General Info

URL

https://api.virtru.com/accounts/email-activation?linkId=0b744fca-3ca0-4107-a942-112cb1718b18-25407ac7-11ce-4913-8ce3-1bba2e283c3c&loginRedirectUrl=https://secure.virtru.com/secure-reader&userId=[email protected]&senderEmail=[email protected]&emailSubject=CMS%20Login%20Issues

Full analysis
https://app.any.run/tasks/57f65759-7c86-42b5-b0ca-ff9cba38f78a
Verdict
Malicious activity
Analysis date
4/26/2021, 15:56:19
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 11.0.9600.17843 KB3058515
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)
  • srvpost (2.12.74)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2533623
  • KB2534111
  • KB2639308
  • KB2729094
  • KB2731771
  • KB2786081
  • KB2834140
  • KB2882822
  • KB2888049
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads the hosts file
  • chrome.exe (PID: 1196)
  • chrome.exe (PID: 492)
Application launched itself
  • chrome.exe (PID: 1196)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
48
Monitored processes
10
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1196
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking "https://api.virtru.com/accounts/email-activation?linkId=0b744fca-3ca0-4107-a942-112cb1718b18-25407ac7-11ce-4913-8ce3-1bba2e283c3c&loginRedirectUrl=https://secure.virtru.com/secure-reader&userId=[email protected]&senderEmail=[email protected]&emailSubject=CMS%20Login%20Issues"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\winusb.dll
c:\windows\system32\gdi32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome.dll
c:\windows\system32\msi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\imm32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\credui.dll
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\hid.dll
c:\windows\system32\user32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\samlib.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\mscms.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\cscui.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\duser.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\wship6.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\dui70.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ie4uinit.exe
c:\windows\system32\imageres.dll
c:\windows\system32\slc.dll
c:\windows\system32\wbem\wmiperfinst.dll
c:\windows\system32\pdh.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\sensorsapi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imagehlp.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\winrar\rarext.dll
c:\program files\common files\microsoft shared\ime14\imejp\imjptip.dll
c:\windows\system32\webcheck.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\program files\common files\microsoft shared\ime14\imekr\imkrtip.dll
c:\program files\microsoft office\office14\visshe.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\mf.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\program files\windows sidebar\sbdrop.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\colorui.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\syncui.dll
c:\windows\system32\stobject.dll
c:\windows\system32\cryptext.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\dbghelp.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

PID
348
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6c1ea9d0,0x6c1ea9e0,0x6c1ea9ec
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msctf.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll

PID
2012
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1200 --on-initialized-event-handle=316 --parent-handle=320 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_watcher.dll

PID
3224
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=6688755760206539957 --mojo-platform-channel-handle=1044 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\systemroot\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\userenv.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\shell32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\usp10.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\nsi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\webio.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\slc.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\avrt.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\evr.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wininet.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\ddraw.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libegl.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libglesv2.dll
c:\windows\system32\d3dcompiler_47.dll

PID
492
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=4075490398215631500 --mojo-platform-channel-handle=1456 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winmm.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\profapi.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dwrite.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\winnsi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\psapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\fveui.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll

PID
1468
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12916789782141712510 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\dwrite.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\winspool.drv
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wininet.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\cryptbase.dll

PID
3376
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3904319684323037306 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shlwapi.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wintrust.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\wininet.dll

PID
1076
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14272189855326314596 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\systemroot\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winmm.dll
c:\windows\system32\profapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\nsi.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\winspool.drv
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\normaliz.dll

PID
772
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=14431825018422978751 --mojo-platform-channel-handle=3260 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\windows\system32\userenv.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\avrt.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dhcpcsvc.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\usp10.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mf.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\atl.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\lpk.dll
c:\windows\system32\winmm.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dxgi.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\secur32.dll
c:\windows\system32\version.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\dxva2.dll

PID
1388
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=6241601053392272006 --mojo-platform-channel-handle=2372 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\dbghelp.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\syncui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscui.dll
c:\windows\system32\rsaenh.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\fxsresm.dll
c:\windows\system32\slc.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\synceng.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\wer.dll
c:\windows\system32\netutils.dll
c:\windows\system32\sfc.dll
c:\windows\system32\acppage.dll
c:\windows\system32\msi.dll
c:\windows\system32\devrtl.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\sfc_os.dll

