General Info

File name

webplugin.exe

Full analysis
https://app.any.run/tasks/bfb7c2cf-5ef7-400f-a3b0-a886de2383f2
Verdict
Malicious activity
Analysis date
11/8/2018, 09:33:03
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

a95c43a2cc033bdd7d755e5175afe5fb

SHA1

049767aca40c92db291cd8f3e131b6693bb35215

SHA256

472ff34b6664f0e64b5c41634e5444c0abf8f9ebc917641887ab545d63a59f0c

SSDEEP

24576:akCfmgSvMWIAJoMGlqIEryQ4L4aMgK83Q543+:TCfTS02JrGoIcT7cQCu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
on
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • TimeGridEXE.exe (PID: 2924)
  • WebActiveEXE.exe (PID: 2596)
Application was dropped or rewritten from another process
  • WebActiveEXE.exe (PID: 2596)
  • TimeGridEXE.exe (PID: 2924)
Registers / Runs the DLL via REGSVR32.EXE
  • webplugin.exe (PID: 3720)
Executable content was dropped or overwritten
  • webplugin.exe (PID: 3720)
Creates files in the program directory
  • webplugin.exe (PID: 3720)
Creates files in the user directory
  • webplugin.exe (PID: 3720)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3460)
Reads internet explorer settings
  • iexplore.exe (PID: 3460)
Reads settings of System Certificates
  • chrome.exe (PID: 1340)
Changes internet zones settings
  • iexplore.exe (PID: 1996)
Application launched itself
  • chrome.exe (PID: 1340)
Dropped object may contain Bitcoin addresses
  • webplugin.exe (PID: 3720)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   NSIS - Nullsoft Scriptable Install System (94.8%)
.exe
|   Win32 Executable MS Visual C++ (generic) (3.4%)
.dll
|   Win32 Dynamic Link Library (generic) (0.7%)
.exe
|   Win32 Executable (generic) (0.5%)
.exe
|   Generic Win/DOS Executable (0.2%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2009:12:05 23:50:46+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
23552
InitializedDataSize:
119808
UninitializedDataSize:
1024
EntryPoint:
0x323c
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
3.1.0.4
ProductVersionNumber:
3.1.0.4
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
ASCII
FileVersion:
3.1.0.249178
ProductName:
WebPlugin
ProductVersion:
3.1.0.249178
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
05-Dec-2009 22:50:46
Detected languages
English - United States
FileVersion:
3.1.0.249178
ProductName:
WebPlugin
ProductVersion:
3.1.0.249178
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
05-Dec-2009 22:50:46
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00005A5A 0x00005C00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.4177
.rdata 0x00007000 0x00001190 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.18163
.data 0x00009000 0x0001AF98 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.70903
.ndata 0x00024000 0x00009000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x0002D000 0x00005778 0x00005800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 2.83885
Resources
1

2

3

4

5

6

7

103

105

106

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
52
Monitored processes
18
Malicious processes
1
Suspicious processes
1

Behavior graph

+
drop and start drop and start start webplugin.exe no specs webplugin.exe webactiveexe.exe timegridexe.exe no specs regsvr32.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs iexplore.exe iexplore.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3052
CMD
"C:\Users\admin\Downloads\webplugin.exe"
Path
C:\Users\admin\Downloads\webplugin.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
3.1.0.249178
Modules
Image
c:\users\admin\downloads\webplugin.exe
c:\systemroot\system32\ntdll.dll

PID
3720
CMD
"C:\Users\admin\Downloads\webplugin.exe"
Path
C:\Users\admin\Downloads\webplugin.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
3.1.0.249178
Modules
Image
c:\users\admin\downloads\webplugin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\webrec\web30\webplugin\webactiveexe.exe
c:\program files\webrec\web30\webplugin\timegridexe.exe
c:\windows\system32\regsvr32.exe

PID
2596
CMD
"C:\Program Files\webrec\WEB30\WebPlugin\WebActiveEXE.exe" /regserver
Path
C:\Program Files\webrec\WEB30\WebPlugin\WebActiveEXE.exe
Indicators
Parent process
webplugin.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
WebActiveEXE Module
Version
1, 0, 0, 1
Modules
Image
c:\program files\webrec\web30\webplugin\webactiveexe.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\atl.dll
c:\program files\webrec\web30\webplugin\dhsurveillancedll.dll
c:\program files\webrec\web30\webplugin\dhnetsdk.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\program files\webrec\web30\webplugin\videowindow.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\odbc32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\webrec\web30\webplugin\dhplay.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\version.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\avifil32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll

PID
2924
CMD
"C:\Program Files\webrec\WEB30\WebPlugin\TimeGridEXE.exe" /regserver
Path
C:\Program Files\webrec\WEB30\WebPlugin\TimeGridEXE.exe
Indicators
No indicators
Parent process
webplugin.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
TimeGridEXE Module
Version
1, 0, 0, 1
Modules
Image
c:\program files\webrec\web30\webplugin\timegridexe.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\atl.dll
c:\windows\system32\msvcp60.dll
c:\program files\webrec\web30\webplugin\timeaxesdll.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll

