General Info

File name

run.exe

Full analysis
https://app.any.run/tasks/b07c1781-db7c-475f-92e8-2bb0aa5cf743
Verdict
Malicious activity
Analysis date
2/11/2019, 11:01:41
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5

abde5faa32c7e1e3f72d4a8414a90595

SHA1

313fcf073c359bdd87699bd8871f7434fabb3912

SHA256

3796f002f650ae13823881b997fb32695c43f4c0b24a9dba2c2abef488ea90e8

SSDEEP

1536:2ds5hj1XKppZu1qvklwM17MNoTFnxcOiI2U/RE3uJc01DQa+sxbIfCq9bTj8jwje:2dasqy4VwwPsxwutD6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads the Task Scheduler COM API
  • RogueKiller_portable32.exe (PID: 2196)
Loads the Task Scheduler DLL interface
  • RogueKiller_portable32.exe (PID: 2196)
Application was dropped or rewritten from another process
  • RogueKiller_portable32.exe (PID: 2196)
  • RogueKiller_portable32.exe (PID: 3532)
Creates or modifies windows services
  • RogueKiller_portable32.exe (PID: 2196)
Removes files from Windows directory
  • RogueKiller_portable32.exe (PID: 2196)
Creates files in the Windows directory
  • RogueKiller_portable32.exe (PID: 2196)
Executable content was dropped or overwritten
  • RogueKiller_portable32.exe (PID: 2196)
  • chrome.exe (PID: 3404)
Creates files in the driver directory
  • RogueKiller_portable32.exe (PID: 2196)
Low-level read access rights to disk partition
  • RogueKiller_portable32.exe (PID: 2196)
Starts Internet Explorer
  • RogueKiller_portable32.exe (PID: 2196)
Creates files in the program directory
  • RogueKiller_portable32.exe (PID: 2196)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 120)
Reads internet explorer settings
  • iexplore.exe (PID: 120)
Application launched itself
  • iexplore.exe (PID: 3828)
  • chrome.exe (PID: 3404)
Reads Internet Cache Settings
  • iexplore.exe (PID: 120)
  • chrome.exe (PID: 3404)
Reads settings of System Certificates
  • RogueKiller_portable32.exe (PID: 2196)
  • chrome.exe (PID: 3404)
Creates files in the user directory
  • iexplore.exe (PID: 120)
Changes settings of System certificates
  • iexplore.exe (PID: 120)
Changes internet zones settings
  • iexplore.exe (PID: 3828)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Generic CIL Executable (.NET, Mono, etc.) (81%)
.dll
|   Win32 Dynamic Link Library (generic) (7.2%)
.exe
|   Win32 Executable (generic) (4.9%)
.exe
|   Win16/32 Executable Delphi generic (2.2%)
.exe
|   Generic Win/DOS Executable (2.2%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:03:07 14:11:10+01:00
PEType:
PE32
LinkerVersion:
8
CodeSize:
1335296
InitializedDataSize:
8192
UninitializedDataSize:
null
EntryPoint:
0x14746e
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
0.0.0.0
ProductVersionNumber:
0.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
FileDescription:
FileVersion:
0.0.0.0
InternalName:
burun_crypted.exe
LegalCopyright:
OriginalFileName:
burun_crypted.exe
ProductVersion:
0.0.0.0
AssemblyVersion:
0.0.0.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
07-Mar-2018 13:11:10
FileDescription:
null
FileVersion:
0.0.0.0
InternalName:
burun_crypted.exe
LegalCopyright:
null
OriginalFilename:
burun_crypted.exe
ProductVersion:
0.0.0.0
Assembly Version:
0.0.0.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000080
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
3
Time date stamp:
07-Mar-2018 13:11:10
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00002000 0x00145474 0x00146000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 2.63229
.rsrc 0x00148000 0x000004F0 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 1.7354
.reloc 0x0014A000 0x0000000C 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 0.0159202
Resources
1

Imports
    mscoree.dll

Exports

    No exports.

Screenshots

Processes

Total processes
52
Monitored processes
14
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start drop and start drop and start run.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs roguekiller_portable32.exe no specs roguekiller_portable32.exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3084
CMD
"C:\Users\admin\Desktop\run.exe"
Path
C:\Users\admin\Desktop\run.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
0.0.0.0
Modules
Image
c:\users\admin\desktop\run.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\gac_msil\system.windows.forms\2.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

