Program did not start
General Info
- URL
-
http://www.helpme.net
- Verdict
- Malicious activity
- Analysis date
- 12/2/2019, 21:35:24
- OS:
- Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
- Indicators:
Software environment set and analysis options
Launch configuration
- Task duration
- 300 seconds
- Additional time used
- 240 seconds
- Fakenet option
- off
- Heavy Evaision option
- off
- MITM proxy
- off
- Route via Tor
- off
- Network geolocation
- off
- Privacy
- Public submission
- Autoconfirmation of UAC
- on
Software preset
- Internet Explorer 8.0.7601.17514
- Adobe Acrobat Reader DC MUI (15.023.20070)
- Adobe Flash Player 26 ActiveX (26.0.0.131)
- Adobe Flash Player 26 NPAPI (26.0.0.131)
- Adobe Flash Player 26 PPAPI (26.0.0.131)
- Adobe Refresh Manager (1.8.0)
- CCleaner (5.35)
- FileZilla Client 3.36.0 (3.36.0)
- Google Chrome (75.0.3770.100)
- Google Update Helper (1.3.34.7)
- Java 8 Update 92 (8.0.920.14)
- Java Auto Updater (2.8.92.14)
- Microsoft .NET Framework 4.7.2 (4.7.03062)
- Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
- Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
- Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
- Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
- Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
- Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
- Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
- Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
- Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
- Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
- Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
- Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
- Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
- Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
- Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
- Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
- Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
- Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
- Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
- Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
- Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
- Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
- Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
- Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
- Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
- Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
- Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
- Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
- Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
- Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
- Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
- Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
- Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
- Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
- Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
- Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
- Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
- Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
- Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
- Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
- Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
- Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
- Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
- Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
- Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
- Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
- Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
- Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
- Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
- Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
- Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
- Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
- Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
- Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
- Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
- Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
- Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office Professional 2010 (14.0.6029.1000)
- Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
- Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
- Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
- Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
- Microsoft Office Proof (English) 2010 (14.0.6029.1000)
- Microsoft Office Proof (French) 2010 (14.0.6029.1000)
- Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
- Microsoft Office Proof (German) 2010 (14.0.4763.1000)
- Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
- Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
- Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
- Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
- Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
- Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
- Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
- Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
- Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
- Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
- Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
- Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
- Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
- Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
- Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
- Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
- Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
- Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
- Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
- Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
- Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
- Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
- Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
- Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
- Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
- Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
- Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
- Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
- Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
- Microsoft Office Single Image 2010 (14.0.6029.1000)
- Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
- Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
- Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
- Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
- Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
- Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
- Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
- Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
- Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
- Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
- Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
- Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
- Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
- Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
- Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
- Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
- Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
- Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
- Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
- Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
- Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
- Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
- Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
- Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
- Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
- Notepad++ (32-bit x86) (7.5.1)
- Opera 12.15 (12.15.1748)
- Skype version 8.29 (8.29)
- Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
- VLC media player (2.2.6)
- WinRAR 5.60 (32-bit) (5.60.0)
Hotfixes
- Client LanguagePack Package
- Client Refresh LanguagePack Package
- CodecPack Basic Package
- Foundation Package
- IE Troubleshooters Package
- InternetExplorer Optional Package
- KB2534111
- KB2999226
- KB4019990
- KB976902
- LocalPack AU Package
- LocalPack CA Package
- LocalPack GB Package
- LocalPack US Package
- LocalPack ZA Package
- ProfessionalEdition
- UltimateEdition
Behavior activities
| MALICIOUS | SUSPICIOUS | INFO |
|---|---|---|
Application was dropped or rewritten from another process
|
Executable content was dropped or overwritten
|
Reads Internet Cache Settings
|
Screenshots
Processes
Total processes
77
Monitored processes
40
Malicious processes
3
Suspicious processes
0
Behavior graph
–
+
Specs description
Integrity level
elevation
Task сontains an error
or was rebooted
Process has crashed
Task contains several
apps running
Executable file was
dropped
Debug information is
available
Process was injected
Network attacks were
detected
Application downloaded
the executable file
Actions similar to
stealing personal data
Behavior similar to
exploiting the vulnerability
Inspected object has
sucpicious PE structure
File is detected by
antivirus software
CPU overrun
RAM overrun
Process starts the
services
Process was added to
the startup
Behavior similar to
spam
Low-level access to
the HDD
Probably Tor was used
System was rebooted
Connects to the
network
Known threat
Process information
Click at the process to see the details.
- PID
- 2472
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.helpme.net"
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- Parent process
- ––
- User
- admin
- Integrity Level
- MEDIUM
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\shlwapi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome.dll |
| c:\windows\system32\oleacc.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\ncrypt.dll |
| c:\windows\system32\sechost.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\netutils.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\propsys.dll |
| c:\windows\system32\winusb.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\srvcli.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\msi.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\wkscli.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\d3d11.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\samcli.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\bcrypt.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\hid.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\credui.dll |
| c:\windows\system32\wevtapi.dll |
| c:\windows\system32\cfgmgr32.dll |
| c:\windows\system32\clbcatq.dll |
| c:\windows\system32\winsta.dll |
| c:\windows\system32\wbemcomn.dll |
| c:\windows\system32\firewallapi.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\apphelp.dll |
| c:\windows\system32\netapi32.dll |
| c:\windows\system32\gpapi.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\ntdsapi.dll |
| c:\windows\system32\cryptsp.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\wlanapi.dll |
| c:\windows\system32\rsaenh.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\setupapi.dll |
| c:\windows\system32\wbem\wbemsvc.dll |
| c:\windows\system32\rpcrtremote.dll |
| c:\windows\system32\mmdevapi.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\mscms.dll |
| c:\windows\system32\wlanutil.dll |
| c:\windows\system32\wbem\wbemprox.dll |
| c:\windows\system32\wpc.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\dhcpcsvc6.dll |
| c:\windows\system32\wbem\wmiutils.dll |
| c:\windows\system32\devobj.dll |
| c:\windows\system32\ntmarta.dll |
| c:\windows\system32\wldap32.dll |
| c:\windows\system32\samlib.dll |
| c:\windows\system32\nlaapi.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\wbem\fastprox.dll |
| c:\windows\system32\uxtheme.dll |
| c:\windows\system32\cscui.dll |
| c:\windows\system32\cscdll.dll |
| c:\windows\system32\cscapi.dll |
| c:\windows\system32\ntshrui.dll |
| c:\windows\system32\explorerframe.dll |
| c:\windows\system32\kbdus.dll |
| c:\windows\system32\mswsock.dll |
| c:\windows\system32\windowscodecs.dll |
| c:\windows\system32\ehstorshell.dll |
| c:\windows\system32\wshtcpip.dll |
| c:\windows\system32\linkinfo.dll |
| c:\windows\system32\dui70.dll |
| c:\windows\system32\wship6.dll |
| c:\windows\system32\imageres.dll |
| c:\windows\system32\duser.dll |
| c:\windows\system32\slc.dll |
| c:\windows\system32\bcryptprimitives.dll |
| c:\windows\system32\imagehlp.dll |
| c:\program files\microsoft office\office14\onfilter.dll |
| c:\program files\common files\microsoft shared\ime14\imekr\imkrtip.dll |
| c:\program files\common files\microsoft shared\ime14\imejp\imjptip.dll |
| c:\progra~1\micros~1\office14\mlshext.dll |
| c:\program files\microsoft office\office14\visshe.dll |
| c:\program files\winrar\rarext.dll |
| c:\program files\microsoft office\office14\olkfstub.dll |
| c:\windows\system32\shdocvw.dll |
| c:\windows\system32\mf.dll |
| c:\program files\common files\microsoft shared\office14\msoshext.dll |
| c:\windows\system32\wbem\wmiperfinst.dll |
| c:\program files\microsoft office\office14\msohevi.dll |
| c:\windows\system32\cryptext.dll |
| c:\program files\windows sidebar\sbdrop.dll |
| c:\program files\filezilla ftp client\fzshellext.dll |
| c:\windows\system32\syncui.dll |
| c:\program files\notepad++\nppshell_06.dll |
| c:\windows\system32\stobject.dll |
| c:\windows\system32\pdh.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\colorui.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\comdlg32.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\audioses.dll |
| c:\windows\system32\rasapi32.dll |
| c:\windows\system32\rtutils.dll |
| c:\windows\system32\mssprxy.dll |
| c:\windows\system32\rasman.dll |
| c:\windows\system32\sensapi.dll |
| c:\windows\system32\dnsapi.dll |
| c:\users\admin\downloads\gotoassist opener.exe |
| c:\windows\system32\rasadhlp.dll |
| c:\windows\system32\sfc.dll |
| c:\windows\system32\sfc_os.dll |
| c:\windows\system32\mpr.dll |
| c:\windows\system32\devrtl.dll |
| c:\users\admin\appdata\local\goto opener\goto opener.exe |
| c:\windows\system32\ieframe.dll |
- PID
- 3708
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6d90a9d0,0x6d90a9e0,0x6d90a9ec
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- MEDIUM
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\kernelbase.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\shlwapi.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\gdi32.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\usp10.dll |
- PID
- 2168
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2344 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- MEDIUM
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\shell32.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\user32.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\version.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\usp10.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_watcher.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\winmm.dll |
