General Info

File name

Invoice Documents.zip

Full analysis
https://app.any.run/tasks/41bc1870-0dde-4051-b8b6-58e451b7cf54
Verdict
Malicious activity
Analysis date
3/14/2019, 18:45:38
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

autoit

trojan

nanocore

rat

stealer

opendir

Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

11435d732a81575aac4c31ae11ef0faf

SHA1

a29d5c0f86cac1a9bfe3386132b40f0c82e30d75

SHA256

534294ec46c7e528a7e6ad708a2950e5efc76c4b0cd69a7d93ce1c5074abd378

SSDEEP

24576:D+d+6KMSywevNdTvO7XIbv0YzhIPl3XUq49GIos:DAuMIMN1q4bv0Yzm93oV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • INVOICE 2019.exe (PID: 3180)
  • wgs.exe (PID: 2600)
  • wgs.exe (PID: 2720)
Actions looks like stealing of personal data
  • vbc.exe (PID: 4064)
  • vbc.exe (PID: 2884)
Changes the autorun value in the registry
  • wgs.exe (PID: 2600)
  • RegSvcs.exe (PID: 3736)
Stealing of credential data
  • vbc.exe (PID: 2884)
NanoCore was detected
  • RegSvcs.exe (PID: 3736)
Connects to CnC server
  • RegSvcs.exe (PID: 3736)
Loads DLL from Mozilla Firefox
  • vbc.exe (PID: 2712)
Connects to unusual port
  • RegSvcs.exe (PID: 3736)
Drop AutoIt3 executable file
  • INVOICE 2019.exe (PID: 3180)
Application launched itself
  • wgs.exe (PID: 2720)
Executable content was dropped or overwritten
  • INVOICE 2019.exe (PID: 3180)
  • WinRAR.exe (PID: 3500)
Executes scripts
  • RegSvcs.exe (PID: 3736)
Creates files in the user directory
  • RegSvcs.exe (PID: 3736)
Dropped object may contain Bitcoin addresses
  • INVOICE 2019.exe (PID: 3180)
  • wgs.exe (PID: 2720)
Reads settings of System Certificates
  • chrome.exe (PID: 2848)
Application launched itself
  • chrome.exe (PID: 2848)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
null
ZipCompression:
Deflated
ZipModifyDate:
2019:03:14 11:15:19
ZipCRC:
0x9b8d7f64
ZipCompressedSize:
869306
ZipUncompressedSize:
934019
ZipFileName:
Invoice Documents/INVOICE 2019.exe

Screenshots

Processes

Total processes
60
Monitored processes
29
Malicious processes
5
Suspicious processes
0

Behavior graph

+
drop and start start drop and start winrar.exe invoice 2019.exe wgs.exe no specs wgs.exe #NANOCORE regsvcs.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs vbc.exe vbc.exe no specs vbc.exe no specs vbc.exe no specs vbc.exe no specs vbc.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs vbc.exe vbc.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3500
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Invoice Documents.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\users\admin\appdata\local\temp\rar$exa3500.6215\invoice documents\invoice 2019.exe

PID
3180
CMD
"C:\Users\admin\AppData\Local\Temp\Rar$EXa3500.6215\Invoice Documents\INVOICE 2019.exe"
Path
C:\Users\admin\AppData\Local\Temp\Rar$EXa3500.6215\Invoice Documents\INVOICE 2019.exe
Indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
U75TC71WS86P
Description
D83VS85AQ87T
Version
C84VT85JZ90O
Modules
Image
c:\users\admin\appdata\local\temp\rar$exa3500.6215\invoice documents\invoice 2019.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\users\admin\appdata\local\temp\23633053\wgs.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
2720
CMD
"C:\Users\admin\AppData\Local\Temp\23633053\wgs.exe" buw=lpj
Path
C:\Users\admin\AppData\Local\Temp\23633053\wgs.exe
Indicators
No indicators
Parent process
INVOICE 2019.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
AutoIt Team
Description
AutoIt v3 Script
Version
3, 3, 14, 5
Modules
Image
c:\users\admin\appdata\local\temp\23633053\wgs.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2600
CMD
C:\Users\admin\AppData\Local\Temp\23633053\wgs.exe C:\Users\admin\AppData\Local\Temp\23633053\NCOBY
Path
C:\Users\admin\AppData\Local\Temp\23633053\wgs.exe
Indicators
Parent process
wgs.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
AutoIt Team
Description
AutoIt v3 Script
Version
3, 3, 14, 5
Modules
Image
c:\users\admin\appdata\local\temp\23633053\wgs.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\regsvcs.exe

PID
3736
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Indicators
Parent process
wgs.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Services Installation Utility
Version
4.6.1055.0 built by: NETFXREL2
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\regsvcs.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\bcrypt.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrcompression.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\4dfa27fdd6a4cce26f99585e1c744f9b\system.management.ni.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
c:\windows\system32\sxs.dll
c:\windows\system32\devenum.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll

