cae7b83ddd721ea6421c187c9487a
SHA256: 61b616f57a8f5a8104542a798ec1c5530004f610c5efb943666d153489a7187f
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: a5ca3db6ad2ccc34599ea2d4f3c05712
SHA256: cb73b4f48b0c5999177ace58eaf895f2350ffd8a10d65fa10e16de30a7231032
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
binary
MD5: 7a20b91d5368d37ad6606ea5347a3d9a
SHA256: 0f7aa95b5ad8e91f73125cbc04af931dc442a1817c0ae3e7eefcf620932ff71d
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: 3ca4bab05e1777e73030f2370f3d2246
SHA256: 1d7990b2f4980bfd747e14884e7beff7c0d0849735c1aee5e993b500c0de9e6c
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 54ad1e10b6b57bc9b9eed994e581dd5f
SHA256: 24d2a7516de320c3e91b1513cad94ce5ce2b964bbb8a3d1f66e8083b3205b19c
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: 46ba36c46794ab5773f86cd6ffc209de
SHA256: a1f7b261a0d3e1d5d8b7750bffce9806a765420237dee3389dffda74b36ebb30
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: cfe4c049d9667b68fc7e74800eed5644
SHA256: 33a9ba400126f9d42b34519231513419191feea055630563c459d58684953a24
592
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF1bd80d.TMP
binary
MD5: 5bea931b0de8566419d33d30d84d5a3e
SHA256: b69e082f6e8036edee65e0e4e6fe8b99e16a53a6e9b56f4481069d4a77815690
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\41eb5a52-49e0-48f5-bf1a-b87d8b3ad2d7.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: e3274364a07fd53efc30f38dcf7f646a
SHA256: f574294f1c1730275033d9d7d407d12be91872a072a5a2bcccbbc18bf539e199
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1bc4b4.TMP
text
MD5: e3274364a07fd53efc30f38dcf7f646a
SHA256: f574294f1c1730275033d9d7d407d12be91872a072a5a2bcccbbc18bf539e199
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\44a28410-0114-46b5-9d9d-10f4270e0801.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: dca9b7f3f577cb5b3ae96143bd5160d1
SHA256: 932cbc67f20ca8ec546de5aee1331f0c7b1aa5ce462ab8d513a5399c2e5b41d9
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF1b9ae5.TMP
binary
MD5: dca9b7f3f577cb5b3ae96143bd5160d1
SHA256: 932cbc67f20ca8ec546de5aee1331f0c7b1aa5ce462ab8d513a5399c2e5b41d9
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1b8d87.TMP
text
MD5: 9db527e21fa224160ad6c691a56fb1f7
SHA256: b15e78ce4a0cf1253c2cf83c2546e5b305c9a9ebf16f9db66dc54b61d165f084
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\b20fce57-5ef0-4702-b883-8e79c6b47fb7.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF1b75a9.TMP
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 0d2903299c342bf37116581577c767f4
SHA256: b4877949dabb14fa36e7b7e11141ea1ba71403c8704f2a2b3c966795c99feb26
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\02613859-eb74-4c13-b6a0-2d2fe9cce634.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\91af1b2f-c513-4b86-9d06-dbf928e818e3.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\Downloads\RogueKiller_portable32.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 91502f48d4933cce17de6ad67f888143
SHA256: cddc1b115b6cbc05a3a580c3b4d93d4c1073f3eb988adc65d28acd996760c1fe
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\logs\AdliceReport_SCN_03142019_181817.json
text
MD5: 7d494912ff9061b66a7235f8fcd1caf3
SHA256: 10bd8b59ceceb464d496514bfc0b9227cede66b326860e95c5407c058af78eff
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\0e1abf5a-7653-4cee-986b-1238523140e4\index-dir\the-real-index
binary
MD5: e66f61fac6e0b320c7cefb0546fd8dee
SHA256: 0cdd642564a5444547b5aae9f944ff09e64506d01c34243d7a7988d713854c18
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\0e1abf5a-7653-4cee-986b-1238523140e4\index-dir\the-real-index~RF1b6c72.TMP
binary
MD5: e66f61fac6e0b320c7cefb0546fd8dee
SHA256: 0cdd642564a5444547b5aae9f944ff09e64506d01c34243d7a7988d713854c18
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\0e1abf5a-7653-4cee-986b-1238523140e4\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF1b6166.TMP