- PID
- 1532
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=17936558458228919293 --mojo-platform-channel-handle=1036 --ignored=" --type=renderer " /prefetch:2
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\usp10.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\winmm.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\kernel32.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\profapi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\nsi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\webio.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\avrt.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\msmpeg2vdec.dll |
| c:\windows\system32\slc.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\setupapi.dll |
| c:\windows\system32\mf.dll |
| c:\windows\system32\d3dcompiler_47.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\cfgmgr32.dll |
| c:\windows\system32\dxva2.dll |
| c:\windows\system32\ddraw.dll |
| c:\windows\system32\atl.dll |
| c:\windows\system32\mfplat.dll |
| c:\windows\system32\evr.dll |
| c:\windows\system32\powrprof.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\sqmapi.dll |
| c:\windows\system32\bcrypt.dll |
| c:\windows\system32\ksuser.dll |
| c:\windows\system32\dciman32.dll |
| c:\windows\system32\devobj.dll |
| c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libegl.dll |
| c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libglesv2.dll |
- PID
- 856
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=1707132380980205200 --mojo-platform-channel-handle=1644 /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- MEDIUM
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\lpk.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\msctf.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\dwrite.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\gpapi.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\dhcpcsvc6.dll |
| c:\windows\system32\dnsapi.dll |
| c:\windows\system32\rasadhlp.dll |
| c:\windows\system32\nlaapi.dll |
| c:\windows\system32\mswsock.dll |
| c:\windows\system32\wship6.dll |
| c:\windows\system32\fwpuclnt.dll |
| c:\windows\system32\wshtcpip.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\fveui.dll |
| c:\windows\system32\p2pcollab.dll |
| c:\windows\system32\bcryptprimitives.dll |
| c:\windows\system32\qagentrt.dll |
| c:\windows\system32\rsaenh.dll |
| c:\windows\system32\cryptnet.dll |
| c:\windows\system32\wldap32.dll |
| c:\windows\system32\ncrypt.dll |
| c:\windows\system32\bcrypt.dll |
| c:\windows\system32\cryptsp.dll |
| c:\windows\system32\cabinet.dll |
| c:\windows\system32\setupapi.dll |
| c:\windows\system32\cfgmgr32.dll |
| c:\windows\system32\devobj.dll |
| c:\windows\system32\sensapi.dll |
| c:\windows\system32\devrtl.dll |
| c:\windows\system32\credssp.dll |
| c:\windows\system32\ntmarta.dll |
- PID
- 1504
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1758015320617266838 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\winmm.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\shlwapi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\profapi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\dhcpcsvc.dll |
- PID
- 2468
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5378475371056303802 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\shell32.dll |
| c:\windows\system32\version.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\shlwapi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\userenv.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\gdi32.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\cryptbase.dll |
- PID
- 3812
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11456916394137031555 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\kernel32.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\sechost.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\lpk.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\msasn1.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\iertutil.dll |
- PID
- 2620
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15518139874371766527 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\usp10.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\comdlg32.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\dbghelp.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\urlmon.dll |
- PID
- 3092
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=6153746322614264544 --mojo-platform-channel-handle=2976 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\usp10.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\sspicli.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\user32.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\psapi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\secur32.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\winmm.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\urlmon.dll |
- PID
- 3128
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=11207956157940635786 --mojo-platform-channel-handle=3608 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\version.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\imm32.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\comdlg32.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\cryptbase.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\ws2_32.dll |
- PID
- 2692
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=8477724847655710883 --mojo-platform-channel-handle=3504 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\sechost.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\lpk.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\advapi32.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\psapi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\comdlg32.dll |
- PID
- 3784
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=1176153828309650320 --mojo-platform-channel-handle=3688 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\shell32.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\gdi32.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\dxgi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\wininet.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\wtsapi32.dll |
- PID
- 3884
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=11387468460028715179 --mojo-platform-channel-handle=3692 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\uiautomationcore.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\sspicli.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\wininet.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\urlmon.dll |
- PID
- 2992
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9290040071947919826 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\systemroot\system32\ntdll.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\msctf.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\dbghelp.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\iphlpapi.dll |
- PID
- 1888
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=13626281636053594967 --mojo-platform-channel-handle=4052 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\urlmon.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\winmm.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\gdi32.dll |
- PID
- 3792
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=1409224211753966493 --mojo-platform-channel-handle=4036 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\gdi32.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\kernelbase.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\urlmon.dll |
- PID
- 1448
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7466899117026381129 --mojo-platform-channel-handle=4132 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\dwrite.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\msctf.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\version.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\nsi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\secur32.dll |
- PID
- 1992
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=11883448404672757161 --mojo-platform-channel-handle=4136 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\version.dll |
| c:\windows\system32\kernelbase.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\kernel32.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\dwrite.dll |
- PID
- 3256
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=14732959605461179145 --mojo-platform-channel-handle=4156 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\gdi32.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\userenv.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\user32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\winnsi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\secur32.dll |
- PID
- 2096
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=18257132039845944024 --mojo-platform-channel-handle=4040 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\wininet.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\wintrust.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\webio.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\msasn1.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\cryptbase.dll |
- PID
- 2492
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=13775520676627142116 --mojo-platform-channel-handle=4116 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\userenv.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\user32.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\dwmapi.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\version.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\usp10.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\sspicli.dll |
- PID
- 4028
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=6866775399378796468 --mojo-platform-channel-handle=4368 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\wininet.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\kernelbase.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\dwmapi.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\webio.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\oleaut32.dll |
- PID
- 1488
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=2251199570525255803 --mojo-platform-channel-handle=4352 /prefetch:2
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- MEDIUM
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\profapi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\shlwapi.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\winnsi.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\ksuser.dll |
| c:\windows\system32\powrprof.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\atl.dll |
| c:\windows\system32\evr.dll |
| c:\windows\system32\cfgmgr32.dll |
| c:\windows\system32\setupapi.dll |
| c:\windows\system32\devobj.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\mfplat.dll |
| c:\windows\system32\sqmapi.dll |
| c:\windows\system32\dxva2.dll |
| c:\windows\system32\mf.dll |
| c:\windows\system32\avrt.dll |
| c:\windows\system32\bcrypt.dll |
| c:\windows\system32\msmpeg2vdec.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\slc.dll |
| c:\windows\system32\cryptbase.dll |
- PID
- 2188
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5787753318684776289 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:1
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\userenv.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\winmm.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\dwrite.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\webio.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\winhttp.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\cryptbase.dll |
- PID
- 2708
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=11391041270496987981 --mojo-platform-channel-handle=2880 /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- MEDIUM
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\psapi.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\propsys.dll |
| c:\windows\system32\wldap32.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\secur32.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\ntmarta.dll |
| c:\windows\system32\lpk.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\cryptbase.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\clbcatq.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\sendmail.dll |
| c:\windows\system32\zipfldr.dll |
| c:\windows\system32\linkinfo.dll |
| c:\windows\system32\cfgmgr32.dll |
| c:\windows\system32\devobj.dll |
| c:\windows\system32\apphelp.dll |
| c:\windows\system32\shdocvw.dll |
| c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll |
| c:\windows\system32\windowscodecs.dll |
| c:\program files\winrar\rarext.dll |
| c:\windows\system32\netutils.dll |
| c:\windows\system32\uxtheme.dll |
| c:\windows\system32\cscapi.dll |
| c:\windows\system32\setupapi.dll |
| c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll |
| c:\windows\system32\srvcli.dll |
| c:\windows\system32\twext.dll |
| c:\windows\system32\slc.dll |
| c:\windows\system32\cscui.dll |
| c:\windows\system32\cscdll.dll |
| c:\windows\system32\rsaenh.dll |
| c:\windows\system32\ntshrui.dll |
| c:\windows\system32\msimg32.dll |
| c:\windows\system32\cryptsp.dll |
| c:\windows\system32\syncui.dll |
| c:\windows\system32\fxsresm.dll |
| c:\windows\system32\rpcrtremote.dll |
| c:\windows\system32\synceng.dll |
| c:\program files\notepad++\nppshell_06.dll |
| c:\windows\system32\wer.dll |
| c:\windows\system32\acppage.dll |
| c:\windows\system32\sfc.dll |
| c:\windows\system32\msi.dll |
| c:\windows\system32\devrtl.dll |
| c:\windows\system32\sfc_os.dll |
- PID
- 2496
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=1034142983454039080 --mojo-platform-channel-handle=1896 --ignored=" --type=renderer " /prefetch:8
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\oleaut32.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\winspool.drv |
- PID
- 2572
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1063712062511330773 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Exit code
- 0
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\winhttp.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\wintrust.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\winspool.drv |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\secur32.dll |
- PID
- 616
- CMD
- "C:\Users\admin\Downloads\GoToAssist Opener.exe"
- Path
- C:\Users\admin\Downloads\GoToAssist Opener.exe
- Indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- MEDIUM
- Exit code
- 0
- Version:
- Company
- LogMeIn, Inc.