PID
2848
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\mssprxy.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\mf.dll
c:\windows\system32\shdocvw.dll

PID
3664
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f4e00b0,0x6f4e00c0,0x6f4e00cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2988
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2880 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
2172
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1004,2237042951565875675,12269565573791572058,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=CFB2E49423CA261CFBC49268937170AC --mojo-platform-channel-handle=996 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3236
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,2237042951565875675,12269565573791572058,131072 --enable-features=PasswordImport --service-pipe-token=5AD000FCA1A9B23187DB18955F3FA0CB --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5AD000FCA1A9B23187DB18955F3FA0CB --renderer-client-id=5 --mojo-platform-channel-handle=1776 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3816
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,2237042951565875675,12269565573791572058,131072 --enable-features=PasswordImport --service-pipe-token=F55B6359E30524C1549C170FCBD780B7 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=F55B6359E30524C1549C170FCBD780B7 --renderer-client-id=3 --mojo-platform-channel-handle=2068 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2900
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,2237042951565875675,12269565573791572058,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=C58E299AFF793FF96F669A653B9B6150 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=C58E299AFF793FF96F669A653B9B6150 --renderer-client-id=6 --mojo-platform-channel-handle=3584 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2888
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1004,2237042951565875675,12269565573791572058,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=FBB5BC7E7A25EB5EEBFC8FBF4C232CE0 --mojo-platform-channel-handle=3780 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3308
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,2237042951565875675,12269565573791572058,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=9171CDC6714ED68A463351F4721EA57F --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9171CDC6714ED68A463351F4721EA57F --renderer-client-id=8 --mojo-platform-channel-handle=3460 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3528
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1004,2237042951565875675,12269565573791572058,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=E6423B13D699E5777B0499DF0D01E554 --mojo-platform-channel-handle=3900 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2884
CMD
"c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe" /shtml "C:\Users\admin\AppData\Local\Temp\tnijf1sr.vle"
Path
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
Indicators
Parent process
RegSvcs.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
14.0.1055.0
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptbase.dll

PID
2620
CMD
"c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe" /shtml "C:\Users\admin\AppData\Local\Temp\jehr3q5a.vdq"
Path
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
Indicators
No indicators
Parent process
RegSvcs.exe
User
admin
Integrity Level
MEDIUM
Exit code
4294967295
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
14.0.1055.0
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
c:\systemroot\system32\ntdll.dll

PID
4008
CMD
"c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe" /shtml "C:\Users\admin\AppData\Local\Temp\jehr3q5a.vdq"
Path
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
Indicators
No indicators
Parent process
RegSvcs.exe
User
admin
Integrity Level
MEDIUM
Exit code
4294967295
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
14.0.1055.0
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
c:\systemroot\system32\ntdll.dll

PID
4084
CMD
"c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe" /shtml "C:\Users\admin\AppData\Local\Temp\jehr3q5a.vdq"
Path
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
Indicators
No indicators
Parent process
RegSvcs.exe
User
admin
Integrity Level
MEDIUM
Exit code
4294967295
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
14.0.1055.0
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
c:\systemroot\system32\ntdll.dll

PID
4016
CMD
"c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe" /shtml "C:\Users\admin\AppData\Local\Temp\jehr3q5a.vdq"
Path
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
Indicators
No indicators
Parent process
RegSvcs.exe
User
admin
Integrity Level
MEDIUM
Exit code
4294967295
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
14.0.1055.0
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
c:\systemroot\system32\ntdll.dll

PID
1980
CMD
"c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe" /shtml "C:\Users\admin\AppData\Local\Temp\jehr3q5a.vdq"
Path
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
Indicators
No indicators
Parent process
RegSvcs.exe
User
admin
Integrity Level
MEDIUM
Exit code
4294967295
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
14.0.1055.0
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
c:\systemroot\system32\ntdll.dll

PID
2448
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,2237042951565875675,12269565573791572058,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=B8F20C228C3C0C8E2704B9F5FE5E7544 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=B8F20C228C3C0C8E2704B9F5FE5E7544 --renderer-client-id=10 --mojo-platform-channel-handle=2256 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3600
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1004,2237042951565875675,12269565573791572058,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=382D4C14991138CCCADFC171847F09D0 --mojo-platform-channel-handle=3856 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
2428
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1004,2237042951565875675,12269565573791572058,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=C090082786744B1D7F8CFAB169C491DE --mojo-platform-channel-handle=3956 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2428
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1004,2237042951565875675,12269565573791572058,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7A18ACFB50D8658F6A0C285EEDF9F45E --mojo-platform-channel-handle=612 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\webio.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\kernelbase.dll
c:\systemroot\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winmm.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dxgi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptbase.dll