PID
3264
CMD
regsvr32 /s "atl.dll"
Path
C:\Windows\system32\regsvr32.exe
Indicators
No indicators
Parent process
webplugin.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\atl.dll

PID
1340
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll

PID
2092
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f8c00b0,0x6f8c00c0,0x6f8c00cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2464
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2808 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
3756
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=940,4654926373303717894,11710287595825558238,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=C720C61E7AAA49963FFE8BC807362291 --mojo-platform-channel-handle=996 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2368
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,4654926373303717894,11710287595825558238,131072 --enable-features=PasswordImport --service-pipe-token=4E9DD10796610FDA68B0BB1C04CD8D64 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4E9DD10796610FDA68B0BB1C04CD8D64 --renderer-client-id=5 --mojo-platform-channel-handle=1888 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3076
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,4654926373303717894,11710287595825558238,131072 --enable-features=PasswordImport --service-pipe-token=551E2800EB221ABD36B022BC566192C6 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=551E2800EB221ABD36B022BC566192C6 --renderer-client-id=3 --mojo-platform-channel-handle=2096 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1452
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,4654926373303717894,11710287595825558238,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=935B9EB8D6BE7079F735EB6D33877A0A --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=935B9EB8D6BE7079F735EB6D33877A0A --renderer-client-id=6 --mojo-platform-channel-handle=3608 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2312
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=940,4654926373303717894,11710287595825558238,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=92C2EE53AA4002A7EE06F943555B59E9 --mojo-platform-channel-handle=3860 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2544
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,4654926373303717894,11710287595825558238,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=FF76984A800CDF7B1906DE65DC957560 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=FF76984A800CDF7B1906DE65DC957560 --renderer-client-id=8 --mojo-platform-channel-handle=3976 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2952
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,4654926373303717894,11710287595825558238,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=EF998300F618637B3FFEA61075C85C00 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=EF998300F618637B3FFEA61075C85C00 --renderer-client-id=9 --mojo-platform-channel-handle=3920 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3880
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=940,4654926373303717894,11710287595825558238,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=7FFA5DABBE138BB9CA78970D8C500F98 --mojo-platform-channel-handle=3120 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
1996
CMD
"C:\Program Files\Internet Explorer\iexplore.exe"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll

PID
3460
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1996 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wintrust.dll