- Description
- GoTo Opener
- Version
- 1.0.0.533
Modules
| Image |
|---|
| c:\windows\system32\profapi.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\cscapi.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\dhcpcsvc6.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\rpcrtremote.dll |
| c:\windows\system32\cabinet.dll |
| c:\windows\system32\netmsg.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\rasadhlp.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\schannel.dll |
| c:\windows\system32\rasman.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\cryptsp.dll |
| c:\windows\system32\apphelp.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\ntmarta.dll |
| c:\windows\system32\credssp.dll |
| c:\windows\system32\rasapi32.dll |
| c:\windows\system32\cryptnet.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\urlmon.dll |
| c:\users\admin\downloads\gotoassist opener.exe |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\netutils.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\wkscli.dll |
| c:\windows\system32\bcrypt.dll |
| c:\windows\system32\uxtheme.dll |
| c:\windows\system32\dnsapi.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\ncrypt.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\netapi32.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\sensapi.dll |
| c:\windows\system32\oleaccrc.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\rsaenh.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\dssenh.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\ntshrui.dll |
| c:\windows\system32\propsys.dll |
| c:\windows\system32\gpapi.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll |
| c:\windows\system32\bcryptprimitives.dll |
| c:\windows\system32\samlib.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\wldap32.dll |
| c:\windows\system32\srvcli.dll |
| c:\windows\system32\nlaapi.dll |
| c:\windows\system32\wshtcpip.dll |
| c:\windows\system32\fwpuclnt.dll |
| c:\windows\system32\rtutils.dll |
| c:\windows\system32\wship6.dll |
| c:\windows\system32\clbcatq.dll |
| c:\windows\system32\mswsock.dll |
| c:\windows\system32\normaliz.dll |
| c:\windows\system32\cfgmgr32.dll |
| c:\windows\system32\devobj.dll |
| c:\windows\system32\setupapi.dll |
| c:\windows\system32\msiexec.exe |
| c:\windows\system32\slc.dll |
| c:\windows\system32\devrtl.dll |
| c:\windows\system32\imagehlp.dll |
| c:\windows\system32\shdocvw.dll |
| c:\windows\system32\notepad.exe |
- PID
- 1916
- CMD
- "C:\Windows\system32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\5B03E976-F13B-45F1-9A03-4E53FE54DE5D\GoToOpener.msi" /q /lvx "C:\Users\admin\AppData\Local\Temp\LogMeInLogs\GoToOpenerMsi\BFEF2D90-FCE1-4C77-B237-BC4987E09DBF.log"
- Path
- C:\Windows\system32\msiexec.exe
- Indicators
- No indicators
- Parent process
- GoToAssist Opener.exe
- User
- admin
- Integrity Level
- MEDIUM
- Exit code
- 0
- Version:
- Company
- Microsoft Corporation
- Description
- Windows® installer
- Version
- 5.0.7600.16385 (win7_rtm.090713-1255)
Modules
| Image |
|---|
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\msiexec.exe |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\cryptsp.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\netutils.dll |
| c:\windows\system32\uxtheme.dll |
| c:\windows\system32\msacm32.dll |
| c:\windows\system32\sfc.dll |
| c:\windows\system32\sfc_os.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\apphelp.dll |
| c:\windows\system32\msimsg.dll |
| c:\windows\apppatch\aclayers.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\mpr.dll |
| c:\windows\system32\samcli.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\devobj.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\clbcatq.dll |
| c:\windows\system32\netapi32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\setupapi.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\rpcrtremote.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\cfgmgr32.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\srvcli.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\apppatch\acgenral.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\rsaenh.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\msi.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\wkscli.dll |
- PID
- 3280
- CMD
- C:\Windows\system32\msiexec.exe /V
- Path
- C:\Windows\system32\msiexec.exe
- Indicators
- Parent process
- ––
- User
- SYSTEM
- Integrity Level
- SYSTEM
- Version:
- Company
- Microsoft Corporation
- Description
- Windows® installer
- Version
- 5.0.7600.16385 (win7_rtm.090713-1255)
Modules
| Image |
|---|
| c:\windows\system32\ole32.dll |
| c:\windows\system32\msi.dll |
| c:\windows\system32\uxtheme.dll |
| c:\windows\system32\msacm32.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\cfgmgr32.dll |
| c:\windows\system32\devobj.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\mpr.dll |
| c:\windows\system32\samcli.dll |
| c:\windows\system32\sfc.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\cryptsp.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\apppatch\aclayers.dll |
| c:\windows\system32\sfc_os.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\wkscli.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\srvcli.dll |
| c:\windows\apppatch\acgenral.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\rsaenh.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\apphelp.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\netutils.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\netapi32.dll |
| c:\windows\system32\msiexec.exe |
| c:\windows\system32\clbcatq.dll |
| c:\windows\system32\rpcrtremote.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\msimsg.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\setupapi.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\msisip.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\ncrypt.dll |
| c:\windows\microsoft.net\framework\v4.0.30319\clr.dll |
| c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll |
| c:\windows\system32\sxs.dll |
| c:\windows\system32\bcrypt.dll |
| c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll |
| c:\windows\system32\winsta.dll |
| c:\windows\system32\gpapi.dll |
| c:\windows\system32\bcryptprimitives.dll |
| c:\windows\system32\mscoree.dll |
| c:\windows\system32\imagehlp.dll |
| c:\windows\system32\devrtl.dll |
- PID
- 2084
- CMD
- cmd /c ""C:\Users\admin\AppData\Local\Temp\20E61897-4EF0-4222-97E6-82AFB90DCFE3.bat" "C:\Users\admin\Downloads\GoToAssist Opener.exe""
- Path
- C:\Windows\system32\cmd.exe
- Indicators
- No indicators
- Parent process
- GoToAssist Opener.exe
- User
- admin
- Integrity Level
- MEDIUM
- Exit code
- 1
- Version:
- Company
- Microsoft Corporation
- Description
- Windows Command Processor
- Version
- 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
| Image |
|---|
| c:\windows\system32\cmd.exe |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\winbrand.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\rpcrt4.dll |
- PID
- 2760
- CMD
- "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\LogMeInLogs\GoToOpener.log
- Path
- C:\Windows\system32\NOTEPAD.EXE
- Indicators
- No indicators
- Parent process
- GoToAssist Opener.exe
- User
- admin
- Integrity Level
- MEDIUM
- Version:
- Company
- Microsoft Corporation
- Description
- Notepad
- Version
- 6.1.7600.16385 (win7_rtm.090713-1255)
Modules
| Image |
|---|
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\notepad.exe |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\uxtheme.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\cryptbase.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\gdi32.dll |
- PID
- 3976
- CMD
- "C:\Users\admin\AppData\Local\GoTo Opener\GoTo Opener.exe" "/urlQsArgs gotoopener://launch.getgo.com/launcher2/launch/e0-WxGxZlSpAIyc79zCO2Op5bbdmfaHDgO40zuQisvwRTmiSdwJ6x2kn03PWo_mT_dda-WFN7hxSJl3KhP5gx71XSHb2PgvG9ixYEjZIA0UbWuV3tFEsbE8Xcj8zxZSNMAsSAtFsruDOJXWJhB_2xHkibeVth70FR3yW_WzZeohXzVjoVmEn8zI2I4HfJmV3pDibJKiH0bjw1IyPXN0FBVubAYcDEUM0bWZwp8UqW1w7jhZIGB05YChvepzTlI9TmCfPBSAAFK9o-6aZixR4Gc67vwLa12xrZRNwO_caoKfg1L3jpnNTxF3t9Qal3xwMl6o_JBBsBsGNBuGtbExrgWYKTEPB_AaMltHmB_NMIxUJbCB2OV7zVyAY8FKPyNL8XKEYwNvizoY_CAhp_QohrlmVkxJUcFVUcDacnaX8b1px8gzLyIhrvuT1x00hv94EIw9nsatFrt98REBt2gBFm0hykrKFj0Ib5Sifp9U5MrR_BfCnttRmOr7yCb09jsD0skzyRm2G4oCtd2rXJ_aMp0i_8Om-mYRBexL0k3O-vENTK5o8xo067AWZ3inwYbE-DZS5F3xcglz4yz3tZsqhwNFfIkZD6c"
- Path
- C:\Users\admin\AppData\Local\GoTo Opener\GoTo Opener.exe
- Indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- MEDIUM
- Exit code
- 0
- Version:
- Company
- LogMeIn, Inc.