PID
4076
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,2237042951565875675,12269565573791572058,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=79C81D5E947C19830CA3B5E7353BE831 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=79C81D5E947C19830CA3B5E7353BE831 --renderer-client-id=15 --mojo-platform-channel-handle=4064 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
4064
CMD
"c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe" /shtml "C:\Users\admin\AppData\Local\Temp\gvs0wnxk.ge5"
Path
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
Indicators
Parent process
RegSvcs.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
14.0.1055.0
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptbase.dll

PID
2712
CMD
"c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe" /shtml "C:\Users\admin\AppData\Local\Temp\iwn0ee3r.tc1"
Path
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
Indicators
No indicators
Parent process
RegSvcs.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
14.0.1055.0
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\vbc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll
c:\windows\system32\vaultcli.dll
c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
3116
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1004,2237042951565875675,12269565573791572058,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=C88E8CE983CEA22FFC2524C6D7FD41F9 --mojo-platform-channel-handle=3476 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
1370
Read events
1284
Write events
84
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
3180
INVOICE 2019.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3180
INVOICE 2019.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2600
wgs.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
WindowsUpdate
C:\Users\admin\AppData\Local\Temp\23633053\wgs.exe C:\Users\admin\AppData\Local\Temp\23633053\BUW_LP~1
3736
RegSvcs.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
TCP Monitor
C:\Users\admin\AppData\Roaming\90059C37-1320-41A4-B58D-2B75A9850D2F\TCP Monitor\tcpmon.exe
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2848
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2848
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2848
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2848
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2848
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2848
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13197059198424125
2848
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
F4EB8F158EDAD401
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
2848
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
E66C478D31C88E385C12196DA2217292775A6D28ADD6CAA4278CE14B456CBD5D
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
784CF6EA529818AD07DE6B588FD426C1A8C9DA4DCE752BAB816505F7AA891C18
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
1B4CF5637D416511404EB1A6D5C68418958B887F2BAB97228A3CCA51F05D1BA0
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
A663FEA674D43B28E59E8681D61CAF27EB8B5B04E15CC1978C6C4F8250C5E691
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
5EDDEEFAE6F266E1D4F043EA0331C7851A86245610506165650ABA30B78231C2
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
18A8B791BA0506EFC8C0B3FBC6BBDC960998CBF14F4317D8C02592E45FC5409C
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
37A858BD3327FACA61D625B462EC605ED64E520E108B94F4C3325B757DB435C4
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
17F7787CEDB9B66B8D78F7E985DCA6E31DBA26B1F7D92176EDBEDAFB5838AEBC
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
9A0044B183822416E036FA2670FC5F085B3D015E358899EB0B24B5D6E5EEB39D
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
25A2CFE5732E5AB350D27D404282170295F08EE340DD092A31A392994AF030B4
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
EE254D7D1E9CB2526BC46D31A43CD82648FE55C9E6939CA06EEB2A7E83EFD525
2848
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
A741F5177C4E1F0D6F7FB4D457ADBA2F5A7FB8AA935525EF9D9E88A8A44BC905
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2848-13197059197689750
259
3500
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3500
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3500
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3500
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\Invoice Documents.zip
3500
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3500
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3500
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3500
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3500
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3500
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3600
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
2
Suspicious files
69
Text files
122
Unknown types
0