Registry activity

Total events
925
Read events
760
Write events
164
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3720
webplugin.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@DVR/npmedia,version=3.1.0.4
Path
C:\Program Files\webrec\WEB30\WebPlugin\npmedia.dll
3720
webplugin.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@DVR/npTimeGrid,version=3.1.0.4
Path
C:\Program Files\webrec\WEB30\WebPlugin\npTimeGrid.dll
2596
WebActiveEXE.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
WebActiveEXE.exe
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{14E214D7-AAF0-4E41-9203-443828953DB8}
WebActiveEXE
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WebActiveEXE.EXE
AppID
{14E214D7-AAF0-4E41-9203-443828953DB8}
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebActiveEXE.Plugin.1
Plugin Class
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebActiveEXE.Plugin.1\CLSID
{7F9063B6-E081-49DB-9FEC-D72422F2727F}
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebActiveEXE.Plugin
Plugin Class
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebActiveEXE.Plugin\CLSID
{7F9063B6-E081-49DB-9FEC-D72422F2727F}
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebActiveEXE.Plugin\CurVer
WebActiveEXE.Plugin.1
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}
Plugin Class
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\ProgID
WebActiveEXE.Plugin.1
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\VersionIndependentProgID
WebActiveEXE.Plugin
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\LocalServer32
"C:\Program Files\webrec\WEB30\WebPlugin\WebActiveEXE.exe"
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}
AppID
{14E214D7-AAF0-4E41-9203-443828953DB8}
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\ToolboxBitmap32
C:\Program Files\webrec\WEB30\WebPlugin\WebActiveEXE.exe, 101
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\MiscStatus
0
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\MiscStatus\1
131473
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\TypeLib
{DD09A797-F29F-453D-BA05-43E3A7BCC433}
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\Version
1.0
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DD09A797-F29F-453D-BA05-43E3A7BCC433}\1.0
WebActiveEXE 1.0 Type Library
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DD09A797-F29F-453D-BA05-43E3A7BCC433}\1.0\FLAGS
0
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DD09A797-F29F-453D-BA05-43E3A7BCC433}\1.0\0\win32
C:\Program Files\webrec\WEB30\WebPlugin\WebActiveEXE.exe
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DD09A797-F29F-453D-BA05-43E3A7BCC433}\1.0\HELPDIR
C:\Program Files\webrec\WEB30\WebPlugin
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEDCA323-84CC-4294-8C8A-866137D44A02}
_IPluginEvents
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEDCA323-84CC-4294-8C8A-866137D44A02}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEDCA323-84CC-4294-8C8A-866137D44A02}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEDCA323-84CC-4294-8C8A-866137D44A02}\TypeLib
{DD09A797-F29F-453D-BA05-43E3A7BCC433}
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEDCA323-84CC-4294-8C8A-866137D44A02}\TypeLib
Version
1.0
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2DC66D-C162-496D-953C-C378F8B9B43F}
IPlugin
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2DC66D-C162-496D-953C-C378F8B9B43F}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2DC66D-C162-496D-953C-C378F8B9B43F}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2DC66D-C162-496D-953C-C378F8B9B43F}\TypeLib
{DD09A797-F29F-453D-BA05-43E3A7BCC433}
2596
WebActiveEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2DC66D-C162-496D-953C-C378F8B9B43F}\TypeLib
Version
1.0
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{56422B45-FCAD-4B20-9C5A-A72686EE43F6}
TimeGridEXE
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\TimeGridEXE.EXE
AppID
{56422B45-FCAD-4B20-9C5A-A72686EE43F6}
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TimeGridEXE.Plugin.1
Plugin Class
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TimeGridEXE.Plugin.1\CLSID
{15EF48B3-D5CA-4321-A186-EBE7B15392F1}
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TimeGridEXE.Plugin
Plugin Class
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TimeGridEXE.Plugin\CLSID
{15EF48B3-D5CA-4321-A186-EBE7B15392F1}
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TimeGridEXE.Plugin\CurVer
TimeGridEXE.Plugin.1
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}
Plugin Class
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\ProgID
TimeGridEXE.Plugin.1
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\VersionIndependentProgID
TimeGridEXE.Plugin
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\LocalServer32
"C:\Program Files\webrec\WEB30\WebPlugin\TimeGridEXE.exe"
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}
AppID
{56422B45-FCAD-4B20-9C5A-A72686EE43F6}
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\ToolboxBitmap32
C:\Program Files\webrec\WEB30\WebPlugin\TimeGridEXE.exe, 101
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\MiscStatus
0
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\MiscStatus\1
131473
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\TypeLib
{4825A5A4-6D6F-4852-86AC-296295CB3A01}
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\Version
1.0
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4825A5A4-6D6F-4852-86AC-296295CB3A01}\1.0
TimeGridEXE 1.0 Type Library
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4825A5A4-6D6F-4852-86AC-296295CB3A01}\1.0\FLAGS
0
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4825A5A4-6D6F-4852-86AC-296295CB3A01}\1.0\0\win32
C:\Program Files\webrec\WEB30\WebPlugin\TimeGridEXE.exe
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4825A5A4-6D6F-4852-86AC-296295CB3A01}\1.0\HELPDIR
C:\Program Files\webrec\WEB30\WebPlugin
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC76FFFE-A40A-4DAA-BC51-CAEBD5B5434C}
_IPluginEvents
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC76FFFE-A40A-4DAA-BC51-CAEBD5B5434C}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC76FFFE-A40A-4DAA-BC51-CAEBD5B5434C}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC76FFFE-A40A-4DAA-BC51-CAEBD5B5434C}\TypeLib
{4825A5A4-6D6F-4852-86AC-296295CB3A01}
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC76FFFE-A40A-4DAA-BC51-CAEBD5B5434C}\TypeLib
Version
1.0
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42D32C3C-E614-422E-A061-6BDB18A7165D}
IPlugin
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42D32C3C-E614-422E-A061-6BDB18A7165D}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42D32C3C-E614-422E-A061-6BDB18A7165D}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42D32C3C-E614-422E-A061-6BDB18A7165D}\TypeLib
{4825A5A4-6D6F-4852-86AC-296295CB3A01}
2924
TimeGridEXE.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42D32C3C-E614-422E-A061-6BDB18A7165D}\TypeLib
Version
1.0
1340
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
1340
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
1340
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
1340
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
1340
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
1340
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
1340
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
1340
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
1340
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
1340
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
1340
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
1340
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
1340
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
1340
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
1340
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
1340
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13186139641296101
1340
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
1340
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
2464
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
1340-13186139640483601
259
2464
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
1340-13186139640483601
0
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{21E84A5C-E331-11E8-9C83-5254004AAD11}
0
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070B0004000800080022002800AA03
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070B0004000800080022002800AA03
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008000800220029004F00
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B00040008000800220029007E00
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B0004000800080022002900BC00
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
about:plugins
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
http://fb.com/
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
clickadu.com
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
sh.st
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
canva.com
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
cnn.com
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
nature.com
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
hm.com
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
amazon.cn
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
.biz
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
fishki.net
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
lun.com
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url13
olx.ua
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url14
btolat.com
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url15
liftable.com
1996
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url16
jd.com