Registry activity

Total events
612
Read events
0
Write events
60
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
1196
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
(default)
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
1196
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13263926194092375
1196
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
LanguageList
en-US
1196
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
@"%windir%\System32\ie4uinit.exe",-732
Finds and displays information and Web sites on the Internet.
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
B250DDF0B43AD701
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
1196
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
2012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
1196-13263926192639250
259
492
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
LanguageList
en-US
492
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
492
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
492
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
492
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
492
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
1388
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
LanguageList
en-US
1388
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
1388
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
1388
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient
1388
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
@sendmail.dll,-4
Mail recipient

Files activity

Executable files
0
Suspicious files
21
Text files
75
Unknown types
3

Dropped files

PID
Process
Filename
Type
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\09b7fe67-7b3d-4577-b744-22c24da6d0bb.tmp
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\06f7771d-648e-46d3-b8ae-e9a03311914e.tmp
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e2cd733e-3d31-422b-8328-b142cf753f5b.tmp
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\1ed31876-fad5-4ab3-974b-234160781944.tmp
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4874c431-5548-48bb-8b9c-672925713778.tmp
––
MD5:  ––
SHA256:  ––
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\8dc14668-4ad5-48c8-b146-223b3b46fbc7.tmp
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFfb2ad.TMP
binary
MD5: 93b9b5888561af4aa8ad50badc63fb78
SHA256: 2a97921007f05727d6bb3adc2f7b9eb8532710dc378e2a3fd5985f6ee7c8d221
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF10732e.TMP
text
MD5: 078570b4fee0f2e3d9d3ce458ca1d14f
SHA256: 6a3b1a089ea14a091b10e279da6e35a42f11308645fa9e93bf9e915c2c3102b8
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 078570b4fee0f2e3d9d3ce458ca1d14f
SHA256: 6a3b1a089ea14a091b10e279da6e35a42f11308645fa9e93bf9e915c2c3102b8
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 83a9ce083c4691ba6eeb0a08b982b671
SHA256: 698968690d412734aad3bf619886439191775b0172897285d17777f0643c2d7f
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RFfcfe9.TMP
text
MD5: 1ccbf12cf41f50cdee10cb4a0f135c97
SHA256: cd564329238aeeedc85c0391225b70fad338dc4275eb0b37564ae3ce9bf3b874
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RFf8c29.TMP
text
MD5: daa8f73ae7e930b63f02ccb9347d212e
SHA256: dec4e4aebfd9010dfa58a068ba97e07627d2be546afad3f1b251c3ce8156f531
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
binary
MD5: 93b9b5888561af4aa8ad50badc63fb78
SHA256: 2a97921007f05727d6bb3adc2f7b9eb8532710dc378e2a3fd5985f6ee7c8d221
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RFf7ae4.TMP
text
MD5: abe569280b95e3d30c6904a3805de07a
SHA256: 3c9335406e848ef4cf9f24c6da49205a8205a94e5831b44b50df161021577b09
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 1ccbf12cf41f50cdee10cb4a0f135c97
SHA256: cd564329238aeeedc85c0391225b70fad338dc4275eb0b37564ae3ce9bf3b874
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf791e.TMP
text
MD5: 83a9ce083c4691ba6eeb0a08b982b671
SHA256: 698968690d412734aad3bf619886439191775b0172897285d17777f0643c2d7f
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RFf4925.TMP
text
MD5: 112f47cb5de738650913ae698c851d08
SHA256: 6b6c86e0267cd21a3ea4932b12287dcb3e894cd1f232c836522d4affad1d0602