Dropped files

PID
Process
Filename
Type
3500
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa3500.6215\Invoice Documents\INVOICE 2019.exe
executable
MD5: 8ff36d5b66a2ced0ad0f2ee8d0060029
SHA256: f452e88a58304bf06848a0390d5ce0cc863e79d58f45b8dd5ecc739fcf46bd39
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\wgs.exe
executable
MD5: c56b5f0201a3b3de53e561fe76912bfd
SHA256: 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store
binary
MD5: e6e5ccfdbc49accf6cf9777a228b409d
SHA256: a070371532e774a987ba7a1d57b30231d0bd86c97f7daa7dfd0ac6ce7e7eb192
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store_new
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store
binary
MD5: 52baee999d585dc9d3727bad9048467b
SHA256: 3429dd1db5e6642e29fad5124688118263b6740d590372594b3a5f1478a6b9e5
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store
binary
MD5: 8402062d6164aba8ff15c07497281754
SHA256: bd8bd37efa9e7ab81bfac4a45596f46a836833dd6b77adf90d0c9ff82a3478d2
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store_new
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store_new
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store
binary
MD5: 0f09498dbbd2a78aa34d3d74f5bba927
SHA256: 4354f5b75ad8a05fb9fce0318c5810eee954c81f091f9a90188a991c35ffed49
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store
binary
MD5: bd2a05bc63a946ea99e1de94c59059c0
SHA256: 46a9238c3152029a3371ba7b757cac42b7feb9bfbf9f196b1fdd990261065978
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store_new
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store
binary
MD5: 5a219ad32c3933f1768430f7b9b9bc9d
SHA256: fe1feb78589a2b2460e07d65c3f8550dfe9477896fc220296084de0b4292a044
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store_new
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store
binary
MD5: 16e294070e1b5d8e1a9098ab7efebbd5
SHA256: ff88aecaa4eeb55e76cb9b90356d499abdd3eeb6c7aa32f89f4c95510132850d
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store_new
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store
binary
MD5: c2f7f4f26b8fcb74fc8b51ad6ffa66d3
SHA256: e4da958515946455da2d4110bef609a8183ade7db3d3f923d37b5be072f928ed
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store_new
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store
binary
MD5: a7d1433408f34efe80716beb9a6e2afb
SHA256: e45b6795a8bcc9d699001fe3f0c9a468f5294ab0c5a4a6d0fb627628f748f3ad
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store_new
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store
binary
MD5: da00f5f8a1e4bdb532342a9f0ab950a3
SHA256: 48efa99cdf638eb242b760569e6dbf15c0d0c78d6fa1e4e64ea15543d6bbca5a
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store_new
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store
binary
MD5: 43424ec9a25f29f141319f796f26ce91
SHA256: 2906a981195b60d9d011e0447981e7f9082c2b2089517e81f42b380f5c9248d8
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store_new
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: f77c4c20bfccf071ec0513af1074d507
SHA256: 9cebff2666bfe0e3075190db524ba3d6deb9eac1e866cc5f4bf85ba2809eafb9
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF1e1ac9.TMP
text
MD5: f77c4c20bfccf071ec0513af1074d507
SHA256: 9cebff2666bfe0e3075190db524ba3d6deb9eac1e866cc5f4bf85ba2809eafb9
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\7176803d-f96e-43bc-909d-2a70ddba382a.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 5684a080a34bdd9d68dbea1cc596d6d3
SHA256: 319158addd5ada1b4ef1e2043e200726aea7c5dce9fb3610d56c95a7f5e53ec1
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1e1914.TMP
text
MD5: 5684a080a34bdd9d68dbea1cc596d6d3
SHA256: 319158addd5ada1b4ef1e2043e200726aea7c5dce9fb3610d56c95a7f5e53ec1
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\8371ee7c-5dc6-4c48-9079-63972edf386c.tmp
––
MD5:  ––
SHA256:  ––
2712
vbc.exe
C:\Users\admin\AppData\Local\Temp\iwn0ee3r.tc1
––
MD5:  ––
SHA256:  ––
2712
vbc.exe
C:\Users\admin\AppData\Local\Temp\chp1001.tmp
––
MD5:  ––
SHA256:  ––
2712
vbc.exe
C:\Users\admin\AppData\Local\Temp\chp1000.tmp
––
MD5:  ––
SHA256:  ––
4064
vbc.exe
C:\Users\admin\AppData\Local\Temp\gvs0wnxk.ge5
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 21c29735d00a466b1b3b10209e6868c5
SHA256: b74cd4307091bb85614403af3979c241e0b467ab287352a1e0c2baf153e6e734
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1ccdb7.TMP
text
MD5: 21c29735d00a466b1b3b10209e6868c5
SHA256: b74cd4307091bb85614403af3979c241e0b467ab287352a1e0c2baf153e6e734