- Description
- GoTo Opener
- Version
- 1.0.0.533
Modules
| Image |
|---|
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\rasman.dll |
| c:\windows\system32\cscapi.dll |
| c:\windows\system32\wship6.dll |
| c:\windows\system32\bcryptprimitives.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\advapi32.dll |
| c:\users\admin\appdata\local\goto opener\goto opener.exe |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\fveui.dll |
| c:\windows\system32\qagentrt.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\uxtheme.dll |
| c:\windows\system32\gpapi.dll |
| c:\windows\system32\p2pcollab.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\netapi32.dll |
| c:\windows\system32\wkscli.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\rpcrtremote.dll |
| c:\windows\system32\ncrypt.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\mswsock.dll |
| c:\windows\system32\srvcli.dll |
| c:\windows\system32\fwpuclnt.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\cryptsp.dll |
| c:\windows\system32\ntshrui.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\clbcatq.dll |
| c:\windows\system32\sensapi.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\wshtcpip.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\rsaenh.dll |
| c:\windows\system32\oleaccrc.dll |
| c:\windows\system32\rasapi32.dll |
| c:\windows\system32\cabinet.dll |
| c:\windows\system32\rtutils.dll |
| c:\windows\system32\ntmarta.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\dssenh.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\dnsapi.dll |
| c:\windows\system32\bcrypt.dll |
| c:\windows\system32\apphelp.dll |
| c:\windows\system32\rasadhlp.dll |
| c:\windows\system32\netmsg.dll |
| c:\windows\system32\propsys.dll |
| c:\windows\system32\wldap32.dll |
| c:\windows\system32\credssp.dll |
| c:\windows\system32\dhcpcsvc6.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\schannel.dll |
| c:\windows\system32\samlib.dll |
| c:\windows\system32\nlaapi.dll |
| c:\windows\system32\netutils.dll |
| c:\windows\system32\cryptnet.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\normaliz.dll |
| c:\windows\system32\devrtl.dll |
| c:\windows\system32\cfgmgr32.dll |
| c:\windows\system32\devobj.dll |
| c:\windows\system32\imagehlp.dll |
| c:\windows\system32\setupapi.dll |
| c:\windows\system32\shdocvw.dll |
| c:\windows\system32\notepad.exe |
- PID
- 2384
- CMD
- "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\LogMeInLogs\GoToOpener.log
- Path
- C:\Windows\system32\NOTEPAD.EXE
- Indicators
- No indicators
- Parent process
- GoTo Opener.exe
- User
- admin
- Integrity Level
- MEDIUM
- Version:
- Company
- Microsoft Corporation
- Description
- Notepad
- Version
- 6.1.7600.16385 (win7_rtm.090713-1255)
Modules
| Image |
|---|
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\uxtheme.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\notepad.exe |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\user32.dll |
- PID
- 2700
- CMD
- "C:\Users\admin\AppData\Local\GoTo Opener\GoTo Opener.exe" "/urlQsArgs gotoopener://launch.getgo.com/launcher2/launch/e0-bqpsynY0znCujW48nP6rulk-JTfhALygQGsd5nW_DOnZ-PMNO0NeJEwKoOK2joPvinGWmKquykJSQFtxfBs9EvuHRfJwHSIDPaVKwLPaSrdc-LZFhKeSa6WYBe7uXeJywxOwqDQA5DFGC68tG_jnUxPZc4ItNru4NzkOCKOArTE3jYyp8VQsttOPOU_thbOQSC4nofs-ptpo1hb46Z9pSu3P3kW1WSYfCZUjh_F7LNPJSsCOLCWzfE9dWGUUlVM3FMMBJHJHxBTwcH8dH0QpDW5TaTReXTZgzpuERab9A6fcs1B8NNZf6zoxrPuyQdDiNq-xVEJByNnyoYftpjFydBwD8Wi7TT8suPo-bP8fePkShH0bo__faia-A3KgBTlgOovy3StzIbbteof6JUgmvscOeYIGDaY5AAIZTRHkP4N45q9z--iM9806JA3rvuiMZzXt-uCAsR17386DbLpA211AfHWlMVT03ut55EVNA885RH356SmkfLRQ9JVUkJc_R383oox14l5U5Jz2Uzlku2-GApAq_lVOJ0MpP4-a7GNXPb0AwLr_uOopIrrbXxhaSn0z3PXg1PcHxhNZTQP3VrdNm_w"
- Path
- C:\Users\admin\AppData\Local\GoTo Opener\GoTo Opener.exe
- Indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- MEDIUM
- Exit code
- 0
- Version:
- Company
- LogMeIn, Inc.
- Description
- GoTo Opener
- Version
- 1.0.0.533
Modules
| Image |
|---|
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\apphelp.dll |
| c:\windows\system32\ntmarta.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\dhcpcsvc6.dll |
| c:\windows\system32\rasadhlp.dll |
| c:\windows\system32\cryptnet.dll |
| c:\windows\system32\samlib.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\cryptsp.dll |
| c:\windows\system32\ncrypt.dll |
| c:\windows\system32\shell32.dll |
| c:\users\admin\appdata\local\goto opener\goto opener.exe |
| c:\windows\system32\kernel32.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\sensapi.dll |
| c:\windows\system32\netutils.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\oleaccrc.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\ntshrui.dll |
| c:\windows\system32\cabinet.dll |
| c:\windows\system32\netmsg.dll |
| c:\windows\system32\propsys.dll |
| c:\windows\system32\dssenh.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\wkscli.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\rasman.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\rpcrtremote.dll |
| c:\windows\system32\credssp.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\bcrypt.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\schannel.dll |
| c:\windows\system32\gpapi.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\rasapi32.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\rsaenh.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\uxtheme.dll |
| c:\windows\system32\dnsapi.dll |
| c:\windows\system32\cscapi.dll |
| c:\windows\system32\srvcli.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\bcryptprimitives.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\wldap32.dll |
| c:\windows\system32\netapi32.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\nlaapi.dll |
| c:\windows\system32\normaliz.dll |
| c:\windows\system32\rtutils.dll |
| c:\windows\system32\fwpuclnt.dll |
| c:\windows\system32\mswsock.dll |
| c:\windows\system32\clbcatq.dll |
| c:\windows\system32\wshtcpip.dll |
| c:\windows\system32\wship6.dll |
| c:\windows\system32\imagehlp.dll |
| c:\windows\system32\devobj.dll |
| c:\windows\system32\setupapi.dll |
| c:\windows\system32\cfgmgr32.dll |
| c:\windows\system32\devrtl.dll |
| c:\windows\system32\shdocvw.dll |
| c:\windows\system32\notepad.exe |
- PID
- 3944
- CMD
- "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\LogMeInLogs\GoToOpener.log
- Path
- C:\Windows\system32\NOTEPAD.EXE
- Indicators
- No indicators
- Parent process
- GoTo Opener.exe
- User
- admin
- Integrity Level
- MEDIUM
- Version:
- Company
- Microsoft Corporation
- Description
- Notepad
- Version
- 6.1.7600.16385 (win7_rtm.090713-1255)
Modules
| Image |
|---|
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\notepad.exe |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\version.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\uxtheme.dll |
- PID
- 3060
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15682654733329004656 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1152 /prefetch:1
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\profapi.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\imm32.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\version.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\dwrite.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\crypt32.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\webio.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\sspicli.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\cryptbase.dll |
- PID
- 688
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13994987755031351247 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\nsi.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\version.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\user32.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\usp10.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\profapi.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\secur32.dll |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\crypt32.dll |
- PID
- 960
- CMD
- "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,13522906091185382535,15076140749420656543,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2274753429351176589 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
- Path
- C:\Program Files\Google\Chrome\Application\chrome.exe
- Indicators
- No indicators
- Parent process
- chrome.exe
- User
- admin
- Integrity Level
- LOW
- Version:
- Company
- Google LLC
- Description
- Google Chrome
- Version
- 75.0.3770.100
Modules
| Image |
|---|
| c:\windows\system32\version.dll |
| c:\windows\system32\shlwapi.dll |
| c:\windows\system32\userenv.dll |
| c:\windows\system32\winmm.dll |
| c:\windows\system32\lpk.dll |
| c:\windows\system32\profapi.dll |
| c:\systemroot\system32\ntdll.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll |
| c:\windows\system32\shell32.dll |
| c:\windows\system32\usp10.dll |
| c:\windows\system32\gdi32.dll |
| c:\windows\system32\rpcrt4.dll |
| c:\program files\google\chrome\application\chrome.exe |
| c:\windows\system32\kernel32.dll |
| c:\windows\system32\kernelbase.dll |
| c:\windows\system32\advapi32.dll |