PID
3404
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\users\admin\downloads\roguekiller_portable32.exe
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
1428
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x70fe00b0,0x70fe00c0,0x70fe00cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3452
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3436 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
2540
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=980,17170333904607081527,6615956900840194279,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=A90DEC7C08B4E509C0B629B9A944A198 --mojo-platform-channel-handle=1008 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3276
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,17170333904607081527,6615956900840194279,131072 --enable-features=PasswordImport --service-pipe-token=96B5EA4FCA894EBD9E141B4508EBFAB2 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=96B5EA4FCA894EBD9E141B4508EBFAB2 --renderer-client-id=5 --mojo-platform-channel-handle=1776 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2188
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,17170333904607081527,6615956900840194279,131072 --enable-features=PasswordImport --service-pipe-token=A39092A314A87960878B9F6491D3D0C8 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=A39092A314A87960878B9F6491D3D0C8 --renderer-client-id=3 --mojo-platform-channel-handle=2116 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2692
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,17170333904607081527,6615956900840194279,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=A8E680276206AC333532FCDFD0D527B9 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=A8E680276206AC333532FCDFD0D527B9 --renderer-client-id=6 --mojo-platform-channel-handle=2744 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2264
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,17170333904607081527,6615956900840194279,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=0719E7CFF4BB17162F342DB320807D11 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=0719E7CFF4BB17162F342DB320807D11 --renderer-client-id=7 --mojo-platform-channel-handle=3832 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3744
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,17170333904607081527,6615956900840194279,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=CBB619B42B26575B46C151A3C71E5894 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=CBB619B42B26575B46C151A3C71E5894 --renderer-client-id=8 --mojo-platform-channel-handle=3848 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3532
CMD
"C:\Users\admin\Downloads\RogueKiller_portable32.exe"
Path
C:\Users\admin\Downloads\RogueKiller_portable32.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\roguekiller_portable32.exe
c:\systemroot\system32\ntdll.dll

PID
2196
CMD
"C:\Users\admin\Downloads\RogueKiller_portable32.exe"
Path
C:\Users\admin\Downloads\RogueKiller_portable32.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\roguekiller_portable32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\sspicli.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mstask.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\imageres.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\windanr.exe
c:\users\admin\desktop\run.exe
c:\windows\system32\ncrypt.dll
c:\windows\system32\gpapi.dll

PID
3828
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "https://adlice.com/thanks-downloading-roguekiller/?utm_campaign=roguekiller&utm_source=soft&utm_medium=btn"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
RogueKiller_portable32.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll

PID
120
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3828 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\jscript.dll

Registry activity

Total events
997
Read events
859
Write events
137
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3404
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3404
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3404
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
3404
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
3404
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
3404
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13194352947907500
3404
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307020001000B000A0002002500850300000000
3404
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
3452
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3404-13194352947126250
259
3452
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3404-13194352947126250
0
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\RogueKiller_portable32.exe
DumpFolder
C:\ProgramData\RogueKiller\Debug
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\RogueKiller_portable32.exe
DumpCount
10
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\RogueKiller_portable32.exe
DumpType