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\e240c87e-abcd-43f3-80e7-e6d2494a57f5.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 84673a145f88ec7eff5707bb987f14d8
SHA256: 70bdd3c34336274a1c042f5c399a995dcc2f4e27a6e1c7dc81b775b0b15abd1b
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF1c9daf.TMP
text
MD5: 84673a145f88ec7eff5707bb987f14d8
SHA256: 70bdd3c34336274a1c042f5c399a995dcc2f4e27a6e1c7dc81b775b0b15abd1b
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1b67c11b-4024-4c4a-9318-b129b5257670.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1c9ce3.TMP
text
MD5: 40cbd8d77cdcd4dd7bea9502306653d7
SHA256: b997ef6c48b0774d0f4f62a9ba453003c3b0244693a9c8f5b16d915bf22dc38c
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 40cbd8d77cdcd4dd7bea9502306653d7
SHA256: b997ef6c48b0774d0f4f62a9ba453003c3b0244693a9c8f5b16d915bf22dc38c
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\e39ef44f-f354-4cae-b980-a422909e12c4.tmp
––
MD5:  ––
SHA256:  ––
2428
chrome.exe
C:\Users\admin\AppData\Local\Temp\e169fa58-10bb-4fb2-a372-39d390301449.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 283316.crdownload
compressed
MD5: 11435d732a81575aac4c31ae11ef0faf
SHA256: 534294ec46c7e528a7e6ad708a2950e5efc76c4b0cd69a7d93ce1c5074abd378
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: 6d28ede710e7b83e4904bfc68dcdae46
SHA256: 524ba24b8233061478e855d3793005e4ce716923d9fcf6a444d9d729223cff80
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF1c3c16.TMP
binary
MD5: 6d28ede710e7b83e4904bfc68dcdae46
SHA256: 524ba24b8233061478e855d3793005e4ce716923d9fcf6a444d9d729223cff80
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 1b31b4bc6d070b12dc4578faeb954813
SHA256: 0a2d347803a3861b9b24680fde93cc74009c951ece6e21437df62714048d820f
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1c2a82.TMP
text
MD5: 1b31b4bc6d070b12dc4578faeb954813
SHA256: 0a2d347803a3861b9b24680fde93cc74009c951ece6e21437df62714048d820f
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\c850d047-6766-440d-9226-9eaf5342118c.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 59942bf06f8896919a3c5697163a2138
SHA256: 85962acbaa82e8f4165a022e25bdccfd0856d19b18d68ab6b2e304db5c5e7cce
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1c2830.TMP
text
MD5: 59942bf06f8896919a3c5697163a2138
SHA256: 85962acbaa82e8f4165a022e25bdccfd0856d19b18d68ab6b2e304db5c5e7cce
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e74a4942-b886-44bb-8e1c-99f57dd964d8.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF1c15b2.TMP
text
MD5: 4562c92b5596969f745e8301bf4f1883
SHA256: ec9cd1596b00d64b93c1a0a24842d6273698d70b0459d26685cff2ed86575c23
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 4562c92b5596969f745e8301bf4f1883
SHA256: ec9cd1596b00d64b93c1a0a24842d6273698d70b0459d26685cff2ed86575c23
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\8c76e1a4-48e5-4eeb-848f-b588423d976c.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\13c54391-5df3-4e12-b9a0-21e9f84ceb18\index-dir\the-real-index~RF1c0da4.TMP
binary
MD5: 81a15210e5b5e7ea7d3de389b27c400e
SHA256: e1158422db3174602c8dde3e8320c76dacbff1408c943e6d933ff0dc07908681
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\13c54391-5df3-4e12-b9a0-21e9f84ceb18\index-dir\the-real-index
binary
MD5: 81a15210e5b5e7ea7d3de389b27c400e
SHA256: e1158422db3174602c8dde3e8320c76dacbff1408c943e6d933ff0dc07908681
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\13c54391-5df3-4e12-b9a0-21e9f84ceb18\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 283316.crdownload
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
binary
MD5: 6faba76c5d82ebf4a8422b3e745a09af
SHA256: 3ecf91124d6a7fa9398f1c127a00d19ae9469729401a5108b2134251abf989f5
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF1c0d65.TMP
binary
MD5: 6faba76c5d82ebf4a8422b3e745a09af
SHA256: 3ecf91124d6a7fa9398f1c127a00d19ae9469729401a5108b2134251abf989f5
2848
chrome.exe
C:\Users\admin\Downloads\a52e7b59-2667-4a6f-a5c9-1628e4f8005f.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d73c523a-7eae-49c1-89b2-16017f5581c9.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF1c02a7.TMP
binary
MD5: 742a05b3ec3ed1594b462378d8c1d408
SHA256: dce9ee45946eb33574c95c52c1f0191f7bfd2903e6036be94d36e9eaa4dbae4e
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.tmp
––
MD5:  ––
SHA256:  ––
2884
vbc.exe
C:\Users\admin\AppData\Local\Temp\tnijf1sr.vle
html
MD5: 817b840a155d370843aa8330f0ebd11e