| c:\windows\system32\sechost.dll |
| c:\windows\system32\msvcrt.dll |
| c:\windows\system32\user32.dll |
| c:\windows\system32\winhttp.dll |
| c:\windows\system32\oleaut32.dll |
| c:\windows\system32\winspool.drv |
| c:\windows\system32\comdlg32.dll |
| c:\windows\system32\urlmon.dll |
| c:\windows\system32\secur32.dll |
| c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll |
| c:\windows\system32\nsi.dll |
| c:\windows\system32\msctf.dll |
| c:\windows\system32\sspicli.dll |
| c:\windows\system32\ws2_32.dll |
| c:\windows\system32\iertutil.dll |
| c:\windows\system32\uiautomationcore.dll |
| c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
| c:\windows\system32\msasn1.dll |
| c:\windows\system32\dwrite.dll |
| c:\windows\system32\ole32.dll |
| c:\windows\system32\wininet.dll |
| c:\windows\system32\dxgi.dll |
| c:\windows\system32\dwmapi.dll |
| c:\windows\system32\dbghelp.dll |
| c:\windows\system32\imm32.dll |
| c:\windows\system32\cryptbase.dll |
| c:\windows\system32\webio.dll |
| c:\windows\system32\winnsi.dll |
| c:\windows\system32\wtsapi32.dll |
| c:\windows\system32\wintrust.dll |
| c:\windows\system32\dhcpcsvc.dll |
| c:\windows\system32\iphlpapi.dll |
| c:\windows\system32\oleacc.dll |
| c:\windows\system32\psapi.dll |
| c:\windows\system32\crypt32.dll |
Registry activity
Total events
2558
Read events
2217
Write events
333
Delete events
8
Modification events
PID
Process
Operation
Key
Name
Value
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2472
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2472
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13219792546302750
2472
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2472
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
7BA9C5992A942459232B97C401062C6FA608AF20F23CC36261418EB3DD07DB1C
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
D86B52895EB70FF8DCFCB06789C918D8E1E00307109BC68705651A1FBA7E0FE9
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
DE3B27E3154029F1E5AE9B40EE55D558CDC259C2EDF14E9D86A10BA72538CBF4
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
1694F7171A7ED7A45DDD425A94C0EEA12811EA8CFE42E4FD1B8B992C79B60FA4
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
A0D2B29B001597BBA54FF4848B6B40529535591E20D5B56013BE31A448977A91
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
990FF3AF8F60BDCD321C730206866E7F0533381F94ED3ECD8021A4E8E795AF6D
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
00175B8120231631976CA8B862A3416996C9373BA3D289F0619DDA992973DDFA
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
0E265BFED6F1C7D5F0A9BD790C50BB30E78E959631D51EEBB8BB0DE73E65763C
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
5D58C2FED93EFDED578B006CB02BBB8DEC329128E2D098172E1316CDD15254DC
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
900A6806D348AC1E25E3F30AC285F67618EBE2656E9A9754A93116329C6BD9CC
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
DB64423A032ADEA0B7ACBA94E17A5EE828D40DAADF021AB3AA7F40DA96AE90CC
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
CF9AAE726745459A9F241D7D25D6907DE08F38E375EDC0D93990E93B85F9DA9F
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
0669C833FAD06B1BA5036F2F54E34D596EE24227BB900E152243CC8C6AC77B91
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
4E97FC49F4D5D8FD3FFFD84792CE8C15149AF8A9DEE8C5E1CEE913E546F5C1E0
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E3070C0001000200140025000C00580300000000
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E3070C0001000200140025000C005D0300000000
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
C661094950A9D501
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
2472
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
2168
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2472-13219792544912125
259
856
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
856
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
856
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
856
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
856
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
856
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
2708
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2708
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
2708
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
2708
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@sendmail.dll,-4
Mail recipient
2708
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient
616
GoToAssist Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoToAssist Opener_RASAPI32
EnableFileTracing
0
616
GoToAssist Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoToAssist Opener_RASAPI32
EnableConsoleTracing
0
616
GoToAssist Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoToAssist Opener_RASAPI32
FileTracingMask
4294901760
616
GoToAssist Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoToAssist Opener_RASAPI32
ConsoleTracingMask
4294901760
616
GoToAssist Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoToAssist Opener_RASAPI32
MaxFileSize
1048576
616
GoToAssist Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoToAssist Opener_RASAPI32
FileDirectory
%windir%\tracing
616
GoToAssist Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoToAssist Opener_RASMANCS
EnableFileTracing
0
616
GoToAssist Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoToAssist Opener_RASMANCS
EnableConsoleTracing
0
616
GoToAssist Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoToAssist Opener_RASMANCS
FileTracingMask
4294901760
616
GoToAssist Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoToAssist Opener_RASMANCS
ConsoleTracingMask
4294901760
616
GoToAssist Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoToAssist Opener_RASMANCS
MaxFileSize
1048576
616
GoToAssist Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoToAssist Opener_RASMANCS
FileDirectory
%windir%\tracing
616
GoToAssist Opener.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
616
GoToAssist Opener.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
616
GoToAssist Opener.exe
write
HKEY_CURRENT_USER\Software\LogMeInInc\GoTo Opener
UUID
{5DE450C8-84C9-4B0D-80DC-7176402509EE}
616
GoToAssist Opener.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
616
GoToAssist Opener.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
616
GoToAssist Opener.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
616
GoToAssist Opener.exe
write
HKEY_CURRENT_USER\Software\LogMeInInc\GoTo Opener
netAuthUiEncountered
0
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\3b321f.ipi
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\3b3220.rbs
30779728
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\3b3220.rbsLow
1344534512
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\516A7870045707049A55E9F6BDCFC602
83C33F0CC54320C41B16118339052C5A
01:\Software\LogMeInInc\GoTo Opener\ProductCode
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\F84CCB31DF6692553BA20461EDD3B1D6
83C33F0CC54320C41B16118339052C5A
01:\Software\Microsoft\Internet Explorer\ProtocolExecute\gotoopener533\WarnOnOpen
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\032B10E068D96405E82F87FD54AAD0B2
83C33F0CC54320C41B16118339052C5A
01:\Software\Microsoft\Internet Explorer\ProtocolExecute\gotoopener\WarnOnOpen
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\E8B661BF9F11F8C5C95D9FD5D3FC11AA
83C33F0CC54320C41B16118339052C5A
01:\Software\Microsoft\Internet Explorer\ProtocolExecute\citrixonline533\WarnOnOpen
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\6F4F3B1EDE5110B5EBACB468272CA5D5
83C33F0CC54320C41B16118339052C5A
01:\Software\Microsoft\Internet Explorer\ProtocolExecute\citrixonline\WarnOnOpen
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\C12BC0438FB71EB519AA062C7B14AD45
83C33F0CC54320C41B16118339052C5A
01:\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FF9E85E-17DD-4f5e-8BBC-050D26E8B90F}\AppPath
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\D0521F481FCB0245C9EB97BBCD80A1B9
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\gotoopener\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\C3862FA46F632DF5E895B5A96466E019
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\gotoopener\Shell\Open\Command\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\289D63C5EF5CD9356876B0B6CCF06424
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\citrixonline\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\CFC1BEE510CD51555BB9619B17C5A0E2
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\citrixonline\Shell\Open\Command\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\7A8FC95220E434A5FB26B90D1A71B893
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\.gotoopener533\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\2381406FBB16BB35BA17E80B4C987735
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\.citrixonline533\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\06D0C83325168C8578FB1C4BEE876EA0
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\LogMeInInc.GoToOpener533\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\B7895C10B35E293538E75D17BD532EC6