Files activity

Executable files
13
Suspicious files
63
Text files
77
Unknown types
7

Dropped files

PID
Process
Filename
Type
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\dhnetsdk.dll
executable
MD5: 213fa72cad4407f7bfb96afb8ebf2b0d
SHA256: 7379eecd3cb17bd063f13653c9cbb10efcf59ef8235a5a574058f5b2374c4d7c
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\VideoWindow.dll
executable
MD5: 77062c844029b4ffe23c9edd8678bab0
SHA256: a8198d93045d1f3c6086e9170ec5e792c524171990061dae5354ad97367f43b0
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\mjpegdec.dll
executable
MD5: 62c84a5b3b8bcac608de3a91316e8e25
SHA256: 6d9f73e6bb92aab61d186bc5865f4fd7f8e4c03055a3f18eb5669867cd044268
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\npTimeGrid.dll
executable
MD5: ede584ce736db24a662245c729d948c8
SHA256: bb2a54162aae5a6ce1391648b17c500253f9d62f32ba8cda69fb9f17bec5add0
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\timeAxesDll.dll
executable
MD5: 88d1a7cfd54aae6499914d6d8331d3fb
SHA256: efdf36747163e3cd00f43c9ce907c1e6c4b4916aeb1012d7b5d48c6e00a931aa
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\h264dec.dll
executable
MD5: 7d6a901633d97ac3d21272f3c99c1b6f
SHA256: de86264ec5ffb0c9fd20bf7bb6298089a68f403012342c88ee3bfed9c9de6470
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\DHSurveillanceDll.dll
executable
MD5: 7477ade4e122f4b61474310f958baffa
SHA256: f5656b9e7a2747a1ed6d20852e71956d49cca6f733ad08027abffa63625f3423
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\uninst.exe
executable
MD5: 3eeba259ebc788652dd1bb2b1362c9ea
SHA256: a36748edda7593b7dbcc0287162b10ae39ed6526cace0db665b905a38d4177ef
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\dhplay.dll
executable
MD5: 6f9a041bd79925c43e7a93c6fd279223
SHA256: a20d8defe0339a2bab188e971685af1ee2862db8fc258c8dce8b5e2cea8719dd
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\TimeGridEXE.exe
executable
MD5: 8a73391f1f395237eb0cdb9026a49060
SHA256: a05c47868cfba59b80f42a9b821e0da634926d0329c609e2be313f7caf76f8b8
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\postproc.dll
executable
MD5: 72f3b9040826e524473b9da836a3a5e3
SHA256: b057f6571a95cfd35e16aae5513918ba6235ee24809e70aa63fae714468f583a
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\WebActiveEXE.exe
executable
MD5: 13bd9e678444149767d21ada558f77f0
SHA256: a7dada618f7fe07cb6522e411892aa4e70f8001803b5d9f963d5180e9bae80b3
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\npmedia.dll
executable
MD5: 5ca6edaff7670aa0f8af7130e5e7622a
SHA256: f9d7942e93437cde32aeaa24048721cf377775c1dc0ff10a5028e0c854db9e14
3460
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
3460
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
3460
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\navcancl[1]
html
MD5: 4bcfe9f8db04948cddb5e31fe6a7f984
SHA256: bee0439fcf31de76d6e2d7fd377a24a34ac8763d5bf4114da5e1663009e24228
1996
iexplore.exe
C:\Users\admin\AppData\Local\Temp\StructuredQuery.log
text
MD5: 003ddae4aea6d776ff2237a14a058acf
SHA256: 73a4309e447a73a24879f22ba56645c9b7b0c2b4ee42560b4028a922d7ea6d1d
1996
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[2].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1996
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
1996
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: b4b6f1eb61546302ef2456f5d2166091
SHA256: 1f3adeb99443e1b8cb7ef63a5e3773eb525609ddca6059f3e6b98984aea9c017
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
binary
MD5: 2e69478ad7da88eac8b3c57009019032
SHA256: 685e3fa049b992ea7875a8cd7853b0de01c60890ad3c2d759cfc84aec82a62c1
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: d60c034e16e3209a78af0a0b0147f5ad
SHA256: f2f053cd7f22cba15351bdff719b313ae1f254b3b288d1fce80ee0f9a12e4144
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs
sqlite
MD5: fa0d3f800274fcdf0b70814364cead6c
SHA256: 4322f4c4f87d8b2fe87d13029bbe11ea34166eb0081e511a67ea7673aa1c7917
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: 0ddcf4fd75c86f3921dff8290f2cda3c
SHA256: c9f98e7f5180262f302515c66ad37c11c982af3c106c6e875cb8234207b3f8fb
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 0a3ae798cd4b959a02a93b065cf8064c
SHA256: 8db85b2fe9f1032028e2763cbb68a56faf68cbb2c68d4d1b52e76a579365f7cb
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF190e6d.TMP
text
MD5: 0a3ae798cd4b959a02a93b065cf8064c
SHA256: 8db85b2fe9f1032028e2763cbb68a56faf68cbb2c68d4d1b52e76a579365f7cb
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: d932a31a0fb91833edb0325c6b434b34
SHA256: 8049465356163740d6e4c0bb56b9dcaa90149631646fa6bb56d01de223bd1f8e