SHA256: e1e94ee4a2719216e7fd8787e02d7b0042cf736f88852774b3fb0f4c662d0c2a
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1bf096.TMP
text
MD5: 89533aa3ab04edb3f6afb82dc47d5310
SHA256: cb28071c59130ee68553bf262b5e2b2bde07648d42fdbef028fc4bef01ddad68
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ca55d679-328e-489a-9582-aa288f75bbfe.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF1bef2f.TMP
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: 742a05b3ec3ed1594b462378d8c1d408
SHA256: dce9ee45946eb33574c95c52c1f0191f7bfd2903e6036be94d36e9eaa4dbae4e
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF1bef1f.TMP
binary
MD5: 742a05b3ec3ed1594b462378d8c1d408
SHA256: dce9ee45946eb33574c95c52c1f0191f7bfd2903e6036be94d36e9eaa4dbae4e
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF1bef1f.TMP
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\13c54391-5df3-4e12-b9a0-21e9f84ceb18\3c591a788eaefe73_0
binary
MD5: cc667199ebf30fe923cf9452489d0bb2
SHA256: d14d2155a550130bbd29cb8e0ae6f0c058d8cf1f915676898d62e732220d35c0
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\13c54391-5df3-4e12-b9a0-21e9f84ceb18\3c591a788eaefe73_1
binary
MD5: c687cc7e777bc441e306474c420a45f1
SHA256: bd3463b748776a6cb2b25a4b6230be9144442e6e4507a86eea2d7d00abd0e697
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\13c54391-5df3-4e12-b9a0-21e9f84ceb18\4db55b0a5eaa7ca5_0
binary
MD5: 40f5c8f13a4bcc0061ded591fa8e5130
SHA256: d06a794299293b6505c50b33aa8412c0196639f4c5bd7a7c388754331a6f633f
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
binary
MD5: f05a469d3be8f7097c87c694ff5f58ca
SHA256: cb2279e2c689a0359101d9c714657c7b84006d3eab2c90f777620e4e58642bda
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF1bedf6.TMP
binary
MD5: b68650f66f946f0574d7aec44d04ce78
SHA256: 31f5125d631e0abe3d0f6e7095fa4c69da852480fa13e7eaafddbf4146997de0
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\13c54391-5df3-4e12-b9a0-21e9f84ceb18\index
text
MD5: 4f67aba5cb5b04976834ad6da18d2017
SHA256: 4476d281b3d119577eb8f19fd90e042e5a456cba30d0bb16d05654acc91aec5b
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1
binary
MD5: 3f8102b045195613d44bb1fc482a40ae
SHA256: 746e7c56b7f1cd4a0203708b8f4ba73a61133c59e78e5ec0af38bd9b238f7827
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\13c54391-5df3-4e12-b9a0-21e9f84ceb18\index-dir\the-real-index
binary
MD5: e7f88773e17edc901d62233db5d45912
SHA256: 887342ffd92cb987151587350bcd11efdd3712e5c7d22256a424c391100212d8
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: b68650f66f946f0574d7aec44d04ce78
SHA256: 31f5125d631e0abe3d0f6e7095fa4c69da852480fa13e7eaafddbf4146997de0
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0
binary
MD5: 474b3141dcbb4409cf360aaa1039c565
SHA256: 72e9c772c19773c05f9d0139605f18ba6d469ad2f330d7b74ee1a3ffa3c74f53
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF1bec21.TMP
text
MD5: d8271943680b61d3ea5b5c71b51b7212
SHA256: 88477127af1f8c19497a053426806391b1499b5477c85661880e02e42ed88293
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: d8271943680b61d3ea5b5c71b51b7212
SHA256: 88477127af1f8c19497a053426806391b1499b5477c85661880e02e42ed88293
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\155a9e82-5f5a-4dad-bdf8-f7b28170c143.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF1bdf02.TMP
binary
MD5: 8725f87ff5533a8efdaf4de14dc1e8da
SHA256: e61905ea2858ebdbb0993b7de23de0758d012e059fcaceb9839e5483fe255626
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
binary
MD5: 8725f87ff5533a8efdaf4de14dc1e8da
SHA256: e61905ea2858ebdbb0993b7de23de0758d012e059fcaceb9839e5483fe255626
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: 61b54d7defbf2c0d98296619b6b09412
SHA256: 20bf90b217477eb003006ba79530b72e8a47967b7f970cf637c5681c31e40fb0
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF1bdd6c.TMP
binary
MD5: 61b54d7defbf2c0d98296619b6b09412
SHA256: 20bf90b217477eb003006ba79530b72e8a47967b7f970cf637c5681c31e40fb0
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 5cb84be1235e3ac5e5c86d171f14562f
SHA256: 9cbfa23b9adba0d706fc9931f48932affa33a2f23ecfba6bab82cc37b7f10d4e
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF1bb33f.TMP
text
MD5: 5cb84be1235e3ac5e5c86d171f14562f
SHA256: 9cbfa23b9adba0d706fc9931f48932affa33a2f23ecfba6bab82cc37b7f10d4e
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d83e2d22-4afd-4c57-bd09-e3969feaf5af.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1bb2b2.TMP
text
MD5: a6c69f1b68cc016c6ee6bbd9d07a0c0a
SHA256: 03bde9074c12aef57ab2e12af27e2aed40c5c81d0a143355dcd338c53dab215c