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\LogMeInInc.GoToOpener533\Shell\Open\Command\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\E3D64F72B6F45025CAA18D5CB6797557
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\gotoopener533\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\D320613F7B363C452BC8D0412C24EAA8
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\gotoopener533\Shell\Open\Command\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\C2D2343AA930FEF509B65F55FC6FAB0C
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\citrixonline533\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\9CA804C02D8F17E5B873652204A8916A
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\citrixonline533\Shell\Open\Command\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\3AB4F8373595A6D5587C7E13342E282D
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\.gotoopener\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\2831B0B4FEFDEA45B854E1A543121874
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\.citrixonline\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\25999881EC04C1A59A42888AD1BB43C9
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\LogMeInInc.GoToOpener\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\FE3B1D58F1481C05C9E3939EA28963FF
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\LogMeInInc.GoToOpener\Shell\Open\Command\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\2B3DA7B5067450953932FD4E7E0773B9
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\MIME\Database\Content Type\application/x-col-launch533\Extension
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\020C083B0FD14695287362F86F61A80C
83C33F0CC54320C41B16118339052C5A
01:\Software\Classes\MIME\Database\Content Type\application/x-col-launch\Extension
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\admin\AppData\Local\GoTo Opener\
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\LogMeInInc\GoTo Opener
ProductCode
{C0F33C38-345C-4C02-B161-11389350C2A5}
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\LogMeInInc\GoTo Opener
buildInstalled
533
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\gotoopener533
WarnOnOpen
0
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\gotoopener
WarnOnOpen
0
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\citrixonline533
WarnOnOpen
0
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\citrixonline
WarnOnOpen
0
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FF9E85E-17DD-4f5e-8BBC-050D26E8B90F}
AppPath
C:\Users\admin\AppData\Local\GoTo Opener\
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FF9E85E-17DD-4f5e-8BBC-050D26E8B90F}
Policy
3
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FF9E85E-17DD-4f5e-8BBC-050D26E8B90F}
AppName
GoTo Opener.exe
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\gotoopener
GoTo Opener
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\gotoopener
URL Protocol
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\gotoopener\Shell\Open\Command
"C:\Users\admin\AppData\Local\GoTo Opener\GoTo Opener.exe" "/urlQsArgs %1"
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\citrixonline
GoTo Opener
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\citrixonline
URL Protocol
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\citrixonline\Shell\Open\Command
"C:\Users\admin\AppData\Local\GoTo Opener\GoTo Opener.exe" "/urlQsArgs %1"
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\.gotoopener533
LogMeInInc.GoToOpener533
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\.gotoopener533
ContentType
application/x-col-launch533
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\.citrixonline533
LogMeInInc.GoToOpener533
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\.citrixonline533
ContentType
application/x-col-launch533
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\LogMeInInc.GoToOpener533
GoTo Opener Launch Action (build 533)
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\LogMeInInc.GoToOpener533\Shell\Open\Command
"C:\Users\admin\AppData\Local\GoTo Opener\GoTo Opener.exe" "/docArgs %1"
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\gotoopener533
GoTo Opener
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\gotoopener533
URL Protocol
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\gotoopener533\Shell\Open\Command
"C:\Users\admin\AppData\Local\GoTo Opener\GoTo Opener.exe" "/urlQsArgs %1"
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\citrixonline533
GoTo Opener
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\citrixonline533
URL Protocol
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\citrixonline533\Shell\Open\Command
"C:\Users\admin\AppData\Local\GoTo Opener\GoTo Opener.exe" "/urlQsArgs %1"
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\.gotoopener
LogMeInInc.GoToOpener
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\.gotoopener
ContentType
application/x-col-launch
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\.citrixonline
LogMeInInc.GoToOpener
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\.citrixonline
ContentType
application/x-col-launch
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\LogMeInInc.GoToOpener
GoTo Opener Launch Action (build 533)
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\LogMeInInc.GoToOpener\Shell\Open\Command
"C:\Users\admin\AppData\Local\GoTo Opener\GoTo Opener.exe" "/docArgs %1"
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\MIME\Database\Content Type\application/x-col-launch533
Extension
.gotoopener533
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\MIME\Database\Content Type\application/x-col-launch
Extension
.gotoopener
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
LocalPackage
C:\Windows\Installer\3b3221.msi
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
AuthorizedCDFPrefix
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
Comments
GoTo Opener Application
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
Contact
LogMeIn, Inc.
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
DisplayVersion
1.0.533
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
HelpLink
http://link.logmeininc.com/get-help
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
HelpTelephone
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
InstallDate
20191202
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
InstallLocation
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
InstallSource
C:\Users\admin\AppData\Local\Temp\5B03E976-F13B-45F1-9A03-4E53FE54DE5D\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
ModifyPath
MsiExec.exe /X{C0F33C38-345C-4C02-B161-11389350C2A5}
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
NoModify
1
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
Publisher
LogMeIn, Inc.
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
Readme
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
Size
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
EstimatedSize
336
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
UninstallString
MsiExec.exe /X{C0F33C38-345C-4C02-B161-11389350C2A5}
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
URLInfoAbout
https://www.gotomeeting.com/
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
URLUpdateInfo
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
VersionMajor
1
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
VersionMinor
0
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
WindowsInstaller
1
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
Version
16777749
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
Language
1033
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
AuthorizedCDFPrefix
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
Comments
GoTo Opener Application
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
Contact
LogMeIn, Inc.
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
DisplayVersion
1.0.533
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
HelpLink
http://link.logmeininc.com/get-help
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
HelpTelephone
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
InstallDate
20191202
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
InstallLocation
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
InstallSource
C:\Users\admin\AppData\Local\Temp\5B03E976-F13B-45F1-9A03-4E53FE54DE5D\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
ModifyPath
MsiExec.exe /X{C0F33C38-345C-4C02-B161-11389350C2A5}
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
NoModify
1
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
Publisher
LogMeIn, Inc.
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
Readme
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
Size
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
EstimatedSize
336
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
UninstallString
MsiExec.exe /X{C0F33C38-345C-4C02-B161-11389350C2A5}
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
URLInfoAbout
https://www.gotomeeting.com/
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
URLUpdateInfo