2
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\RogueKiller_portable32.exe
CustomDumpFlags
0
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
EnableFileTracing
0
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
EnableConsoleTracing
0
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
FileTracingMask
4294901760
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
ConsoleTracingMask
4294901760
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
MaxFileSize
1048576
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
FileDirectory
%windir%\tracing
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
EnableFileTracing
0
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
EnableConsoleTracing
0
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
FileTracingMask
4294901760
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
ConsoleTracingMask
4294901760
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
MaxFileSize
1048576
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
FileDirectory
%windir%\tracing
2196
RogueKiller_portable32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2196
RogueKiller_portable32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight
Type
1
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight
ImagePath
\??\C:\Windows\System32\drivers\truesight.sys
2196
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight
Start
3
2196
RogueKiller_portable32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{2B4E10F4-2DE4-11E9-91D7-5254004A04AF}
0
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307020001000B000A0002002A007403
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307020001000B000A0002002A007403
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3828
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307020001000B000A0002002B003400
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
9
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307020001000B000A0002002B004D00
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
21
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307020001000B000A0002002B008D00
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
20
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006C000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
120
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
120
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Blob
0400000001000000100000009414777E3E5EFD8F30BD41B0CFE7D0300F0000000100000014000000BF4D2C390BBF0AA3A2B7EA2DC751011BF5FD422E090000000100000068000000306606082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030806082B06010505070309060A2B0601040182370A030406082B0601050507030606082B0601050507030706082B060105050802020B000000010000005C00000047006F006F0067006C00650020005400720075007300740020005300650072007600690063006500730020002D00200047006C006F00620061006C005300690067006E00200052006F006F0074002000430041002D005200320000005300000001000000230000003021301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0620000000100000020000000CA42DD41745FD0B81EB902362CF9D8BF719DA1BD1B1EFC946F5B4C99F42C1B9E1400000001000000140000009BE20757671C1EC06A06DE59B49A2DDFDC19862E1D000000010000001000000073621E116224668780B2D2BEE454E52E03000000010000001400000075E0ABB6138512271C04F85FDDDE38E4B7242EFE190000000100000010000000A8827A3CBD2D87D783B59B8062C87E9A2000000001000000BE030000308203BA308202A2A003020102020B0400000000010F8626E60D300D06092A864886F70D0101050500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3036313231353038303030305A170D3231313231353038303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100A6CF240EBE2E6F28994542C4AB3E21549B0BD37F8470FA12B3CBBF875FC67F86D3B2305CD6FDADF17BDCE5F86096099210F5D053DEFB7B7E7388AC52887B4AA6CA49A65EA8A78C5A11BC7A82EBBE8CE9B3AC962507974A992A072FB41E77BF8A0FB5027C1B96B8C5B93A2CBCD612B9EB597DE2D006865F5E496AB5395E8834ECBC780C0898846CA8CD4BB4A07D0C794DF0B82DCB21CAD56C5B7DE1A02984A1F9D39449CB24629120BCDD0BD5D9CCF9EA270A2B7391C69D1BACC8CBE8E0A0F42F908B4DFBB0361BF6197A85E06DF26113885C9FE0930A51978A5ACEAFABD5F7AA09AA60BDDCD95FDF72A960135E0001C94AFA3FA4EA070321028E82CA03C29B8F0203010001A3819C308199300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604149BE20757671C1EC06A06DE59B49A2DDFDC19862E30360603551D1F042F302D302BA029A0278625687474703A2F2F63726C2E676C6F62616C7369676E2E6E65742F726F6F742D72322E63726C301F0603551D230418301680149BE20757671C1EC06A06DE59B49A2DDFDC19862E300D06092A864886F70D01010505000382010100998153871C68978691ECE04AB8440BAB81AC274FD6C1B81C4378B30C9AFCEA2C3C6E611B4D4B29F59F051D26C1B8E983006245B6A90893B9A9334B189AC2F887884EDBDD71341AC154DA463FE0D32AAB6D5422F53A62CD206FBA2989D7DD91EED35CA23EA15B41F5DFE564432DE9D539ABD2A2DFB78BD0C080191C45C02D8CE8F82DA4745649C505B54F15DE6E44783987A87EBBF3791891BBF46F9DC1F08C358C5D01FBC36DB9EF446D7946317E0AFEA982C1FFEFAB6E20C450C95F9D4D9B178C0CE501C9A0416A7353FAA550B46E250FFB4C18F4FD52D98E69B1E8110FDE88D8FB1D49F7AADE95CF2078C26012DB25408C6AFC7E4238406412F79E81E1932E