binary
MD5: 4dfb10dce4dbe46c81f3bace179297fc
SHA256: 4da8dcc7117ff90b76a7df0bf37927e150e7769d95de11598b78ef3cadf2a584
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 38fa6e28b07b0e44b9243d51fd126cac
SHA256: 9b57fb76f037684183630bbf35b633feae1c35c7e8b7623cf3de09df060c91bf
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF1b4f93.TMP
text
MD5: 38fa6e28b07b0e44b9243d51fd126cac
SHA256: 9b57fb76f037684183630bbf35b633feae1c35c7e8b7623cf3de09df060c91bf
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\64584c6a-cc26-4af8-8fe9-a1f5d9bf962f.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 789a200c4100f78c29fc81b29a0eb92c
SHA256: b59c5e6afcdbdabee357a685e691342fdcfbcf242163afff767ae5f43647d5d7
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1b4f26.TMP
text
MD5: 789a200c4100f78c29fc81b29a0eb92c
SHA256: b59c5e6afcdbdabee357a685e691342fdcfbcf242163afff767ae5f43647d5d7
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\83b16d4f-dc61-43f0-9aea-36ca37ac050c.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 9db527e21fa224160ad6c691a56fb1f7
SHA256: b15e78ce4a0cf1253c2cf83c2546e5b305c9a9ebf16f9db66dc54b61d165f084
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1b4e99.TMP
text
MD5: 9db527e21fa224160ad6c691a56fb1f7
SHA256: b15e78ce4a0cf1253c2cf83c2546e5b305c9a9ebf16f9db66dc54b61d165f084
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\3f822562-52ee-4879-8220-a74350390b7b.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF1b4dfd.TMP
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF1b4ded.TMP
binary
MD5: 4dfb10dce4dbe46c81f3bace179297fc
SHA256: 4da8dcc7117ff90b76a7df0bf37927e150e7769d95de11598b78ef3cadf2a584
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: 4dfb10dce4dbe46c81f3bace179297fc
SHA256: 4da8dcc7117ff90b76a7df0bf37927e150e7769d95de11598b78ef3cadf2a584
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF1b4ded.TMP
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\0e1abf5a-7653-4cee-986b-1238523140e4\65f25b9a843df642_1
binary
MD5: 36a0ef4db737591eb1d9b5ee3886d4c5
SHA256: 88f808544121a3746269dc4e38849ce6d9f3379300c4cd30a997ef3523dde6f7
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\0e1abf5a-7653-4cee-986b-1238523140e4\65f25b9a843df642_0
binary
MD5: 9b75215909db84063059f5d8948e80b3
SHA256: e0d6c4a942e7c1b9ffa472f2650316fc221735ca529fd1c79618589d81bed21b
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\0e1abf5a-7653-4cee-986b-1238523140e4\4db55b0a5eaa7ca5_0
binary
MD5: bf024267602e156c0089a03eeac767f9
SHA256: bfcde88e4b6b295ff1f9df35713c6eda3edf3080492b5f4edb8b0d1a89be2829
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
binary
MD5: 46ace48284425c18953b9e8478de3c84
SHA256: 7b805c4d5e093461e2b9f6c09a5cc20cae7ef93c37b7ae89bdd17cf1e2a58742
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\0e1abf5a-7653-4cee-986b-1238523140e4\index-dir\the-real-index
binary
MD5: 3f6c3c211286067b755d01c6ccc0fcfd
SHA256: 60c1385f0f16475787a22626b5e56b0ee4cf3ed8d85dfeaa2ed9fdec76fde9a6
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF1b4cc5.TMP
binary
MD5: 4dfb10dce4dbe46c81f3bace179297fc
SHA256: 4da8dcc7117ff90b76a7df0bf37927e150e7769d95de11598b78ef3cadf2a584
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\0e1abf5a-7653-4cee-986b-1238523140e4\index
text
MD5: 4f67aba5cb5b04976834ad6da18d2017
SHA256: 4476d281b3d119577eb8f19fd90e042e5a456cba30d0bb16d05654acc91aec5b
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1
binary
MD5: 6efa559980ce486ace72bda988747617
SHA256: 6760a216bb9d0cdfe500870f1d74651c48a9983ca669c8786e44f94dc812d52c
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0
binary
MD5: cf027a234daffc074afb11abc012f354
SHA256: 09f2fa3ee64cf782e51d7fa9f9e5e6b6022bfc0baf7fc87dbdd45412dd6608f3
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: 69905120ae1fd36398d3a8df83146f4b