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\869d3a0164096d18_0
binary
MD5: 414aba441fb8879a84fbb0464751f45c
SHA256: d9cdea36fec24ee1240ff23f38b2d8a83cafbb5f25ad4d262f7910264b1e6964
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\80303deadd57181b_0
binary
MD5: c1018272c8a1fa458f930ab669e95440
SHA256: a68558a1e2e8cd4cf6d88315823e6b6fd7e2dd28596d194fd3d0b9d03cf06f42
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ec0d622fbcb65ab5_0
binary
MD5: c7945cfc01f3f125ba3663acf073108c
SHA256: bc4f841053a8bf203744363104f78c20f0abe3f404c9ea60a30a291be3c97801
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d08232f37e869ea9_0
binary
MD5: 0febd35956f50a47349f0711e9a1b99d
SHA256: 38a82cd72ba732c2723adddfd3956285fbb1ada7f10e8b17047c6698b0da25c4
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\38ff0f5d-b97d-4118-a871-fd1017dab2cb.tmp
––
MD5:  ––
SHA256:  ––
492
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar217A.tmp
––
MD5:  ––
SHA256:  ––
492
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab2179.tmp
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\86685c54-cac5-4780-82b2-a7bb1448e742.tmp
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\23305abdc400b009_0
binary
MD5: efba3ed39812baebe93a9bf2b515819a
SHA256: 70413e91827fb258b79e08dbbf7192ce57e333930bcfd9f041d8fd3b91f0d189
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: abe569280b95e3d30c6904a3805de07a
SHA256: 3c9335406e848ef4cf9f24c6da49205a8205a94e5831b44b50df161021577b09
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RFf2afe.TMP
text
MD5: abe569280b95e3d30c6904a3805de07a
SHA256: 3c9335406e848ef4cf9f24c6da49205a8205a94e5831b44b50df161021577b09
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\91a32758b031f704_0
binary
MD5: 2077ab6bc2da99d058a88ce4cf712ffc
SHA256: dcdba47a094283c49631a4815133b87d4f79fa0f2e1d3511e6e687566d2f4df7
492
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A153659244D4657E2973A1765102781B_5EC418A0EDC8D07F64B1E92AD43A517A
binary
MD5: 5c395fac7fb2c605434e80aba02c634b
SHA256: 0dd2681778bcf2272bbd3dcd10afa73428ce0a514f8b7336fb4a22f6e4d8d14d
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\becb6a4a-8a7e-4547-bfd4-e575317cf88e.tmp
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ee6a636c-5f54-46b5-bff4-9657ea2a63cd.tmp
––
MD5:  ––
SHA256:  ––
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\03aaed01-f449-4231-9c10-c25d6b93b566.tmp
––
MD5:  ––
SHA256:  ––
492
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_27F2F3EAE5ACF629E280F218628D1935
der
MD5: c59a031bf93caca0c58a87b0cb798c7d
SHA256: 4dc4bd2773ff7c2ce812f64a448ef626293a4731b2254166959ac4997e906e72
492
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_27F2F3EAE5ACF629E280F218628D1935
binary
MD5: d99751a9d883c14cec7ba6e27af55e37
SHA256: 88b307d48c228c2eced705776decd74dd8161307bdc0f2261bb75462d73e844a
492
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9
binary
MD5: e535cf6dffdd5dd2184019fdcd800ad3
SHA256: baa4aef0f7d6984be67345cf4a056feb3ef5fea6e4ce8bc9700dfa19348be8d2
492
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9
der
MD5: c0e8152b24bfa08d54efb9dc1a321e11
SHA256: 5488fe83fcba0c43f07ca0133c46a51c36903941c7e6bfaae5becf79b7df4dca
492
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A153659244D4657E2973A1765102781B_5EC418A0EDC8D07F64B1E92AD43A517A
der
MD5: 6b4c21268b0afbff9f736592ee31b5fe
SHA256: 9c3ea4a0e9dbb9db10314f8a35fd449c97576791490d2dde08b9a94ce144aa0b
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf044c.TMP
text
MD5: 9d5ab69553844422b66bd188090dd815
SHA256: 3ed3bb93c8af36f169c2600d875a22713919db68ec8ec754243080f120591f04
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RFee75e.TMP
text
MD5: 5b55412152b155a920eaa10238947f01
SHA256: 83d921a3689aca32673817aef5558dd74b374974cf40dee8d717a6b3d5a42e7d
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\41aec889-9690-4ce2-9305-dab18fefe45f.tmp
––
MD5:  ––
SHA256:  ––
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\86dc5833-2f24-48f2-bf3f-79377f016dba.tmp
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RFeccc1.TMP
text
MD5: b1ce0d78fce7902d55272dd65397df66
SHA256: 42a188f3a51bf651c20112b9fc94d8b2cbab3b26a29725f973e375a84b0dd0b2