Files activity

Executable files
4
Suspicious files
81
Text files
118
Unknown types
10

Dropped files

PID
Process
Filename
Type
2196
RogueKiller_portable32.exe
C:\Windows\system32\drivers\truesight.sys
executable
MD5: 0c997b061e3c66bd9e927c1288eb1cc7
SHA256: 3807e9a1bc159b9e8fc0c7caad10d7213ff8ed8ad1cea9ea552b093c81bf624b
3404
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 376336.crdownload
executable
MD5: e6f8ceec9cf20655b20b7ea870563715
SHA256: 8a26f457270b2dcf690f4e55f8c9f803b47b6030a0d2ef9ace26f2c563ac6534
3404
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 376336.crdownload
executable
MD5: 8bddc4ffbaae30c14b1188356587eef9
SHA256: a85e4dd4fa03e197e500fa1c2b70c4633531151b973f074d135ac980820e05a5
3404
chrome.exe
C:\Users\admin\Downloads\RogueKiller_portable32.exe
executable
MD5: e6f8ceec9cf20655b20b7ea870563715
SHA256: 8a26f457270b2dcf690f4e55f8c9f803b47b6030a0d2ef9ace26f2c563ac6534
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
––
MD5:  ––
SHA256:  ––
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\version
text
MD5: 9710b0613d4b98482c777d321bf53bba
SHA256: 574243d57b48886280954fda8cec25fbfdc70e1058f55027e7488a7c3a6b945d
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\wmi
binary
MD5: a9e3823beb293cee5af33e37b6d51941
SHA256: 57101c3b6e819ecba9e364a935f5edb5d6754cf9b24c1496140f8145f9c5b012
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\tasks
binary
MD5: 19d26d4ca2a594f3f5f13118fd46dd2a
SHA256: b9e35c042aa80503bb309c8b1d7fa3f2bbfbf9bec3522c272bf791010d6e5482
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\windows
binary
MD5: 1deec0986ca2d19fd9e9e4d3421d572e
SHA256: 64bf7f6e161b41a58af910797151d1c35cdfc778a41793b2770a0b986cd8595a
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\webconfig
binary
MD5: 8c4f4455ee581811488202c2d38f1553
SHA256: d761d9f1e0c56a36b086799a83f1f7b1f6eaeaf1cce4861467a40abaf7ade902
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\signatures
binary
MD5: de8aaf293606f1376cbfdf56ecba7a14
SHA256: bd010a5fe4e28ff68ee1f70190b1264aeca40a7e2041401126b1b17bd603ae3f
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\services
binary
MD5: 3afe53c2b99bf7791a1aab0965695c23
SHA256: f140b08b93788d80e6729cfca1d17eb91fe9b4670ee3bc54161fae4c3f188fb6
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\regnames
––
MD5:  ––
SHA256:  ––
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\pdb
binary
MD5: db71ffb3e2cc6c227aa29257ff3814b7
SHA256: 54f56f13f4ccd64091b906bb5ca5ab96acfafc976aad146f659b5cb729cbf190
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\mbr
binary
MD5: 7a11c1488ea96f09892fde6bef638dd4
SHA256: 8234a17d7734f0e80aa0fe8dacb840730a9f74ef977471a66e1c2f0f1ff88c21
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\ips
binary
MD5: 5b9d7453cf7db331141098aafea44a0d
SHA256: 3162ed18ebd3bf13b59b8d28db2ea5783e4a9f21340da166b0481e74b5737408
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\hosts
binary
MD5: 7c0571805eefe7569a1d3cc4a9f9b3f1
SHA256: 3aeca634c258643a37409da3d30a25e3aecc085a5311bf43a8b6ee5617812409
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\guid
––
MD5:  ––
SHA256:  ––
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\filenames
––
MD5:  ––
SHA256:  ––
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\domains
binary
MD5: 8ebb18899c89205009c15c2e35c8424e
SHA256: 756ba23f9bd6b0da5264802f1f7957d18f0951109e3c38ad37b988d1d5833d46
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\digisig
binary
MD5: 905f3648f3285f79f2e59d7a056e2e33
SHA256: 94f4575d4f9b9a51a4e32f2ef285abccf6d54d367efcedfcf65c28c4c28bde27
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\addons
––
MD5:  ––
SHA256:  ––
2196
RogueKiller_portable32.exe
C:\Users\admin\AppData\Local\Temp\as_3D31.tmp.zip
compressed
MD5: 3fa09b0284bddb167c094d7b13a7fb09
SHA256: 330c9a089014086d18d43387e7821ceaf1d6aeec7a49dca3354b9e23dbc36afc
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: b1d431e76201a01498cef86bafd531e9
SHA256: 4322f72ceec381232eaaa30da59b034eb0d4bf8aef6b6494a90d3a7527736d2b
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\logs\AdliceReport_SCN_02112019_100343.json
text
MD5: 6fbceacb1c30ae0fd66c0c20cfabaf62
SHA256: b0b835bdf3299b54bd8b64e3840fcd6badb5860f4c8548b6fbe504a4759901e3
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\logs\AdliceReport_SCN_02112019_100447.json
text
MD5: 74d615a2344d100561ed919dbd5d48f6
SHA256: 03b081b0e2b429e04537c9caba45c3a9c79668c32f5a9555d42913fd1b4757f0
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 5bec9a06b543092ab67d3fc9d88a40aa
SHA256: a2c8385761839a73cb5e96be70d4ec29dd52152e305488d4f6d38ea745817584