SHA256: 789275d3cc49794d42e1ac2ae086536bca5fbd5e8095323de3e9c2c5fc948f27
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF1b4b4e.TMP
binary
MD5: 69905120ae1fd36398d3a8df83146f4b
SHA256: 789275d3cc49794d42e1ac2ae086536bca5fbd5e8095323de3e9c2c5fc948f27
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log
binary
MD5: 991641dbcc63a7eacba784846f16492f
SHA256: d402a1e89776f26565012ebd063638b57e09e58efc77105415906eebafc0fdd0
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG
text
MD5: 12184cd910ab137af78270ec38700c76
SHA256: aa2931806e0c2ec15d78988cb6b956aa1044acb4ebae7f5d9084f126ea539bc1
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
compressed
MD5: c56ae712affba11eaf7d2c39157578f0
SHA256: d0a3d50c65fc89bcac840567856ec2c8bc424b0b2ecf9314b369f1d38b9ae507
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
binary
MD5: 68b9ace172f1889d036053a7bfdd590c
SHA256: 7e9eabc7601d0e89f647ca523aed6f06375826310344e13bceb34d7e64820f98
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
compressed
MD5: add5bb80416c26f7c28719e958358b3f
SHA256: a306c0648ad5677440b32ea320034994f934eb02df8bdd75c27f6bf785fefc20
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
compressed
MD5: 5ec2373f987c5cfe9c87589a09ca0e2e
SHA256: 1fd38675f82701824ea35f327e1d127b92100ce6bf942bf6c98a67528c165321
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
image
MD5: 0515236318ac3251ff39eb8372a0c129
SHA256: 228cb9c602929e1a2fb17408fe812af3599ab9f734d0b7c499ab79e15c5b8dd4
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
binary
MD5: 2a90492c8057e6afaf982da7b8a4bef1
SHA256: 70a18910f5ce2bacf93d1e5f353348f4397e437d56a3fd6dab1f193ba23d4291
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\a8128f21ac7e324c_0
binary
MD5: 59f0826f183f749ebd0ca2bd7821e829
SHA256: c6b32e8abec8118db48170eba9be6dad3cc6527e36a8f02a591010391d3e53dd
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\40bba07c05914591_0
binary
MD5: 3d9ccdd1bfba997418c1b1247722db50
SHA256: 92d09150d68fdfb1292e9a16f93e1f79ef4f0f322d410c133f3ca2acc133269a
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG.old
text
MD5: 65e3a899ee20811d157b572ffa34a607
SHA256: fdbc070214092df54b10dc06b2a40f0cc30ad00d410ba67de9f98a3d53f08a75
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF1b3749.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\65f25b9a843df642_0
binary
MD5: c08c3c44b80de736ee082eaf60dec0b6
SHA256: 8641abeca306c81479f3cbd87f5fd4fc2dcf5f5eb29f37fcda8768168f5a6341
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: 737096a391cc2cfbe167a01ba07c9ba2
SHA256: d7741f6d6c163689294530c2f3c9635ce5d26e18b715d14ec2dbe7fcd781db31
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 0f47d4a3e2fbf1d48c7423c5e90a8155
SHA256: 5fd91a615ef9fe806eaac0e71a74cde19a62d94b03008618f111f68cf54e3027
2424
chrome.exe
C:\Users\admin\Downloads\211937d3-32fb-4329-8dc0-5a6375ba90dd.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
binary
MD5: 18f258be2e6cce0699f36435854d4fc1
SHA256: 426603c8d5305238a00c386bb7d29423abdd8b30ede1b2227ccfbaa8756735f5
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF1b3600.TMP
binary
MD5: 18f258be2e6cce0699f36435854d4fc1
SHA256: 426603c8d5305238a00c386bb7d29423abdd8b30ede1b2227ccfbaa8756735f5
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\706cc8d3-72df-455c-b6f7-fe09b874c2da.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF1b3082.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF1b2cd9.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\50da1ec5d44a313d_0
binary
MD5: 238ec88ef4f7e30207ad2522093141e8
SHA256: 8c68cc2f2c921f6313c1c0c9ba01028285bbec8841e46293680c24b897526d5f
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\3a41e250d088c297_0
binary
MD5: 0615a2a3b2d31b9efdc7c5062a9e4a18
SHA256: 36530f5a11686d295e117a9c4cf4e09666f7ca5b94d123f0484052fff6b6bacc