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
VersionMajor
1
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
VersionMinor
0
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
WindowsInstaller
1
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
Version
16777749
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
Language
1033
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A26263DC8E6AECC438112A2415270350
83C33F0CC54320C41B16118339052C5A
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\InstallProperties
DisplayName
GoTo Opener
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0F33C38-345C-4C02-B161-11389350C2A5}
DisplayName
GoTo Opener
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Features\83C33F0CC54320C41B16118339052C5A
DefaultFeature
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\Features
DefaultFeature
s2eK%5rJe81}@sK4~oK-L?5E)aWTGC]Gr0*x`a(Kpr_R'4$'mAWf$opPS2p10}LdyuR[hEG&C5FFX,a_T4zUq-R.9E)dn1Sk,E!F3bxf4*z)UE-J3PgP`)?C}EofRKr?&Cd.^9enY5qY``O*@-sflF[xq[Yu}j]Vm?4_E.wAsB3lDJJ3STA92]([email protected])rjl21jV*0l&t!EbSv&lPe$R6n6t(xTQOvB*gChaA+7oBUk5X4RwMUD7T)+c&]kR&XMJX!*90rBrTnYL.EY~JE=Tp06reFB4,tYhMw`eMrIp-w[7_8C.%oM)gA[XTi]0P]k+moFp0A^Ck93yfteex&oj.FFd`&&.^=aH^p}z.MGT!%F5[F&4NPx`[email protected]}=aaDt*XnezD~f+2_~pG5Zy9l!S.n1zA}yJzsw80%{*k-JE)Cy[DN5TWrSCEtY9pncbIX(gDBnb!V&xzsf
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\admin\AppData\Roaming\Microsoft\Installer\{C0F33C38-345C-4C02-B161-11389350C2A5}\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\admin\AppData\Roaming\Microsoft\Installer\
3280
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\83C33F0CC54320C41B16118339052C5A\Patches
AllPatches
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A
ProductName
GoTo Opener
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A
PackageCode
19F43E00C44628A4F877533A4F925965
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A
Language
1033
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A
Version
16777749
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A
Assignment
0
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A
AdvertiseFlags
388
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A
ProductIcon
%APPDATA%\Microsoft\Installer\{C0F33C38-345C-4C02-B161-11389350C2A5}\icon.ico
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A
InstanceType
0
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A
AuthorizedLUAApp
0
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A
DeploymentFlags
2
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\UpgradeCodes\A26263DC8E6AECC438112A2415270350
83C33F0CC54320C41B16118339052C5A
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A\SourceList
PackageName
GoToOpener.msi
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A\SourceList\Net
1
C:\Users\admin\AppData\Local\Temp\5B03E976-F13B-45F1-9A03-4E53FE54DE5D\
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A\SourceList\Media
DiskPrompt
GoTo Opener Installation [1]
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A\SourceList\Media
1
;CD-ROM #1
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A
Clients
:
3280
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\83C33F0CC54320C41B16118339052C5A\SourceList
LastUsedSource
n;1;C:\Users\admin\AppData\Local\Temp\5B03E976-F13B-45F1-9A03-4E53FE54DE5D\
3280
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\12B\52C64B7E
3280
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\12B
3280
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
3280
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
3280
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
3976
GoTo Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoTo Opener_RASAPI32
EnableFileTracing
0
3976
GoTo Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoTo Opener_RASAPI32
EnableConsoleTracing
0
3976
GoTo Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoTo Opener_RASAPI32
FileTracingMask
4294901760
3976
GoTo Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoTo Opener_RASAPI32
ConsoleTracingMask
4294901760
3976
GoTo Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoTo Opener_RASAPI32
MaxFileSize
1048576
3976
GoTo Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoTo Opener_RASAPI32
FileDirectory
%windir%\tracing
3976
GoTo Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoTo Opener_RASMANCS
EnableFileTracing
0
3976
GoTo Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoTo Opener_RASMANCS
EnableConsoleTracing
0
3976
GoTo Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoTo Opener_RASMANCS
FileTracingMask
4294901760
3976
GoTo Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoTo Opener_RASMANCS
ConsoleTracingMask
4294901760
3976
GoTo Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoTo Opener_RASMANCS
MaxFileSize
1048576
3976
GoTo Opener.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GoTo Opener_RASMANCS
FileDirectory
%windir%\tracing
3976
GoTo Opener.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3976
GoTo Opener.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000094000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3976
GoTo Opener.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3976
GoTo Opener.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3976
GoTo Opener.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
3976
GoTo Opener.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
3976
GoTo Opener.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
3976
GoTo Opener.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
3976
GoTo Opener.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
3976
GoTo Opener.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
3976
GoTo Opener.exe
write
HKEY_CURRENT_USER\Software\LogMeInInc\GoTo Opener
netAuthUiEncountered
0
2700
GoTo Opener.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2700
GoTo Opener.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000095000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2700
GoTo Opener.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2700
GoTo Opener.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2700
GoTo Opener.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2700
GoTo Opener.exe
write
HKEY_CURRENT_USER\Software\LogMeInInc\GoTo Opener
netAuthUiEncountered
0
Files activity
Executable files
13
Suspicious files
83
Text files
262
Unknown types
16
Dropped files
PID
Process
Filename
Type
2472
chrome.exe
C:\Users\admin\Downloads\e295bbe5-0d48-4821-97f8-dc07a835478f.tmp
executable
MD5:
6485a2ece9f5d2e7f133400e1ef09c93
SHA256:
24accac3b39547f28e67af33de8c1bb53ef8aa5b174c2043863f4d76868c2c6c
3280
msiexec.exe
C:\Users\admin\AppData\Local\GoTo Opener\GoTo Opener.exe
executable
MD5:
1d028973dcdb24f164bfa57b4fc2b2dc
SHA256:
818007e55aa61422e987615bc17578c108d5e8c405cf13a7fd8645f507d8a92a
3976
GoTo Opener.exe
C:\Users\admin\AppData\Local\Temp\AAE27766-DE9B-4F68-871D-9638050A8249\g2ax_customer_combined_dll_core_win32_x86.exe
executable
MD5:
c77fdcc60c0d101c0b72793253b41fc4
SHA256:
6b118cac4d10f550ebc599dd57efa598856d716f319f778465b5dcf9da901479
616
GoToAssist Opener.exe
C:\Users\admin\AppData\Local\Temp\5B03E976-F13B-45F1-9A03-4E53FE54DE5D\GoToOpener.msi
executable
MD5:
87abee281a53fcac5a4c9f06ef8c63e9
SHA256:
b9f3cdbd519e0fbc5e908f590cae8f3b523174962839876683346c3484811076
616
GoToAssist Opener.exe
C:\Users\admin\AppData\Local\Temp\5B03E976-F13B-45F1-9A03-4E53FE54DE5D\GoTo Opener.exe
executable
MD5:
1d028973dcdb24f164bfa57b4fc2b2dc
SHA256:
818007e55aa61422e987615bc17578c108d5e8c405cf13a7fd8645f507d8a92a
3280
msiexec.exe
C:\Windows\Installer\3b3221.msi
executable
MD5:
87abee281a53fcac5a4c9f06ef8c63e9
SHA256:
b9f3cdbd519e0fbc5e908f590cae8f3b523174962839876683346c3484811076
2472
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 939215.crdownload
executable
MD5:
036c79458381068820d70386dadd1802
SHA256:
dd67873eea33976d4529d8f7bc41e5db2fc14a605e098195d8c95b71366ebc2b
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
executable
MD5:
036c79458381068820d70386dadd1802
SHA256:
dd67873eea33976d4529d8f7bc41e5db2fc14a605e098195d8c95b71366ebc2b
2700
GoTo Opener.exe
C:\Users\admin\AppData\Local\Temp\F5C2C946-4A62-4D4D-BC2D-4E790868C8E8\g2ax_customer_combined_dll_core_win32_x86.exe
executable
MD5:
c77fdcc60c0d101c0b72793253b41fc4
SHA256:
6b118cac4d10f550ebc599dd57efa598856d716f319f778465b5dcf9da901479
3280
msiexec.exe
C:\Windows\Installer\3b321d.msi
executable
MD5:
87abee281a53fcac5a4c9f06ef8c63e9
SHA256:
b9f3cdbd519e0fbc5e908f590cae8f3b523174962839876683346c3484811076
616
GoToAssist Opener.exe
C:\Users\admin\AppData\Local\Temp\AB08ACB7-9284-427D-A835-2B9F92E6D5B8\g2ax_customer_combined_dll_core_win32_x86.exe
executable
MD5:
c77fdcc60c0d101c0b72793253b41fc4
SHA256:
6b118cac4d10f550ebc599dd57efa598856d716f319f778465b5dcf9da901479
2472
chrome.exe
C:\Users\admin\Downloads\GoToAssist Opener.exe
executable
MD5:
036c79458381068820d70386dadd1802
SHA256:
dd67873eea33976d4529d8f7bc41e5db2fc14a605e098195d8c95b71366ebc2b
2472
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2472_16226\CRX_INSTALL\_locales\ml\messages.json
––
MD5:
––
SHA256:
––
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