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: ddb4a09983db1da3321fa0ff3d21ebe0
SHA256: 8ecbabf1ffeff3e18867a1b9751edef31c68f50940bfe58e78064d6af7cebe4b
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 63c850ca1f85bff9ed028cfd992050c5
SHA256: e336906a958c3da488a1857f4f3733c7fb4a4b8047a02b0869bf8b03aabd8203
2196
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 607911c21abc7a062cc9e95956854acc
SHA256: 74dd5c563f783b2dbd2f1889b928950943a50f95a81064deb7419345a26c1a7b
3828
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2B4E10F4-2DE4-11E9-91D7-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3828
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFB32368518AC37CAA.TMP
––
MD5:  ––
SHA256:  ––
120
iexplore.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: 3515097be5439fc1f90f392c0b81c0af
SHA256: 79402113edb00510231bd347f27755081d3ed79fdeaabda49d878a2862fa899c
3828
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF692B14981AF719F9.TMP
––
MD5:  ––
SHA256:  ––
3828
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2B4E10F5-2DE4-11E9-91D7-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3828
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{2B4E10F7-2DE4-11E9-91D7-5254004A04AF}.dat
binary
MD5: 60b30c004deec6d2c2259bdb31347bdb
SHA256: 28c1ceccbaf8958b0e8a5d46b9cf3b9133a4a5bb3b599f3bd6d66160bf6ee9b0
3828
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{2B4E10F6-2DE4-11E9-91D7-5254004A04AF}.dat
binary
MD5: 07d70c713253026151b880f1bbe2d307
SHA256: 95ed253a768020e447465e9a94ca28f7f86969ce894bbcadf5980edc29aae613
3828
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF9BF1E17DF688C020.TMP
––
MD5:  ––
SHA256:  ––
3828
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFA6FFA4773BDEE206.TMP
––
MD5:  ––
SHA256:  ––
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\dashicons[1].eot
eot
MD5: 30e410c715c6215fa7faa1c979b6480c
SHA256: a55660c37af5bbcc8c6c485c032e3d74d876946607e6c20148e3d3d5f37043b8
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\custom-old-ie-52bfdbb2b1[1].css
text
MD5: a1e9a9d4abedf8faa68b81d99c2332c3
SHA256: f38a55ec3f1cc7b87be20fdee15e40245b109ffe3eea61cd9ccd15a2f0809c0e
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\above-the-fold.min-5.4.1[1].js
html
MD5: 26bcc63f374c43287868adb618b8fd7c
SHA256: ccd1e0d2d06c1358483fefd52cd9729ce3a30e4b669847a61175c847db0835f8
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\mailin-front-1535363816[1].js
text
MD5: 58916766ecfb1c63e85fd9b4cce2b1d9
SHA256: c9ab6a740ea718431c83ffc2bc6b84c8d57bbd9f047842678e326b7f37278b9f
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\script-1[1].js
text
MD5: c56b066243522dd64c1e1ea4ff3054f4
SHA256: 0309ea9863108df1b0e04b00cf187e3af711d3d4e952c8b38a40eb1e78a552ab
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\chosen.jquery.min[1].js
text
MD5: 4f0361640d5597fb84f0b07deabe3d56
SHA256: 7373ca9ed2c272959213699ab6c34d53f342a2d01d996ebc543743312911a6dc
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\front[1].js
text
MD5: 77ac51fd7452d5a4bec906da51ccb468
SHA256: 484b8923c818e8e8ca6dabcc10ed358ac16711f491965fefa45189f8cd6609c3
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\old-ie.min[1].css
text
MD5: 68637b8b5d88ca41442aa80237b41733
SHA256: 9ef3dbd1c0a71ea1045f64322d4ccd07212dd80abfe867688892cc4e7bb4bbf7
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\css[1].txt
text
MD5: 31b8f0aa107cbde0d92b91fed8e82190
SHA256: cd4b6d4596f12172f2fc3d4d3210114d7d4630d5d0af9db04856603241a5103e
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\bootstrap.min[1].js
text
MD5: 4422b5e224030e6b1ba4a00b83ec492c
SHA256: 4b9329f540f2a0a583e6b0dff71f0f68d819ca3920c752fdb4e6bb1f88659cab
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\crayon.min-_2.7.2_beta[1].js
html
MD5: 3b6275d9477ca1f46273d475b3c4d276
SHA256: 193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\jquery.cookie[1].js
text
MD5: 42af20a21999a3377af0979cdce17cdf
SHA256: 463b99dfb3fa81d269f7508768da9f4ca229416b1b8e68177a30d0291868f945
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\jquery-migrate.min-1.4.1[1].js
text
MD5: 01cd9590e1e043e5299db33fe8a45bee
SHA256: c4154129ebd028c6a491139f744aef258c77f427ce2155b03a0466fb84c4e165
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
dat
MD5: af4667efe5c5a4c9347373e87093456d
SHA256: b408ad60780b2443cc052e958882dc3d6bf121fb9545505a1f157e1aa987c586
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\jquery-1.12.4[1].js
text
MD5: 3b1a9f1f833ccc59775f92e801fd596e
SHA256: 8a4c252da9c4b03a65ca99a734ef82408df893c1b6a5d5a49c4f87f774bc4f75