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\11a85944-ee13-453f-b7e6-af3922f9f70d.tmp
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF190e4e.TMP
text
MD5: a303a05d8f1bec89e3115a5237095db1
SHA256: 5eae62f8ba2378bfb10bfdc235657ef03a6766feebf0a84d93255f25a0f4af3a
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: 1c4b633d5cbe2976290c1f0c7e3730e0
SHA256: ddd38a36a3986e0eae7c9141fb6e9302eb7da9440f50924c9acec29a763d3f0b
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF190e3e.TMP
binary
MD5: 1c4b633d5cbe2976290c1f0c7e3730e0
SHA256: ddd38a36a3986e0eae7c9141fb6e9302eb7da9440f50924c9acec29a763d3f0b
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: ed3d1c71e33729de7febf8fe5e6ec916
SHA256: 69c86a85adc870f4b414d529894f622580db21bbefb5e2c4da4ba14141c7b1fc
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\5b13aa1b-7b8a-4dc2-a809-91026da1432a.tmp
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
sqlite
MD5: 91052ac7c929e51ec819758ba291a31c
SHA256: a68d15f60e426108f0f2d2cc45d514393f87efcfbdf150ee35424ea4d26da997
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
binary
MD5: f17a21c02e970f99de604a0d405eadcb
SHA256: 1f0b35de7044cb635535e25428c10092effe61c025dc1fa06fcb92bbbb2efe47
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
text
MD5: 5882209eaf59b5d4242e9a0b59beabe1
SHA256: 30e35b27d3536dacfa20c4bb04b372e0ff160684cc709be0c11e16c68b27114a
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: 67c88b41b4ea935c88a2c3ed8e84f6a5
SHA256: 13e849866cd3bde5b54a549f4078c86cd71ff1d78e0e0d6c170c8b8f3f4bca42
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
binary
MD5: c7d40f9a0e6efd904be6b7d05689acc7
SHA256: 0e71fd2d5ceb26b54d695debe58656a2bbb8c33b2de300b521fd041bec833e52
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: 8291c7b6c953997b8c6c35a8a3b25ab5
SHA256: d8c2243896d5079f35b2cfb545d20d9e361f4a62733f49b5db00c06401985a89
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: 173a0de2613de4be36d80e7d8bf35aac
SHA256: 36343e1b8322b9499b3723cd4042dd70f332714a7cf1d986cf20b3b4bd80774e
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
binary
MD5: 18451a1cafb8018480ea0394053ccc02
SHA256: 5004f58c781a6d35d06a6ef1587f891773b8937d402cd674c49c2c32ff41ee9b
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: db71f774b8b9481cfaa69293630fac38
SHA256: fe84f91a5604ef66d23baf8a8fc30b8ff406bccb94e4da7812539180b3e00087
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF190e10.TMP
text
MD5: db71f774b8b9481cfaa69293630fac38
SHA256: fe84f91a5604ef66d23baf8a8fc30b8ff406bccb94e4da7812539180b3e00087
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: a303a05d8f1bec89e3115a5237095db1
SHA256: 5eae62f8ba2378bfb10bfdc235657ef03a6766feebf0a84d93255f25a0f4af3a
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF190e00.TMP
text
MD5: a303a05d8f1bec89e3115a5237095db1
SHA256: 5eae62f8ba2378bfb10bfdc235657ef03a6766feebf0a84d93255f25a0f4af3a
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\009fede4-aa6e-4e5b-81ef-917a988fbfdf.tmp
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\d97dbde2-ddfd-4446-9876-faa09150beaa.tmp
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: 98e2963d72d5e68d8341c617f43d92c3
SHA256: 340f02ba5124464868ac6be123fe770d0db7b74b5d0380983a3afcf8dd11df6c
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: b714446b5a7ad4cda13ff887715b11a6
SHA256: a95d2851035698aa10c13d425fc87689bf4b96ee536b553d0fb77fd606fcf2d7
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
text
MD5: dc0e8ea33a636204766bd45be2e76591
SHA256: 42bee094fe0d5f352b005127a07a26eea894d3454240765dcc8d36fcc488bac7
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: e61ac73b709482d3b0056d5f0495e3e6
SHA256: b91459cefb201fad93c5b663822b5c5969c02cf7e1fc8dc0b967ab20c63b8aa8
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: 13331d14a42ded43f8b9c9a32557860d
SHA256: 08b5b741826a0e5ce1d22db8a17bb924ad4a72e79d29e03550f7c5b692d5fa12
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: 96c775ee916ad0460a0c66a99423066b
SHA256: 2a7bf15818b245a2e68ebe0a5c663fbc0cf69e48538ab58caf816103e827b1e5
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG
text
MD5: 4390fe0e242fbc8004cb8d7e9a1054e5
SHA256: dd201752181e56397fa14a4afd5884605b09c3800d5329b1a08da51b9e23dc81
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: be322874acdfe07413528932d2545a4a
SHA256: 2466c2aa0ce1a7c9336a63a5a5f0d4e809a9abdc54a3d43ac966578d4b076497
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: 5185433943cd166d29b46f125fc3a34d
SHA256: 5bab9f36bf12aed5f8bde3bd782c2921a108701d72ff0cb03b1df1b00e56c9fc