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe8e41.TMP
text
MD5: 6ab3132249a0d4932aae27a2fa32c26f
SHA256: bf6b89e0dbec0cd38c48dc6fdee5d4c7eced387671ecf01557063d0506448d21
492
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RFe9611.TMP
text
MD5: dcfa08aa5efa5ff07006369ce7acb329
SHA256: f59ba27ec05c898bb9a40e607de140f970538b309292b2eafc66f21fc15685e4
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RFe8d96.TMP
text
MD5: b1ce0d78fce7902d55272dd65397df66
SHA256: 42a188f3a51bf651c20112b9fc94d8b2cbab3b26a29725f973e375a84b0dd0b2
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: ec302f6b15779508f1f8bdb79778e1af
SHA256: 583a1a451868dab90a46bfcc4e8c8c72c1516c63380e0472fa51c90df970439b
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RFe6a1f.TMP
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RFe723e.TMP
text
MD5: ec302f6b15779508f1f8bdb79778e1af
SHA256: 583a1a451868dab90a46bfcc4e8c8c72c1516c63380e0472fa51c90df970439b
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
binary
MD5: 9fe07a071fda31327fa322b32fca0b7e
SHA256: e02333c0359406998e3fed40b69b61c9d28b2117cf9e6c0239e2e13ec13ba7c8
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 776fee091aa98ea4c8a6d48b0f99d4c8
SHA256: 6cfd5a2deb1ea58dec6f715adaeab0630cf726fc8cd31e37069e8059385ee1f6
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 1b9b3420fab158720b68cd1beb45dfa1
SHA256: 629658a0414baa7a9177f0c685c7b3bef8d504d08f28b6dbd0b6b0234ef0b4cf
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
text
MD5: d4dbc1bd88ad9e4371affd37d30baf91
SHA256: 4827367788133902c05dbe63bc7028312cc5ac642197457f4818f87c548de0d5
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RFe6e07.TMP
text
MD5: fec3fd9d66370f89b614ce72ae9555cd
SHA256: 6b66890cd9d32d160ea2b21634a2a46499d0c6777a009eaf3ea6b5455d726459
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RFe6ea4.TMP
text
MD5: 776fee091aa98ea4c8a6d48b0f99d4c8
SHA256: 6cfd5a2deb1ea58dec6f715adaeab0630cf726fc8cd31e37069e8059385ee1f6
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: fec3fd9d66370f89b614ce72ae9555cd
SHA256: 6b66890cd9d32d160ea2b21634a2a46499d0c6777a009eaf3ea6b5455d726459
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 73d23e129c733ccc599f9ace77eb7f72
SHA256: 871981ecc6e3324f89cff0a85196cfb4a7c9e97347459aac36bc04243a83eb0b
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old
text
MD5: 33d5f5b076df84d87591c04629d35599
SHA256: e8aa31384081d2edf8282ef19ebc827d795364856656229e179398733b8a185e
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old
text
MD5: 81bb923a0911de7f4d4db38755abbe7c
SHA256: 4eeb1738eb0576afe2b1c304111153035a70cc2eebf9053b031e71cd698b3318
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old~RFe6993.TMP
text
MD5: 81bb923a0911de7f4d4db38755abbe7c
SHA256: 4eeb1738eb0576afe2b1c304111153035a70cc2eebf9053b031e71cd698b3318
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old~RFe69b2.TMP
text
MD5: 33d5f5b076df84d87591c04629d35599
SHA256: e8aa31384081d2edf8282ef19ebc827d795364856656229e179398733b8a185e
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RFe6916.TMP
text
MD5: 73d23e129c733ccc599f9ace77eb7f72
SHA256: 871981ecc6e3324f89cff0a85196cfb4a7c9e97347459aac36bc04243a83eb0b
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
text
MD5: f1220a80653b6b89b42dfd1b2e8155c3
SHA256: 36bbbc13cc1901cf269b4ce36e2ee08946806dfa58474ae88287ca8e9da9725d
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: 74d4db05a4d3e7263e8ae314dedd8df1
SHA256: 67bf9950e818713e054268d40bed61a22d324385ce98e89ddf406a405b870802
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RFe687a.TMP
text
MD5: f1220a80653b6b89b42dfd1b2e8155c3
SHA256: 36bbbc13cc1901cf269b4ce36e2ee08946806dfa58474ae88287ca8e9da9725d
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RFe683b.TMP
text
MD5: 74d4db05a4d3e7263e8ae314dedd8df1
SHA256: 67bf9950e818713e054268d40bed61a22d324385ce98e89ddf406a405b870802
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6086E2B1-4AC.pma
––
MD5:  ––
SHA256:  ––
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RFe680c.TMP
text
MD5: 1c97b70a4bad7c026f79467c7d496afa
SHA256: c5a02e4984de3f30dadfc0a89a93f45418c06653c3962eaa94c93909e51d272d