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\style-6c45559eb5cb5b9d7dbd0e988df11a4e[1].css
text
MD5: 78b310e4e00815b61dbe2e959d8db576
SHA256: b78cc9c93a5b9203f298371aa2e5f8aa83d8085d9ac2c49d929c63fba93fb55e
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\mailin-front-831548b431d0e97b1b5468fca3252dc4[1].css
text
MD5: bda2d3e9d0306e4b702eb7367d753459
SHA256: 3cc60ed64295b83795bcd615ffa7b286044ef8b3f4f08125ff05cbcad414415a
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\legacy-52bfdbb2b1-edba48470d4c4fd0cf740b6e657ad9de[1].css
text
MD5: 60008a7b163c1ac518edd09d96407085
SHA256: abfbf16188e07cc9bab119d61a43c06a85c84964705c9bb3822beaf9404c684c
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\wpml-52bfdbb2b1-29133ecbc70e246a3d677c6e9d3bda96[1].css
text
MD5: de75d1bd5aaec32132ece791144f3ee2
SHA256: 54a0053b36393e082945582ea4ff534f901eafd45bfdcbef77e007f8b34c5842
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\custom-52bfdbb2b1-21cd0e873635e2c8961fd77d0f75948f[1].css
text
MD5: 49b7f66600039b772aac3894669b39cd
SHA256: 3a5f187e5d9694ae8492057aa3e6c407c4f0918a3c497a0c010242552c147f21
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\css[1].txt
text
MD5: 1424c0611ac37267c088c1ca76c9e2e4
SHA256: 81b37afe63c8c4e6fb46898d389e953a1678c9f82c43abb86550c373f697bba0
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\media-cbf00e6870-c2823d02efcddde47a53e7b0679adf1f[1].css
text
MD5: ed73b632b81336b62d2891f5b7099717
SHA256: 96d74155238f339a7512856d975902c85c9d2db35efc0d95623adadeb9f12a1e
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\main.min-5.4.1[1].css
text
MD5: 0ee4ee7a99af5c305b521bbf5f6ef81a
SHA256: 9707cc2d783792f7b7574ef12e06cad95b5696ae37b0f994559976af9d2dd22c
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\fontello.min-5.4.1[1].css
text
MD5: 0088127a8903e1ca6a4cf95805459f1d
SHA256: 2e4b551ee6ec2683d29c477306660a8d299175bac0673a80cc5b832ab47cf5f4
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\style.min-5.4.1[1].css
text
MD5: b6200f63ae7f0159f56997e5054dbb92
SHA256: ebc1287e4a201a8bc9ff42ce0a28e5cd3a32151e52b4551b1e10c2a2e5baddd5
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\font-awesome.min-5.4.1[1].css
text
MD5: b67fc8328e6788e8ad241441f6114517
SHA256: 2a504db7a8b193506e1296e3d4c56037a153831572043496014f4fe31d5a8891
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\TweenMax.min[1].js
text
MD5: d28a880a8b597f0b759359d5cae961b5
SHA256: f8fc2c2444bdf0e0595e41eb55d79a0f65504c3a90b2e80cb1155c4e954b8472
120
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
dat
MD5: 7ddcc98f46936122c8ae5f3a247a533b
SHA256: 03fba9651af3b6f734181de943d3b5e8fb7c9026cbbf1bb8b55fa95e5383a6e4
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\frontend-d78f4521fad26117f711cb0a519419ab[1].css
text
MD5: 67acac2d8bb7c1116305b94c160acdb5
SHA256: f0049caac8c2b19c9674b7a778355f86f8dc9e7cd391aa8eb4159a9c00db8710
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\wp-review-eeb9cefaff310ba8b4d54fa8694e8cda[1].css
text
MD5: e157be086e5ffb1d8b0e4c3a36eb2bad
SHA256: 9809fed647e034ed43d98dcfb2e29873de9263a5204f3114ec84ee1c70e970b0
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\style-9d6fbca47f1041f89b89b1ca452385fb[1].css
text
MD5: a936377b3d7bd18e7f7e29599ad68936
SHA256: c74f84f1fc77e6601fd8e6885ca2f3a586ea9ae72b9ec9415f07e624fd70d472
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\dashicons.min[1].css
text
MD5: 1c364e777cd2b874ea6cf09100861c6c
SHA256: d0df2ff25fded9e43a0cfa5159393d4482725bfb390e8ca94f34da85b5304117
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\style-e7af389069420dccff5dd149f88a5fde[1].css
text
MD5: 5b743f1f12a511b184c52fcdc0e4bddd
SHA256: 187c0eb5c6c55f81bb753d2ef0f542cf3a219a687a1e869e246583062bd12598
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\front-55f8ffeab18422761a3623d884a045d2[1].css
text
MD5: 331ee36c65941ba8c09751242e2e0518
SHA256: edfa000cba9bc2beff404ffb24b7075f3c2b581895eb0c43b9e6d0fe47932600
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\chosen-ec10dccaeb9e7a76c8c35e4d45d74953[1].css
text
MD5: 6ba0a731bc35afc808d04719c1af1f72
SHA256: e5e578921225652f3bcf475b51f070c4ab8debde6e66aea7c5bc2f767f880094
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\frontend-d287368d09216479d383157fca4ff201[1].css
text
MD5: 60419aaff3f8433f5cdc9095893afd0c
SHA256: ed70c2cf61d0f24d03299ffc5896c7abd86bb858501987dc10e3afec086c01df
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\bootstrap-44160ccd13cb75376c703293a4864db3[1].css
text
MD5: ffbba662d1032e8f3deeed071698d502
SHA256: c17d122e44fef60ddf693f63e36fde1401df97548655ff5d3019ab0498d1923c