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 54ad1e10b6b57bc9b9eed994e581dd5f
SHA256: 24d2a7516de320c3e91b1513cad94ce5ce2b964bbb8a3d1f66e8083b3205b19c
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: 5c2bfbe1f6ab9c0e72c663291d895d82
SHA256: 6666f7ca44a241ce4918416c80f5d2be0a364283a33d6498a8331f24dc4a7ee0
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\89331d51-1e3e-4098-a887-b6bcdbdfc45c\index-dir\the-real-index
binary
MD5: 10e5ce19dd5ed8342d53bc148ece335a
SHA256: fd25ebb1a0f570a9509d92fc7a25ea4453d018aef07626a72c006c784f492b6b
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\89331d51-1e3e-4098-a887-b6bcdbdfc45c\index-dir\the-real-index~RF19099b.TMP
binary
MD5: 10e5ce19dd5ed8342d53bc148ece335a
SHA256: fd25ebb1a0f570a9509d92fc7a25ea4453d018aef07626a72c006c784f492b6b
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\89331d51-1e3e-4098-a887-b6bcdbdfc45c\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF18fe02.TMP
binary
MD5: b832567140092bcfd177a6630422a1ff
SHA256: e57e9d0a6528984a59d37d8b9c91440130f22b2d3af07c15f0fb472ebd7a3c68
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.tmp
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 3340fbe15f243f91f1890a5f8f454d9d
SHA256: 2980a81f87e939cbbf1e54d06c10c604c2c5537f4c7a46f0f1c237e62b63b155
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF18eb93.TMP
text
MD5: 3340fbe15f243f91f1890a5f8f454d9d
SHA256: 2980a81f87e939cbbf1e54d06c10c604c2c5537f4c7a46f0f1c237e62b63b155
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9e8564f2-f409-4f53-b25e-554b358d6765.tmp
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: fbbb77186e2f062a7f98620ad9f4025f
SHA256: 8207013854ee030484096b56ebf9504c7335c820eb261a23c9794c8023091fb1
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF18eb36.TMP
text
MD5: fbbb77186e2f062a7f98620ad9f4025f
SHA256: 8207013854ee030484096b56ebf9504c7335c820eb261a23c9794c8023091fb1
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ad0c7f54-1ddf-44a5-a646-66e64f3ad78b.tmp
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 02392cc851f2325146b9696e167c29d9
SHA256: b9a338cb982bbe6097def391e18b3e1f14568094b88266194ac46dd5ace5fc3c
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF18eab9.TMP
text
MD5: 02392cc851f2325146b9696e167c29d9
SHA256: b9a338cb982bbe6097def391e18b3e1f14568094b88266194ac46dd5ace5fc3c
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\1ae0c621-619c-4927-b762-5ec1ba033224.tmp
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF18ea8a.TMP
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\89331d51-1e3e-4098-a887-b6bcdbdfc45c\0ea131f43745e7e8_1
binary
MD5: e1aee97266b885f7c5613f4ebcab1bb2
SHA256: 2d8d9e67693a59d117905aaa120210ec14ee8052c206a1d61efbd55d017a0112
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: b832567140092bcfd177a6630422a1ff
SHA256: e57e9d0a6528984a59d37d8b9c91440130f22b2d3af07c15f0fb472ebd7a3c68
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\89331d51-1e3e-4098-a887-b6bcdbdfc45c\0ea131f43745e7e8_0
binary
MD5: 720175f85b05629c418d0e5a69c9d38f
SHA256: a376395a9274743d92005e681c911841e89499cebc8592f122003913c14d97a2
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF18ea6b.TMP
binary
MD5: b832567140092bcfd177a6630422a1ff
SHA256: e57e9d0a6528984a59d37d8b9c91440130f22b2d3af07c15f0fb472ebd7a3c68
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\89331d51-1e3e-4098-a887-b6bcdbdfc45c\fdf2cfeb8ad0eeac_0
binary
MD5: 776ca65e937cdb6302658f2d09156471
SHA256: c534cd5251f994cfe53ec4dc7af76eef9c9498cd2a1ffff62118587c4779d0df
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF18ea6b.TMP
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\89331d51-1e3e-4098-a887-b6bcdbdfc45c\index-dir\the-real-index
binary
MD5: 5755ad32e58e8da790e61b0339fb020f
SHA256: 3c65a65bc5100ff322c517976d5015f2edfe3fc1ebc5df949292733bd25122fe
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF18e9de.TMP
binary
MD5: 656eea1e409def8d44eb776c6e2add41
SHA256: dcbb618cdd6a8fd6d00c82d0498e9009373b71d94e21cc75dea835357a96ec39
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: 656eea1e409def8d44eb776c6e2add41
SHA256: dcbb618cdd6a8fd6d00c82d0498e9009373b71d94e21cc75dea835357a96ec39
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\89331d51-1e3e-4098-a887-b6bcdbdfc45c\index
text
MD5: 4f67aba5cb5b04976834ad6da18d2017
SHA256: 4476d281b3d119577eb8f19fd90e042e5a456cba30d0bb16d05654acc91aec5b
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1
binary
MD5: 37481fcb864ccfc226a998d9c1f107c5
SHA256: ae5cd1bf1088612e643a2b769db62444c30c2880c5971ddfc1a1d68b8b879927