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\da9d93ee-51c4-4d96-9589-29fe28da29cc.tmp
binary
MD5: 5058f1af8388633f609cadb75a75dc9d
SHA256: cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
text
MD5: 1c97b70a4bad7c026f79467c7d496afa
SHA256: c5a02e4984de3f30dadfc0a89a93f45418c06653c3962eaa94c93909e51d272d
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RFe678f.TMP
text
MD5: d4322eebac92d1b8f7a6f5e39f6264b7
SHA256: a3eedf21b850dcc7ce5ae04395ecdd2d29da4ea549c8a185dd9e8b552a87b8c2
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: e815400f953ea8db8a98d52737c9a50d
SHA256: e9f064927a191500b7365f51c9cd0763a6a8e68a8b866aced39aa0e72c3ead85
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RFe679f.TMP
text
MD5: fb5b20517a0d1f7dad485989565bee5e
SHA256: 99405f66edbeb2306f4d0b4469dcadff5293b5e1549c588ccfacea439bb3b101
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: d4322eebac92d1b8f7a6f5e39f6264b7
SHA256: a3eedf21b850dcc7ce5ae04395ecdd2d29da4ea549c8a185dd9e8b552a87b8c2
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RFe6770.TMP
text
MD5: c2ddba63e4a2bd2e39a8b6c2c6384aae
SHA256: 6d5c1c78341c6f84911055d970addb0ec3499f8bf7fade062122a22209ce67d9
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: c2ddba63e4a2bd2e39a8b6c2c6384aae
SHA256: 6d5c1c78341c6f84911055d970addb0ec3499f8bf7fade062122a22209ce67d9
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RFe67be.TMP
text
MD5: 67f45caa18c889645f50cd6216c81e65
SHA256: 33ed82cdddffd55a5059c147c6cd20f66c6712314f890a39576d3c10914d0029
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: 67f45caa18c889645f50cd6216c81e65
SHA256: 33ed82cdddffd55a5059c147c6cd20f66c6712314f890a39576d3c10914d0029
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: fb5b20517a0d1f7dad485989565bee5e
SHA256: 99405f66edbeb2306f4d0b4469dcadff5293b5e1549c588ccfacea439bb3b101
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: 1a89a1bebe6c843c4ff582e7ed33ca1f
SHA256: 65099ca087b66aa8ca420ab121daad713e1db5a61c5a574d9b1c0df24f012520
348
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
1196
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
3
TCP/UDP connections
28
DNS requests
12
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
492 chrome.exe GET 200 151.139.128.14:80 http://crl.comodoca.com/AAACertificateServices.crl US
der
whitelisted
492 chrome.exe GET 200 151.139.128.14:80 http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEChOOcFLOG2InHKZ5YzQWlc%3D US
der
whitelisted
492 chrome.exe GET 200 151.139.128.14:80 http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS83pEmglYTXfyF78OS%2BRiTRWadkgQULGn%2FgMmHkK404bTnTJOFmUDpp7ICEAfXyLft0BpAiKD7FtWl4yU%3D US
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
492 chrome.exe 142.250.185.237:443 Google Inc. US suspicious
492 chrome.exe 65.9.66.13:443 AT&T Services, Inc. US unknown
492 chrome.exe 172.217.18.99:443 Google Inc. US whitelisted
492 chrome.exe 3.140.18.175:443 US unknown
492 chrome.exe 3.143.84.231:443 US unknown
492 chrome.exe 151.139.128.14:80 Highwinds Network Group, Inc. US suspicious
492 chrome.exe 99.86.2.49:443 AT&T Services, Inc. US unknown
492 chrome.exe 13.32.23.194:443 Amazon.com, Inc. US unknown
492 chrome.exe 65.9.66.105:443 AT&T Services, Inc. US unknown
492 chrome.exe 44.237.23.82:443 University of California, San Diego US unknown
492 chrome.exe 142.250.186.110:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
accounts.google.com 142.250.185.237
shared
ssl.gstatic.com 172.217.18.99
shared
secure.virtru.com 3.140.18.175
3.143.84.231
3.131.178.82
malicious
crl.comodoca.com 151.139.128.14
whitelisted
ocsp.usertrust.com 151.139.128.14
whitelisted
ocsp.sectigo.com 151.139.128.14
whitelisted
cdn.virtru.com 99.86.2.49
99.86.2.98
99.86.2.80
99.86.2.32
whitelisted
cdn.amplitude.com 13.32.23.194
13.32.23.136
13.32.23.160
13.32.23.71
whitelisted
api.virtru.com 65.9.66.105
65.9.66.88
65.9.66.13
65.9.66.83
whitelisted
api.amplitude.com 44.237.23.82
52.37.140.69
34.216.119.199
35.167.210.48
54.70.137.22
44.238.7.162
52.40.97.110
54.189.242.60
whitelisted
clients1.google.com 142.250.186.110
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.