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: a6c69f1b68cc016c6ee6bbd9d07a0c0a
SHA256: 03bde9074c12aef57ab2e12af27e2aed40c5c81d0a143355dcd338c53dab215c
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5b7eac35-5889-4589-acbc-578df1151de3.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 89533aa3ab04edb3f6afb82dc47d5310
SHA256: cb28071c59130ee68553bf262b5e2b2bde07648d42fdbef028fc4bef01ddad68
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1bb245.TMP
text
MD5: 89533aa3ab04edb3f6afb82dc47d5310
SHA256: cb28071c59130ee68553bf262b5e2b2bde07648d42fdbef028fc4bef01ddad68
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\266432c2-8f4e-49f0-9f42-f4cf64d9870a.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG
text
MD5: 2a36b8e9fc8d270ef493f8abb7ee2e35
SHA256: 37ddf2c608713744a16ad73630b28ef08831edf83b75b6089518029a5de657a8
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log
binary
MD5: 991641dbcc63a7eacba784846f16492f
SHA256: d402a1e89776f26565012ebd063638b57e09e58efc77105415906eebafc0fdd0
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
compressed
MD5: c56ae712affba11eaf7d2c39157578f0
SHA256: d0a3d50c65fc89bcac840567856ec2c8bc424b0b2ecf9314b369f1d38b9ae507
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: e2ae9c74a4bd22da61b6befbc0a3a72a
SHA256: 537cc12afd324449013cb2f91aa4a9f5c1fb612fdec92c47dcb5d57535523d36
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF1ba46a.TMP
binary
MD5: e2ae9c74a4bd22da61b6befbc0a3a72a
SHA256: 537cc12afd324449013cb2f91aa4a9f5c1fb612fdec92c47dcb5d57535523d36
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
binary
MD5: 93cfc11bf1b56b3566c4f95a090e3583
SHA256: 7df61b5242659fb151b7d6de0351c70872919a9106ea949b291ad54291ee0fcb
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
compressed
MD5: add5bb80416c26f7c28719e958358b3f
SHA256: a306c0648ad5677440b32ea320034994f934eb02df8bdd75c27f6bf785fefc20
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
image
MD5: 0515236318ac3251ff39eb8372a0c129
SHA256: 228cb9c602929e1a2fb17408fe812af3599ab9f734d0b7c499ab79e15c5b8dd4
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF1b93a1.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
compressed
MD5: 5ec2373f987c5cfe9c87589a09ca0e2e
SHA256: 1fd38675f82701824ea35f327e1d127b92100ce6bf942bf6c98a67528c165321
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
binary
MD5: 88914f2c512617a8786affa4ee34b4f1
SHA256: 6c6887c014a691e863df624c7f0d156f76507422ebeb985f34b01ecd32fb2f08
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\da2fd636070f0764_0
binary
MD5: ad0e20d852013105e380a1a3c2a062db
SHA256: 25c74f79f4440525a4cb80a35915ca2df9165b0d98399b65b16c598be3af7541
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\40bba07c05914591_0
binary
MD5: 94b2a5a0a813ded8c0b12e053978f1a2
SHA256: 16e465d1758c47eb32da0f680a504f35f4fb10e51a387432bbfd709fa7d595e1
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG.old
text
MD5: 65e3a899ee20811d157b572ffa34a607
SHA256: fdbc070214092df54b10dc06b2a40f0cc30ad00d410ba67de9f98a3d53f08a75
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF1b9084.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\3c591a788eaefe73_0
binary
MD5: c958b5193991c8afbbf4b07ac9ef9a69
SHA256: ecf7265ac1034cedad7238b9cc209a34e16873a4b4a9e461a9ae9c18dd606f2f
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: 968b1872a9d4b212ac9380b3ed8dd0c3
SHA256: 69257ed8c5c38d9cda863e4f684283c96ccaec2fe4e0eb95985a1c3881625b59
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF1b8ff8.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\50da1ec5d44a313d_0
binary
MD5: 236bc0bd44e83e8f6d3359c243708a18
SHA256: 152e6a9ea4251c235576b5694a92cd92835d4ccda89f5bd0f55910f372f627b5
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\3a41e250d088c297_0
binary
MD5: 7f2c65e63a0f05b58670a75940319467
SHA256: e3af200038e579d879176b3ccccfaf9367486265e23ba89958ba582f5169137f
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF1b8f8a.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF1b8f4c.TMP
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
binary
MD5: d72a66b88041cae66bdebd6db86dbdbc
SHA256: 5480a731599783403bc6d4a3dd0e72ef8f3fd8b61a13c10a77b5ff809e948c51
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: ddaacc1f776ad4c7a3cc261b426fa193
SHA256: 99855d555b0fbea87f0dc33702572fae746e4375d22cdd91b4f05a30a7a727e3
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF1b8ede.TMP
binary
MD5: ddaacc1f776ad4c7a3cc261b426fa193