compressed
MD5:
3e482d9670e29ee4e9faa514bb9ffb94
SHA256:
67a92690fb155bebfc450fd3dd7005d89263fe48a6e54e7c9f91ed68a12ebe2a
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
image
MD5:
00ab281734f13c6e578465e143d82f2c
SHA256:
15fc6c329d9177bed59228199df6947c9ef7848d8aac794f07896687b5c6a607
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2a55ce20760b79e5_0
binary
MD5:
06b799338fd0759991a15288a87c749e
SHA256:
4fb13af2b6e6ad98b08471559b0a11fcd7c1768df60c49e771fe92056d11409b
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
binary
MD5:
52d2aa3c3e943a1fccc168880ca7c727
SHA256:
b3bdaab0c158b1776fd55a081992b2ee3b279c6a63f81739c9e7650d7e51a841
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc3e26aacf5f353a_0
binary
MD5:
0166fe99b603953bd4fa66fc864189f4
SHA256:
ca8c9ee8e6ed479315280c03ca95a0e57009ddad574e1097ab30e8b232cca832
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
compressed
MD5:
818fa6f123e74359361fef8dc8c4881b
SHA256:
fca315b23575f7a7c5e14e68f9de9453cd716933c877e19c3e533b24b6161417
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6a10edf5033ff393_0
binary
MD5:
b34c5783e57e9906629f9566c234d523
SHA256:
29c91176198040f362198c7e99dd2dcb7040aec660ff0a35a233134645a0df45
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
text
MD5:
96418b10b9481ec44ebd11d1091f54f4
SHA256:
0f616285f14e25bd055aeaea3f75656e0ee06fb92b006cdf51b77d04068d4b48
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\af708faf327f98d8_0
binary
MD5:
ad67a63734c8c048461725485ca52684
SHA256:
38cc862fe281e1b13854ede9b9008075caedfe5cc4610d86182666dd14c93efe
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5:
a925bc082227d633f5c1a09b75bd04a0
SHA256:
04899d665e41826b5fa0fa2d616667350af79e286616c028ea8d87e2c40cc57c
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f3892c7eb883dc91_0
binary
MD5:
c9b3e2cac75a4745478f066713ebe0f0
SHA256:
dd94a9c72f88cbb2310f731e2cff259c6ee7165535fe793baf3ae2571289f4ce
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d643eff53610a91f_0
binary
MD5:
4680030000a2e33b513c4860d28e78aa
SHA256:
8e22e9d3b045109453fd171e9d8bc917b7836fabf38aced2b36057e8b5b55280
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\488d93418569a559_0
binary
MD5:
d1b701b6eeb0a0e4a8f6d5f665c44a5a
SHA256:
76a5ae4d0601c903a8d2eb6931fb9834c64e76b066755d06e388bec87576d218
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
binary
MD5:
f6ad4f99da1dad4dbe10c90e08209e94
SHA256:
5ca90ee57e86db53650bde3e04ad742c262ccc0b6aacf584c440f97cccfbab4d
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6a10edf5033ff393_0
binary
MD5:
2d2f40bcfb247467e7d82707e6f3fbe1
SHA256:
721e1c0885fbc24e149b01a86658c6685a3a125427c67b0fa27e4f0cfe09fae8
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
compressed
MD5:
f66ce9f507641cbe02bbfe1fff696456
SHA256:
d829f0f815f5b3b4c646791f6328837c2f7402ae1c355b8f8d8a3f5727397007
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\06b79fac07d399aa_0
binary
MD5:
b943e0a907b86da2544c6c45defbeec3
SHA256:
4a3f86ce8f2966ad887515c4edd8d50d44bab16faed85bd1c9e375741628b888
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
compressed
MD5:
91d44d229056cd228af000e0e0b863a3
SHA256:
00bf075630732a85c94fcab5a7556f458e73312ed7f4617decb4a7d6e5687a78
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ea94821b2a8f9283_0
binary
MD5:
27e4738063ddd6bd5bb18654a19cd64e
SHA256:
ad900b53ec3f949e87157492860263f9ca2ee16aedc21de0bf45079306b91146
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7f64a17c617feea1_0
binary
MD5:
8f49ea87a3718e0e322516aa64723f11
SHA256:
4e0f8fd00849ed147052f7c430f3c9b6beb12c7c2c29e90bfbf58bd788d2703f
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
compressed
MD5:
251a8558521cdcd760736ee9b4fa7be2
SHA256:
a53985010058263fc3d4e3fec09cc710377da8d42f7bbac5036a4d0294db5cb0
856
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5887976EDAA817EEF5159B09F6FCD000_3E689E511A69A396ACD10713000FA552
binary
MD5:
da49c901e02f09b51b76b192d5d3d7f6
SHA256:
57846c66d5f1e8b6368b99e0f4b1347fbc7e348a99392905313349bb96e5f3b0
856
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5887976EDAA817EEF5159B09F6FCD000_3E689E511A69A396ACD10713000FA552
der
MD5:
588fc29e412aed6934d509380894629f
SHA256:
c843fb9e6956f33769f1268454838039c0bc883b6f7e029b7e3f1acccb92525f
2700
GoTo Opener.exe
C:\Users\admin\AppData\Local\Temp\LogMeInLogs\GoToOpener.log
text
MD5:
e377ab85609671bc7c5b18cd6fc3b2bc
SHA256:
9871603bf68bd3c9525535c09538fb7e6439bcd1e7b7723e3ce717493511f8af
2700
GoTo Opener.exe
C:\Users\admin\AppData\Local\Temp\Tar2D51.tmp
––
MD5:
––
SHA256:
––
2700
GoTo Opener.exe
C:\Users\admin\AppData\Local\Temp\Cab2D50.tmp
––
MD5:
––
SHA256:
––
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF3e2a00.TMP
text
MD5:
83860876675e20be66264abdf62d615d
SHA256:
1c1447b062bc8b8cc72b7972fb9ac7e527072d2ac8acb12755ed34761d7f93d8
2700
GoTo Opener.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\g2ax_customer_combined_dll_core_win32_x86[1].exe
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3cdfbd.TMP
text
MD5:
95e0a35bb9e909662e6e3c53af4c2823
SHA256:
1e68cd787adfa31c3129a18585b6b327d3f0feec334081607c77cb3b7a8f3df7
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5:
95e0a35bb9e909662e6e3c53af4c2823
SHA256:
1e68cd787adfa31c3129a18585b6b327d3f0feec334081607c77cb3b7a8f3df7
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\b7cd31c4-893b-43be-bc61-ef7615345a98.tmp
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF3cd5bb.TMP
text
MD5:
21a5106839668660491e83f0a2b7afde
SHA256:
dd0902721f1e7da9521edee826b43f97a0e5fa2e55b365a95281792efd9ca696
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5:
21a5106839668660491e83f0a2b7afde
SHA256:
dd0902721f1e7da9521edee826b43f97a0e5fa2e55b365a95281792efd9ca696
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\0ca8fced-e75b-41ed-ba6c-a966dd895659.tmp
––
MD5:
––
SHA256:
––
3976
GoTo Opener.exe
C:\Users\admin\AppData\Local\Temp\LogMeInLogs\GoToOpener.log
text
MD5:
3f81671f53be7fd345fab5d5790d3869
SHA256:
2ed1ac3053cb7be758592529d1d3ca0efafa384248df91f19a51c0c4dfc06547
3976
GoTo Opener.exe
C:\Users\admin\AppData\Local\Temp\Tar5B5B.tmp
––
MD5:
––
SHA256:
––
3976
GoTo Opener.exe
C:\Users\admin\AppData\Local\Temp\Cab5B5A.tmp
––
MD5:
––
SHA256:
––
856
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\172f1d43-178a-42c0-9642-0abc009047da.tmp
––
MD5:
––
SHA256:
––
3976
GoTo Opener.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\g2ax_customer_combined_dll_core_win32_x86[1].exe
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlBilling.store
binary
MD5:
d429d14c3112be979b22e2794d1baa58
SHA256:
34b3b80da953c40e79cf4f3b666a3a154edbcb805f2321d3612d4ecd83ed4755
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store
binary
MD5:
9ee2ef2d8c31cd877f72d04498908a0f
SHA256:
e92922abd3f31e4a86c550b8cab54d79555ade1f4edc62b4dc10f88d4b36a300
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store
binary
MD5:
f588a9a75c15f7552331ec603de258cd
SHA256:
bc4df7b06c8a513ae84b67cae1bb557510c5ffc346cabbe619240640f7ec7207
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store
binary
MD5:
d3b4b4ed9ef97d72ea56a29c30286e4b
SHA256:
f8e9772d3775f926929f09e0f7cd3f42b3394c4c9dded34e5b92c6928e1dfdbc
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store
binary
MD5:
bd2a05bc63a946ea99e1de94c59059c0
SHA256:
46a9238c3152029a3371ba7b757cac42b7feb9bfbf9f196b1fdd990261065978
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlBilling.store_new
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store_new
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store_new
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store_new
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store
binary
MD5:
c55407180956b7238639b745c90c7add
SHA256:
e2981286885c8edcb352b270f35d2eafa7b48102ca3d83f07d8713e1c43ff713
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store_new
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store_new
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store
binary
MD5:
caeafb64cc45d1f6de0b645f9ca3f467
SHA256:
ebfadd74e8ddfa56c23f4b017b1d631f35176455bc855b33e1a52006ec98e115
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store_new
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store
binary
MD5:
d7d05d4891f16e92010850ae8cca373f
SHA256:
430e81f5854abb2b36ebc506167e70a513fddcf63fef5174ac57bfd0e76f77f2
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store_new
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store
binary
MD5:
fc0134624adab2a22f93b6b212f196b7
SHA256:
bb801a98c4aaa65e6109034883b61a63957c41af64330dead8d74e6a7e70779e
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store_new
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store_new
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store
binary
MD5:
6c06826a389e9975e11fb8ec572503b8
SHA256:
0df9e1da234aca57927fce9bda3a72bdd734e54e68361f96eb020ebd82bb8028
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store_new
––
MD5:
––
SHA256:
––
2472
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store
binary
MD5:
da00f5f8a1e4bdb532342a9f0ab950a3
SHA256:
48efa99cdf638eb242b760569e6dbf15c0d0c78d6fa1e4e64ea15543d6bbca5a
2472
chrome.exe
C:\Users\admin\AppData\Local