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0
binary
MD5: 51760f99edffee7b065e9ac5061d29d6
SHA256: 24e73f7dac97035421a23c952b57a1cc26a2e9da9e885e744186384df57ef6e7
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 9409bab446b7204c6235dfddd6066e89
SHA256: 68c1cb50ec24ac5a1dbdc7d9c845e94a1e9d60f312cf92a694f0791cd7ea105e
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG
text
MD5: c917c584ae226771dcfa365a7759b488
SHA256: bafee73deca347ad5203f431b1e5d919e345f8e2a71d6a8ca1efc83bbe0bd35e
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log
binary
MD5: 991641dbcc63a7eacba784846f16492f
SHA256: d402a1e89776f26565012ebd063638b57e09e58efc77105415906eebafc0fdd0
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: 96fd19b882a6847454c5dce2ea4aed5c
SHA256: 98e2063f15f439c607923f67d1809f8f0c193442993ccf08f072449073fd32f4
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF18dd7a.TMP
binary
MD5: 96fd19b882a6847454c5dce2ea4aed5c
SHA256: 98e2063f15f439c607923f67d1809f8f0c193442993ccf08f072449073fd32f4
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
compressed
MD5: 5fcdda40f9af214b05e1a4d92e37ad7f
SHA256: 23e59ef0d93cc7e81ce41b95f2d793b37cf571e28348edcf4ddb0d569df2f400
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
binary
MD5: 10065b07e9d271ffff7c97346abca0c5
SHA256: b73cbfb4d4c765113b570c6c6d6d32d2eaefe883cf56080c5782146bd7fa012c
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
compressed
MD5: 53eea982d7ad1ad35b35fc3edd48e8a7
SHA256: 949ad5b24488206810f318d1a973ef081b6296b8ec0b89e86102dd18b9b7f092
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
compressed
MD5: 4ecb446ff8a21ef6d3289e73974117f6
SHA256: 36b6de616ac491341256588a706bd77ffeda7240b9cca5d393b040520c4a5f55
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF18cc05.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
image
MD5: 00f2d72689fb026932085025369d0349
SHA256: 9b788d7954eb7e2da54de87ba6ea05ecdb87bf11d422d2b2051564d0173f7385
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
binary
MD5: c22f884098e8e5f1a5ba73923b6cad59
SHA256: 7a0c2a49d3675b24cf29551444631891c13ef9764b846ff931dfa4eb1bab40ed
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\50521ac2a7de6658_0
binary
MD5: 545a90b7cee91c04351535058dd7b701
SHA256: 74a0e4717584cfd5359289493bc628c9af020f982c7145f727b0106b37e99b5c
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\40bba07c05914591_0
binary
MD5: 12442b6caa12b8d7f02be81f584c589c
SHA256: 79ff3e7d884764a5dc123bffa6254089e0ec46b78badb68b36e1981daab51fc4
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG.old
text
MD5: 65e3a899ee20811d157b572ffa34a607
SHA256: fdbc070214092df54b10dc06b2a40f0cc30ad00d410ba67de9f98a3d53f08a75
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF18c9a4.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\0ea131f43745e7e8_0
binary
MD5: 3f7d620f09eaa979b6921637de560efa
SHA256: d28f97a21251080330225a0bffba4cc7625b1d69d5dba5ec77f956de2b178b5b
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: 050c5009c7b47926ed108d655f11fefd
SHA256: 5d5fbdebd5905e344a185085fa89be0c08778eaa5d1f2c1d1475c0a08f6b9fd7
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\1157fee2e2dc1968_0
binary
MD5: 57be924cc9355d9bb9b62d5bade8ee1b
SHA256: e76f1eea4e2726ad90cfae6c6640b56c39902d10925a188667a54dab409e81ee
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF18c83d.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\50da1ec5d44a313d_0
binary
MD5: dd0ecf3390634db0c02bef9989150e72
SHA256: 410c00e1bc3674fc5a46c5f008f2596ee8d66f89682a6ccf598cb5ff4716c2be
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\3a41e250d088c297_0
binary
MD5: 4adfbad332e14b8892e6eeeb65e4d196
SHA256: 4584c6bdf190d9e4662c682634eccf35e3015eba0286ba7577a172854a8aeb53
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF18c7ee.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF18c7a0.TMP
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
binary
MD5: 4d79e52bcd44aaba295d7a4103c12f77
SHA256: cf4b5554a430d7a742b3f99948b056222d69c6b0e8c2801687911fa5203829fc
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF18c723.TMP
binary
MD5: bcea44586232bac658d78c592b2ce26f
SHA256: f1b4d30891edfc73f9a90b184f6ea64941184e33c9a0e70aef111659d39ca24b
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: bcea44586232bac658d78c592b2ce26f
SHA256: f1b4d30891edfc73f9a90b184f6ea64941184e33c9a0e70aef111659d39ca24b
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\0df3d78d-28fe-4bfb-a621-716d56ba967b.tmp
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF18c510.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF18c4c2.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF18c4c2.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ae4eaf98-7883-493e-bcf0-a8cf18d7167d.tmp