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: f41ef913f11fff7534735a964029f0ca
SHA256: 0bab6b71fa55c63dca146a968bcfb471b3dbe407b2b50e0b0729914c2cd9f40d
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF1b2c7b.TMP
binary
MD5: f41ef913f11fff7534735a964029f0ca
SHA256: 0bab6b71fa55c63dca146a968bcfb471b3dbe407b2b50e0b0729914c2cd9f40d
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e5f54c62-3c0d-44a3-83b9-9e1eae79753d.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF1b2c6b.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF1b2c0e.TMP
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
binary
MD5: 2b79e3e399e322e007058d2da0acfab1
SHA256: 34de42d4874034cec8d90167038decc8c2099163bde16f2f8dc6009426a23625
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF1b2910.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF1b28d1.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF1b28b2.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\71543e91-e8a6-4ff3-a8c1-90e8fd4a66be.tmp
––
MD5:  ––
SHA256:  ––
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF1b2874.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF1b2874.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF1b2874.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF1b2864.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2424
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
3748
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\logs\AdliceReport_SCN_03142019_181902.json
text
MD5: b0ea909c738c99484176a9b46a8f0b4a
SHA256: c8f100e63fa60ff91ad80c93f6e82db46db9f9749cefa117edf5a1e82c234270

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
40
DNS requests
21
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3428 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2424 chrome.exe 74.125.133.94:443 Google Inc. US whitelisted
2424 chrome.exe 216.58.207.35:443 Google Inc. US whitelisted
2424 chrome.exe 172.217.23.131:443 Google Inc. US whitelisted
2424 chrome.exe 172.217.23.170:443 Google Inc. US whitelisted
2424 chrome.exe 172.217.18.13:443 Google Inc. US whitelisted
2424 chrome.exe 178.33.106.117:443 OVH SAS FR suspicious
2424 chrome.exe 216.58.207.46:443 Google Inc. US whitelisted
2424 chrome.exe 216.58.210.4:443 Google Inc. US whitelisted
2424 chrome.exe 172.217.16.131:443 Google Inc. US whitelisted
2424 chrome.exe 216.58.205.234:443 Google Inc. US whitelisted
2424 chrome.exe 172.217.21.195:443 Google Inc. US whitelisted
2424 chrome.exe 216.58.210.14:443 Google Inc. US whitelisted
3748 RogueKiller_portable32.exe 178.33.106.117:443 OVH SAS FR suspicious
1760 iexplore.exe 104.27.165.26:443 Cloudflare Inc US shared
3428 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3748 RogueKiller_portable32.exe 74.125.34.46:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.gstatic.com 74.125.133.94
whitelisted
clientservices.googleapis.com 172.217.23.131
whitelisted
www.google.de 216.58.207.35
whitelisted
safebrowsing.googleapis.com 172.217.23.170
whitelisted
accounts.google.com 172.217.18.13
shared
download.adlice.com 178.33.106.117
whitelisted
ssl.gstatic.com 216.58.207.35
whitelisted
apis.google.com 216.58.207.46
whitelisted
www.google.com 216.58.210.4
whitelisted
www.google.lv 172.217.16.131
whitelisted
fonts.googleapis.com 216.58.205.234
whitelisted
fonts.gstatic.com 172.217.21.195
whitelisted
sb-ssl.google.com 216.58.210.14
whitelisted
adflux.adlice.com 178.33.106.117
malicious
adlice.com 104.27.165.26
104.27.164.26
suspicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.adlice.com 104.27.165.26
104.27.164.26
whitelisted
sigs.adlice.com 178.33.106.117
malicious
www.virustotal.com 74.125.34.46
whitelisted
stats.adlice.com 178.33.106.117
whitelisted

Threats

No threats detected.

Debug output strings

Process Message
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile