General Info

File name

UMF.Installer_v0.53.5.zip

Full analysis
https://app.any.run/tasks/c1d12b27-72bf-4a02-9163-2c203e79cef0
Verdict
Malicious activity
Analysis date
14/01/2022, 19:54:37
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

38f4392d0b6ac2017a456185543e4991

SHA1

1b017fb608ffa750ed99db2687adea0ff9f240b0

SHA256

30a8f1aec09f2cc225ec52c6cbab9c6b541291525104db9503450540789a1ef4

SSDEEP

196608:urNFc+geu7W2k1hA0EjU4eUGyVBhMuiTgX5E/25dJd72D96/uf:Z3euSEjU4eUG4liME/Mrd72pauf

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • UMF.Installer.exe (PID: 2944)
  • UMF.Installer.exe (PID: 2268)
  • UMF.Installer.exe (PID: 3568)
  • UMF.Installer.exe (PID: 2800)
  • UMF.Installer.exe (PID: 1972)
  • UMF.Installer.exe (PID: 3612)
  • PCOptimizerProInstaller.exe (PID: 1348)
  • PCOptimizerProInstaller.exe (PID: 2336)
  • PCOptimizerProSetup_STD.exe (PID: 3800)
  • StartApps.exe (PID: 3540)
  • PCOptimizerPro.exe (PID: 1944)
  • PCOptimizerPro.exe (PID: 3836)
  • PCOptimizerPro.exe (PID: 3752)
Loads dropped or rewritten executable
  • PCOptimizerProInstaller.exe (PID: 2336)
  • PCOptimizerProSetup_STD.exe (PID: 3800)
  • regsvr32.exe (PID: 3804)
Registers / Runs the DLL via REGSVR32.EXE
  • PCOptimizerProSetup_STD.exe (PID: 3800)
Changes settings of System certificates
  • PCOptimizerProSetup_STD.exe (PID: 3800)
Loads the Task Scheduler DLL interface
  • PCOptimizerPro.exe (PID: 1944)
  • PCOptimizerPro.exe (PID: 3752)
Reads the computer name
  • WinRAR.exe (PID: 2396)
  • UMF.Installer.exe (PID: 1972)
  • UMF.Installer.exe (PID: 3612)
  • UMF.Installer.exe (PID: 2268)
  • PCOptimizerProInstaller.exe (PID: 2336)
  • PCOptimizerProSetup_STD.exe (PID: 3800)
  • StartApps.exe (PID: 3540)
  • PCOptimizerPro.exe (PID: 1944)
  • PCOptimizerPro.exe (PID: 3752)
Checks supported languages
  • UMF.Installer.exe (PID: 1972)
  • UMF.Installer.exe (PID: 2268)
  • UMF.Installer.exe (PID: 3612)
  • WinRAR.exe (PID: 2396)
  • MSASCui.exe (PID: 1968)
  • PCOptimizerProInstaller.exe (PID: 2336)
  • PCOptimizerProSetup_STD.exe (PID: 3800)
  • StartApps.exe (PID: 3540)
  • PCOptimizerPro.exe (PID: 1944)
  • PCOptimizerPro.exe (PID: 3752)
Drops a file with a compile date too recent
  • WinRAR.exe (PID: 2396)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 2396)
  • chrome.exe (PID: 3840)
  • chrome.exe (PID: 3648)
  • PCOptimizerProSetup_STD.exe (PID: 3800)
  • PCOptimizerProInstaller.exe (PID: 2336)
  • PCOptimizerPro.exe (PID: 3752)
Modifies files in Chrome extension folder
  • chrome.exe (PID: 3840)
Drops a file with too old compile date
  • chrome.exe (PID: 3840)
  • chrome.exe (PID: 3648)
  • PCOptimizerProInstaller.exe (PID: 2336)
  • PCOptimizerProSetup_STD.exe (PID: 3800)
Drops a file that was compiled in debug mode
  • PCOptimizerProSetup_STD.exe (PID: 3800)
  • PCOptimizerPro.exe (PID: 3752)
Creates files in the user directory
  • PCOptimizerProSetup_STD.exe (PID: 3800)
Creates a software uninstall entry
  • PCOptimizerProSetup_STD.exe (PID: 3800)
Creates a directory in Program Files
  • PCOptimizerProSetup_STD.exe (PID: 3800)
Creates files in the program directory
  • PCOptimizerProSetup_STD.exe (PID: 3800)
  • PCOptimizerPro.exe (PID: 1944)
  • PCOptimizerPro.exe (PID: 3752)
Reads CPU info
  • PCOptimizerPro.exe (PID: 1944)
  • PCOptimizerPro.exe (PID: 3752)
Creates/Modifies COM task schedule object
  • regsvr32.exe (PID: 3804)
Adds / modifies Windows certificates
  • PCOptimizerProSetup_STD.exe (PID: 3800)
Searches for installed software
  • PCOptimizerPro.exe (PID: 1944)
  • PCOptimizerPro.exe (PID: 3752)
Creates files in the Windows directory
  • PCOptimizerPro.exe (PID: 3752)
Manual execution by user
  • UMF.Installer.exe (PID: 1972)
  • UMF.Installer.exe (PID: 2800)
  • MSASCui.exe (PID: 1968)
  • explorer.exe (PID: 2236)
  • chrome.exe (PID: 3840)
  • PCOptimizerProInstaller.exe (PID: 1348)
  • PCOptimizerProInstaller.exe (PID: 2336)
  • PCOptimizerPro.exe (PID: 3752)
  • PCOptimizerPro.exe (PID: 3836)
Checks supported languages
  • chrome.exe (PID: 3648)
  • chrome.exe (PID: 3840)
  • chrome.exe (PID: 2084)
  • explorer.exe (PID: 2236)
  • chrome.exe (PID: 2564)
  • chrome.exe (PID: 1460)
  • chrome.exe (PID: 2288)
  • chrome.exe (PID: 2316)
  • chrome.exe (PID: 2420)
  • chrome.exe (PID: 2108)
  • chrome.exe (PID: 3248)
  • chrome.exe (PID: 3316)
  • chrome.exe (PID: 3676)
  • chrome.exe (PID: 3024)
  • chrome.exe (PID: 3512)
  • chrome.exe (PID: 1292)
  • chrome.exe (PID: 3276)
  • chrome.exe (PID: 3212)
  • chrome.exe (PID: 3172)
  • chrome.exe (PID: 2216)
  • chrome.exe (PID: 3664)
  • chrome.exe (PID: 3284)
  • chrome.exe (PID: 1780)
  • chrome.exe (PID: 460)
  • chrome.exe (PID: 3476)
  • chrome.exe (PID: 2516)
  • chrome.exe (PID: 3368)
  • chrome.exe (PID: 2692)
  • chrome.exe (PID: 576)
  • chrome.exe (PID: 3516)
  • chrome.exe (PID: 2916)
  • chrome.exe (PID: 2108)
  • chrome.exe (PID: 3048)
  • chrome.exe (PID: 2852)
  • chrome.exe (PID: 1656)
  • chrome.exe (PID: 1004)
  • chrome.exe (PID: 2080)
  • chrome.exe (PID: 3044)
  • chrome.exe (PID: 3568)
  • chrome.exe (PID: 2512)
  • chrome.exe (PID: 1668)
  • chrome.exe (PID: 3308)
  • chrome.exe (PID: 3664)
  • chrome.exe (PID: 576)
  • chrome.exe (PID: 3672)
  • chrome.exe (PID: 796)
  • chrome.exe (PID: 3576)
  • chrome.exe (PID: 392)
  • chrome.exe (PID: 3304)
  • chrome.exe (PID: 2792)
  • chrome.exe (PID: 3236)
  • chrome.exe (PID: 2364)
  • chrome.exe (PID: 932)
  • chrome.exe (PID: 1292)
  • regsvr32.exe (PID: 3804)
  • chrome.exe (PID: 2132)
  • chrome.exe (PID: 1656)
  • chrome.exe (PID: 2696)
Reads the computer name
  • chrome.exe (PID: 3840)
  • explorer.exe (PID: 2236)
  • chrome.exe (PID: 2564)
  • chrome.exe (PID: 3648)
  • chrome.exe (PID: 2316)
  • chrome.exe (PID: 2420)
  • chrome.exe (PID: 1656)
  • chrome.exe (PID: 1004)
  • chrome.exe (PID: 1668)
  • chrome.exe (PID: 3576)
  • chrome.exe (PID: 3304)
  • chrome.exe (PID: 3672)
  • chrome.exe (PID: 2364)
Reads the hosts file
  • chrome.exe (PID: 3840)
  • chrome.exe (PID: 3648)
Reads settings of System Certificates
  • chrome.exe (PID: 3840)
  • chrome.exe (PID: 3648)
  • PCOptimizerProSetup_STD.exe (PID: 3800)
  • PCOptimizerPro.exe (PID: 1944)
  • PCOptimizerPro.exe (PID: 3752)
Checks Windows Trust Settings
  • chrome.exe (PID: 3840)
  • PCOptimizerProSetup_STD.exe (PID: 3800)
  • PCOptimizerPro.exe (PID: 1944)
  • PCOptimizerPro.exe (PID: 3752)
Application launched itself
  • chrome.exe (PID: 3840)
Reads the date of Windows installation
  • chrome.exe (PID: 1668)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
null
ZipCompression:
Deflated
ZipModifyDate:
2021:12:26 02:45:16
ZipCRC:
0x7d65cb12
ZipCompressedSize:
9118188
ZipUncompressedSize:
10467840
ZipFileName:
UMF.Installer.exe

Screenshots

Processes

Total processes
137
Monitored processes
73
Malicious processes
10
Suspicious processes
2

Behavior graph

+
drop and start drop and start drop and start drop and start start drop and start drop and start winrar.exe umf.installer.exe no specs umf.installer.exe umf.installer.exe no specs umf.installer.exe umf.installer.exe no specs umf.installer.exe msascui.exe no specs explorer.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs pcoptimizerproinstaller.exe no specs pcoptimizerproinstaller.exe pcoptimizerprosetup_std.exe regsvr32.exe chrome.exe no specs startapps.exe no specs pcoptimizerpro.exe pcoptimizerpro.exe no specs pcoptimizerpro.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2396
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\UMF.Installer_v0.53.5.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.91.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\windows\system32\imageres.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\propsys.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\slc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wpdshext.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\drprov.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\samcli.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\dui70.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cscui.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mpr.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\duser.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\userenv.dll
c:\windows\system32\urlmon.dll
c:\users\admin\appdata\local\temp\rar$exa2396.24771\umf.installer.exe
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\users\admin\appdata\local\temp\rar$exa2396.26296\umf.installer.exe
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll

PID
3568
CMD
"C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.24771\UMF.Installer.exe"
Path
C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.24771\UMF.Installer.exe
Indicators
No indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
umodframework.com
Description
uMod Framework Installer
Version
0.53.5
Modules
Image
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\local\temp\rar$exa2396.24771\umf.installer.exe

PID
2268
CMD
"C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.24771\UMF.Installer.exe"
Path
C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.24771\UMF.Installer.exe
Indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
HIGH
Exit code
3762504530
Version:
Company
umodframework.com
Description
uMod Framework Installer
Version
0.53.5
Modules
Image
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\rar$exa2396.24771\umf.installer.exe
c:\windows\system32\sechost.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\usp10.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\ole32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
c:\windows\system32\oleaut32.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\nsi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\ac38cb30c15eb9e4a54459ee01e9f8e6\system.windows.forms.ni.dll
c:\windows\system32\bcrypt.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\e0fea191b75897ec38735bfc31b89fe0\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\945435ba615b8bd1ff688ebfa43fae39\system.management.ni.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\cryptsp.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\b75ba99f72f116d8951b0f2bba8c276a\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\ce11900fa489575613dc777c7fbb0d7d\system.drawing.ni.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\psapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\windows\system32\wbem\fastprox.dll

PID
2944
CMD
"C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.26296\UMF.Installer.exe"
Path
C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.26296\UMF.Installer.exe
Indicators
No indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
umodframework.com
Description
uMod Framework Installer
Version
0.53.5
Modules
Image
c:\users\admin\appdata\local\temp\rar$exa2396.26296\umf.installer.exe
c:\windows\system32\ntdll.dll

PID
3612
CMD
"C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.26296\UMF.Installer.exe"
Path
C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.26296\UMF.Installer.exe
Indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
HIGH
Exit code
3762504530
Version:
Company
umodframework.com
Description
uMod Framework Installer
Version
0.53.5
Modules
Image
c:\windows\system32\shlwapi.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\advapi32.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\imm32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\rar$exa2396.26296\umf.installer.exe
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\b75ba99f72f116d8951b0f2bba8c276a\system.ni.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\lpk.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\e0fea191b75897ec38735bfc31b89fe0\system.core.ni.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\ce11900fa489575613dc777c7fbb0d7d\system.drawing.ni.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\945435ba615b8bd1ff688ebfa43fae39\system.management.ni.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\ac38cb30c15eb9e4a54459ee01e9f8e6\system.windows.forms.ni.dll
c:\windows\system32\nsi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
c:\windows\system32\ntdsapi.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll

PID
2800
CMD
"C:\Users\admin\Desktop\UMF.Installer.exe"
Path
C:\Users\admin\Desktop\UMF.Installer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
umodframework.com
Description
uMod Framework Installer
Version
0.53.5
Modules
Image
c:\users\admin\desktop\umf.installer.exe
c:\windows\system32\ntdll.dll

PID
1972
CMD
"C:\Users\admin\Desktop\UMF.Installer.exe"
Path
C:\Users\admin\Desktop\UMF.Installer.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
3762504530
Version:
Company
umodframework.com
Description
uMod Framework Installer
Version
0.53.5
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rsaenh.dll
c:\users\admin\desktop\umf.installer.exe
c:\windows\system32\sechost.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
c:\windows\system32\version.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\e0fea191b75897ec38735bfc31b89fe0\system.core.ni.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\ac38cb30c15eb9e4a54459ee01e9f8e6\system.windows.forms.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\945435ba615b8bd1ff688ebfa43fae39\system.management.ni.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\clbcatq.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\b75ba99f72f116d8951b0f2bba8c276a\system.ni.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\ce11900fa489575613dc777c7fbb0d7d\system.drawing.ni.dll

PID
1968
CMD
"C:\Program Files\Windows Defender\MSASCui.exe"
Path
C:\Program Files\Windows Defender\MSASCui.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Defender User Interface
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\advapi32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\user32.dll
c:\program files\windows defender\msmpres.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\userenv.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\lpk.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\program files\windows defender\msascui.exe
c:\windows\system32\clbcatq.dll
c:\windows\system32\kernelbase.dll
c:\program files\windows defender\mpclient.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptbase.dll

PID
2236
CMD
"C:\Windows\explorer.exe"
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\shlwapi.dll
c:\windows\explorer.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\slc.dll
c:\windows\system32\dui70.dll
c:\windows\system32\secur32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\duser.dll
c:\windows\system32\msctf.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\powrprof.dll

PID
3840
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\webio.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\userenv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dbghelp.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winsta.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\netutils.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\iphlpapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\duser.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\dui70.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\imageres.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\cscui.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\mscms.dll
c:\windows\system32\mf.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mfreadwrite.dll
c:\windows\system32\avrt.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\wship6.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\sxs.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\program files\internet explorer\ieproxy.dll

PID
2084
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e50d988,0x6e50d998,0x6e50d9a4
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll

PID
2564
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,15437401599744611575,11702713775961535749,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1052 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\winmm.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\psapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mf.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\evr.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\slc.dll
c:\windows\system32\sspicli.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\avrt.dll
c:\windows\system32\winspool.drv
c:\windows\system32\d3d9.dll
c:\program files\google\chrome\application\86.0.4240.198\libegl.dll
c:\program files\google\chrome\application\86.0.4240.198\libglesv2.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\d3d8thk.dll

PID
3648
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1044,15437401599744611575,11702713775961535749,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1304 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\user32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\webio.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dhcpcsvc6.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\ntmarta.dll

PID
1460
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,15437401599744611575,11702713775961535749,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uiautomationcore.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\webio.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oleacc.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cryptbase.dll

PID
2288
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,15437401599744611575,11702713775961535749,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dwrite.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dhcpcsvc.dll

PID
3248
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,15437401599744611575,11702713775961535749,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2348 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\lpk.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\86.0.4240.198\c