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF18c474.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF18c483.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF18c455.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 7a82e0662f55fb38ea5588a5910f841b
SHA256: 9ebaa2c5e8398635eaa04e4bcce23be95b6bfaf5950e68478fc9fdd70aa17e18
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
––
MD5:  ––
SHA256:  ––
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF18c455.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
1340
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
2092
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: 9543068b6751e1f3e11f91d72ee78d95
SHA256: d060ad21ae6e04cb58668caa52adfca573e018102cc07554d2ed3eae11ab7785
3720
webplugin.exe
C:\Users\admin\AppData\Local\Temp\nsk7309.tmp
––
MD5:  ––
SHA256:  ––
1996
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF8B9C47893F4C9130.TMP
––
MD5:  ––
SHA256:  ––
3720
webplugin.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebPlugin\Uninstall.lnk
lnk
MD5: 97a78e00723c18c9a2c436801507c2a2
SHA256: f91d7a3051f2dea893cf325cf5c9e32f756350214e54abe7e92546a701d65f99
3460
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 7492e39fbb502eb44f2e028bb5e6f454
SHA256: cd388572e20466e3272c37ca893719d92a672d2c3ea2a4ad09fa5937e4b701c4
3720
webplugin.exe
C:\Program Files\webrec\WEB30\WebPlugin\Version.ini
text
MD5: d9b1559ca79c79b30cc891e0d4995ce1
SHA256: ee7f4b85cba47ef4897fe58fe853606ec2f448fdc809df92ae7bd4f6904c7608
1996
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{21E84A5D-E331-11E8-9C83-5254004AAD11}.dat
binary
MD5: cbb59ba1ad66590ce28bf3de947b007c
SHA256: 65570e5a1d24273f066e8a4891c096d0056ba6c4f931becbd9fdff5173e57cfb
1996
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFEC4A8C85EF04F534.TMP
––
MD5:  ––
SHA256:  ––
1996
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{2C10B12B-E331-11E8-9C83-5254004AAD11}.dat
binary
MD5: 9d7f5f4f401ca182b79fe65f38ea3259
SHA256: 9ae785b556f42f49d0e0e6bd48be2197b24ceba019f73bf917997bbcf587f84b
1996
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BBB6F4B-AC5C-11E8-969E-5254004AAD11}.dat
binary
MD5: f0804e4da318e3347958f7b2df4fe1e2
SHA256: cd0fae385028698396e9acb76ddcd4f8a0dfb74d17cf7cce1ee3977516a79c47
1996
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF9A12BDD29971D626.TMP
––
MD5:  ––
SHA256:  ––
1996
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFBEA956ED451ED035.TMP
––
MD5:  ––
SHA256:  ––
3460
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
3460
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\info_48[1]
image
MD5: 49e0ef03e74704089a60c437085db89e
SHA256: caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
3460
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\bullet[1]
image
MD5: 0c4c086dd852704e8eeb8ff83e3b73d1
SHA256: 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
3460
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
1996
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{21E84A5C-E331-11E8-9C83-5254004AAD11}.dat
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
17
DNS requests
12
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
1996 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
1340 chrome.exe 172.217.168.3:443 Google Inc. US whitelisted
1340 chrome.exe 172.217.168.67:443 Google Inc. US whitelisted
1340 chrome.exe 172.217.168.10:443 Google Inc. US whitelisted
1340 chrome.exe 172.217.168.77:443 Google Inc. US whitelisted
1340 chrome.exe 172.217.168.78:443 Google Inc. US whitelisted
1340 chrome.exe 216.58.215.228:443 Google Inc. US whitelisted
1340 chrome.exe 172.217.168.74:443 Google Inc. US whitelisted
1340 chrome.exe 172.217.168.35:443 Google Inc. US whitelisted
1996 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
www.google.de 172.217.168.3
whitelisted
clientservices.googleapis.com 172.217.168.67
whitelisted
www.gstatic.com 172.217.168.3
whitelisted
safebrowsing.googleapis.com 172.217.168.10
whitelisted
accounts.google.com 172.217.168.77
shared
ssl.gstatic.com 172.217.168.67
whitelisted
apis.google.com 172.217.168.78
whitelisted
www.google.com 216.58.215.228
whitelisted
www.google.co.uk 172.217.168.3
whitelisted
fonts.googleapis.com 172.217.168.74
whitelisted
fonts.gstatic.com 172.217.168.35
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted

Threats

No threats detected.

Debug output strings

Process Message
WebActiveEXE.exe Load playsdk.dll dynamically