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\go_pricing_styles-44c78c004c3751788d855f376d1c6937[1].css
text
MD5: 7f4696dc63a65f8594fe541947d47de6
SHA256: 32812134f0ccda74891e7edc1a68339a90363b7224567a5a36d874f62471b486
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\font-awesome.min[1].css
text
MD5: 0831cba6a670e405168b84aa20798347
SHA256: 936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\style.min[1].css
text
MD5: eb1a96949e0ea0d08033d3f941bf1f3e
SHA256: 1698abe528bb1f8e76991814a09aacb0ec7247d421ed2e4ff8f00e3fb1275712
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\styles-2b4c8ce7f8f97ce7915ddb77dbbcf21e[1].css
text
MD5: 22af305f639cc35dc980740258295a09
SHA256: e88778b9414820bf2cb42abf4e1bb9d375b6112e21ccc5ca73874d4850c9390c
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\crayon.min-_2.7.2_beta[1].css
text
MD5: cd3c5b5011a2d22ba2f4a6ea95fec06a
SHA256: 21179dec09544f8096211d2628c182bd03ebe55e1ba80998c7fef336474d40c9
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\thanks-downloading-roguekiller[1].txt
––
MD5:  ––
SHA256:  ––
120
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\thanks-downloading-roguekiller[1].htm
html
MD5: 68a854cf09a8765d85f72c2da5d2ca0b
SHA256: fadff99e43cea1b7f67afaf352a8dbf83d19f8fd9bd24ceebfff82a63e43fb67
120
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: decb1675bfbdf4c7659208dee9e7570d
SHA256: 5babdc3b8f6b3eeed17cd1dead77ad1d3d372408125df6048d39c29bfedfed0d
3828
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[2].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3828
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3828
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
binary
MD5: 4c3a04540c82b63e08ccd0f5605fe9b0
SHA256: f87887ff001f46072060a1de8cb81a42846f0855a92b361b8e22bcd29ccb54bf
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: 7a46926624f1001e2c4e17c85be45d39
SHA256: 5a7710e5839c18de02fc5b4146dfae9ee8c7a17b8092c2fc06a0b2db00e21a2d
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: 5b003cc5934dc16e28ef3d1e35ebe277
SHA256: 935cc84b308a46e5a58b41e842a8ce2895ac67645536151aa7b0029937c3c830
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: ac68998e918e940b50ffbc0549496162
SHA256: b30527a369a8a0a8c5d37b572b0626f332162c63ec3a66bbbd633c9bc6719284
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 3cf5ed7b84422b985a4e136b675f9877
SHA256: 8b5edf33ab01ea7ba00753ff0da29f5e710f3e7ce7a862693c4dcdc22e94b844
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF250f2e.TMP
text
MD5: 3cf5ed7b84422b985a4e136b675f9877
SHA256: 8b5edf33ab01ea7ba00753ff0da29f5e710f3e7ce7a862693c4dcdc22e94b844
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: d932a31a0fb91833edb0325c6b434b34
SHA256: 8049465356163740d6e4c0bb56b9dcaa90149631646fa6bb56d01de223bd1f8e
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF250f2e.TMP
text
MD5: b45e84be3c2916d974114b78754eeb49
SHA256: b6840b5dfafb7057b32641332ed45958b814f0fa55922b4bdfbf106c97c0d35e
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: b45e84be3c2916d974114b78754eeb49
SHA256: b6840b5dfafb7057b32641332ed45958b814f0fa55922b4bdfbf106c97c0d35e
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\66faf96c-c529-432f-951c-0295fcb0e346.tmp
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\8cc8852d-8816-464e-ade4-1426cbb66b27.tmp
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: ecc9f4a035779cecf4cbeacc9e568a68
SHA256: 62769a569efa9c8ac6ad6919bec582c67ad60b9b669a2e400bf293eccb3f505b
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: ed3d1c71e33729de7febf8fe5e6ec916
SHA256: 69c86a85adc870f4b414d529894f622580db21bbefb5e2c4da4ba14141c7b1fc
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF250f1f.TMP
binary
MD5: ecc9f4a035779cecf4cbeacc9e568a68
SHA256: 62769a569efa9c8ac6ad6919bec582c67ad60b9b669a2e400bf293eccb3f505b
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\98c7c51a-0662-4a53-ad8f-7a3827961bc8\index-dir\the-real-index
binary
MD5: eb175fe63f887a8e0af306d51222119f
SHA256: 3b34d4097c6cdf37a908c798e6c6cc2dc91866db0be175b96792adccf98e46df
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\98c7c51a-0662-4a53-ad8f-7a3827961bc8\index-dir\the-real-index~RF250f0f.TMP
binary
MD5: eb175fe63f887a8e0af306d51222119f
SHA256: 3b34d4097c6cdf37a908c798e6c6cc2dc91866db0be175b96792adccf98e46df
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
sqlite
MD5: 4824ea8fa986d322b931d33d00de6e6f
SHA256: 2d3e8f3f8b8383d5ad1bf72396bdb5cdf02815543d5f86e860ea52f229423c6c
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 4746b581ac09a01c4f5746cd5df8b8dd
SHA256: 30f12ef3974b3fc422b198924a1558ab189ccb0e0e3fa82f2c67f50259b4463a
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
binary
MD5: 38e541bb880481df9d957be2e81b3103
SHA256: bc3a842ec2f76ffadb676f3136d8cb50a3be73da93520b640dc726ea4b3d740f
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: 02ce1404eb9e22bd2067735a47a86474
SHA256: 17a18beda29bcc46b3ed3aecc4d991f5fd665532714397cd03214e6b9fda884e
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF250eff.TMP
text
MD5: 4746b581ac09a01c4f5746cd5df8b8dd
SHA256: 30f12ef3974b3fc422b198924a1558ab189ccb0e0e3fa82f2c67f50259b4463a
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: a054758211390e2f763cafd5f2f9395d
SHA256: 18349304357730a5caaa69a45bf0fffabf3451366435c1d46b5b4adda79c9961
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
text
MD5: aa7e1fed17786899821f6a12a999443f
SHA256: 0959cf331e6e979930c5b897bc4e77345884dd2b3b30b986f781d5e57676cc14
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
sqlite
MD5: 52af5b24782d1cb4def46c48f2dd144c
SHA256: b7fcbc6d8461fc2dab9d2afe87fa745802d11d72047168ab15661b0a11ac1b4f
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
binary
MD5: 288c647dd6ab4a621d58a0fa32560a9a
SHA256: b2843a829e6c210094b9be395531ad584a0a7f1d5fab7e80afa805919898d89b
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: 73b981745670913e0afc9e24c94f1e0b
SHA256: 5638dd931f5060530dd8d57c254690410ce8c0b7f7fc19a7354b8ecd99fa7c4f
1428
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\98c7c51a-0662-4a53-ad8f-7a3827961bc8\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF250ef0.TMP
text
MD5: b45e84be3c2916d974114b78754eeb49
SHA256: b6840b5dfafb7057b32641332ed45958b814f0fa55922b4bdfbf106c97c0d35e
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\343e5a03-52eb-4df1-aee6-02f3f762fe04.tmp
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: d33c4366e1569525ffa4ad62867b40a0
SHA256: eebf50c08cce84a9c5b4c2d336032645da1231f978b88394b901b0dda9cf9e5f
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 9409bab446b7204c6235dfddd6066e89
SHA256: 68c1cb50ec24ac5a1dbdc7d9c845e94a1e9d60f312cf92a694f0791cd7ea105e
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\8b898b80-e17a-4c6c-9da8-d1c154fc744c.tmp
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: 89542fd23230434112ba98197bef8299
SHA256: 58ec2394eb89959ced475cc13e426ce70cbb768853aae4d0fc78bf083c8ad12c
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: 12c2e475445f18b34b44cf7b16f46015
SHA256: 5734a72e23c05f8d95ea4aa6ac9a9eda2ce48f86b0dbeede23a25a492b8801f8
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
text
MD5: 84c2f5acb2098c4a6bde72ec5ca17278
SHA256: dbfa638993250de9d3eee535e0b58ae2da5c304c6ff1eb08a9702f9b21391dbb
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: a296a36ab10b37698ebf486c3daf1acf
SHA256: 36a6861b0491644a8869e0240fda63fac06c6ec1b1f5e3b80cdd6a3fed107785
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG
text
MD5: c549eab13e1ec8d20c5d153dabb32d7c
SHA256: 06efc03763b14178922d689c184cbc90401fd47ea2856ebe1728bd0e6e1d284b
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: 4954bce7cdb1b0329acbab6753aae0e2
SHA256: 8fe55b2f79bdda5aa4585ac4caf8678140b0ee14c59b3df9b2797e21f1e9466a
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: 05c9516e3ee8288eabd2dde91ff50543
SHA256: 927ce3dffbe531278bd4403cba33dc28037b5e3ac29efcf52ebace1efe289b98
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: 833269d3fbf1cd2ac8a7f686307c7b0a
SHA256: 7cf541444b6c1017f9f294e273f2d5b17804e7217a5e616299ad7b39511f7a7c
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 54ad1e10b6b57bc9b9eed994e581dd5f
SHA256: 24d2a7516de320c3e91b1513cad94ce5ce2b964bbb8a3d1f66e8083b3205b19c
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: ea05a587da3ed5075b1dd17dc85ddd84
SHA256: 9992640c0040e3ec1ea93fcd692a58e508f35e1a7d6012252cd517d0ad10c8a2
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: b12479701c6fd614c0d094db566433ff
SHA256: 80897626d2749ee9a59c0fa76574e081ac0db688b71b8209f8df0091703f47f6
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF250ae9.TMP
binary
MD5: 9f0df79b3d021deeb68ddf5c0c74cec9
SHA256: a6ebc7decebf818185c2817c6e7107b5e07129174cd1addbe9cafbc7526c26a4
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 9f0df79b3d021deeb68ddf5c0c74cec9
SHA256: a6ebc7decebf818185c2817c6e7107b5e07129174cd1addbe9cafbc7526c26a4
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\6607a44c-7281-4000-b277-8ed05c41c15d.tmp
––
MD5:  ––
SHA256:  ––
3404
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 97334a0db28bc66f4128a13a6a0c073d
SHA256: c40f600b487f781c20977ae45c42292dca146489a49dab52b89af51fa7571521
3404
chrome.exe