SHA256: 99855d555b0fbea87f0dc33702572fae746e4375d22cdd91b4f05a30a7a727e3
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\25400e3b-a75f-4333-8aae-7b4a4365c858.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF1b8c6d.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF1b8c3f.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF1b8c2f.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF1b8c00.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF1b8c00.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\13d66197-1f77-4dad-aedc-dbff52413ed2.tmp
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
––
MD5:  ––
SHA256:  ––
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF1b8bd1.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF1b8bc2.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: 9543068b6751e1f3e11f91d72ee78d95
SHA256: d060ad21ae6e04cb58668caa52adfca573e018102cc07554d2ed3eae11ab7785
3736
RegSvcs.exe
C:\Users\admin\AppData\Roaming\90059C37-1320-41A4-B58D-2B75A9850D2F\settings.bin
binary
MD5: 4e5e92e2369688041cc82ef9650eded2
SHA256: f8098a6290118f2944b9e7c842bd014377d45844379f863b00d54515a8a64b48
3736
RegSvcs.exe
C:\Users\admin\AppData\Roaming\90059C37-1320-41A4-B58D-2B75A9850D2F\storage.dat
binary
MD5: 7e8f4a764b981d5b82d1cc49d341e9c6
SHA256: 0bd3aac12623520c4e2031c8b96b4a154702f36f97f643158e91e987d317b480
2720
wgs.exe
C:\Users\admin\AppData\Local\Temp\23633053\NCOBY
text
MD5: 3ef6326404d52ed20967a606c286178e
SHA256: 2e6ddff45be8e72069cffd191742cab70252bae4a7193ec0e43560083e181bfe
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\qno.ppt
text
MD5: db190ebbfdb0c6bf94572d1cd976b9da
SHA256: 958147b2a374106952d899dcf596490515317b85079da2d252cc797c19ea7058
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\lis.mp3
text
MD5: b8b81c9c0874551d903e78582256f2f0
SHA256: b4fe25fa76e69f41513f7ccda6455a4c3c4a631b2266dd730abeff932a558e87
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\rgr.jpg
text
MD5: 5523e83cb9428b214c566dafaa17d3dd
SHA256: 8c0a08b6206a30d2462a1319839985777a324e7ea0ddfcfca0cef271b78a6312
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\iqw.dat
text
MD5: c366e0c5510586b7f05d0f9027958ad6
SHA256: cd9835d11d5fe615c25e2696305b375b48d916b2042eb15e25e055cf02087ed8
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\jod.ico
text
MD5: c2aedd4fac98519c216431e0a24c474e
SHA256: 098f386a9f123b65188a07451b1f51e3531b772583c4f0d19a35fe6d04568df0
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\lec.xl
text
MD5: cb4c7fcedefcd680e542cd83cba469df
SHA256: 565867a94fcc2cd46b85c4d02814d5c447d7689e39e8749235d145b5b13814dd
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\mnm.dat
text
MD5: 5d93dc65bf396f4a94837950e9b17a00
SHA256: c2e02227c2e051534705c6e810e5fba3d50d7a7b934f5f2b45454fb71130a7d7
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\pfd.xl
text
MD5: 497ad2942bcb98ce4f3ddf58bd21f95a
SHA256: b6a4fc167b71b013e59554da533da4081019e2718f39d8ca773778d704c54bdc
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\iuc.pdf
text
MD5: 7c1d136f0e2783708794d8de448a5545
SHA256: 7e6401f53b89bb656928366d8eb4787406f71079ff166fba99ea39fa1ac6599c
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\mpl.pdf
text
MD5: 184f790386a614aebacdad406782f4bf
SHA256: cf86effa9282478aeef92272a6520beaa81409b7426abfa6b734c5aee0cae92c
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\qbt.mp3
text
MD5: a9070919e483ebd5988694365b518920
SHA256: 22a756f83253baa19ee16205fa049e5eecba10bec0984c134bb161e1a16c6591
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\rus.bmp
text
MD5: 96f8280e26d1c946a56c098ef386fbb8
SHA256: 54eb667be316e60026bc20a1cc8350f5a40c1ba342d3349c4f6f6e300e0da2fd
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\ptt.icm
text
MD5: ba9c60eeaa1795d9e755d044ed94a634
SHA256: 42d6c257eb663f0e0262115ff637e63fedc5544d24bfa6c17e186c8fcecd5e7e
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\qbp.mp4
text
MD5: 8a485da1ec368e3b02dd3ba7706087d8
SHA256: 9e21698bd8b3b420a995a00098c87e94ffba48da00ce9534e20f47accf8d41f2
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\ksr.icm
text
MD5: 41ac7e9addc1ae4786d84dd2f96f0179
SHA256: 92d2484aa92446bfb0ff3b43da174ba27d0958f0c716b8ffde633f018dfe5ec4
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\eng.icm
text
MD5: eb8fc5fcaaa249c0454adb63ffb70100
SHA256: 6ba27dec7fb1845c894cf3d95beedb12b994ed2939f6a71dc1a248ebee8f116e
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\rdv.mp3
text
MD5: cea9266399cec0d3486622837b0497f8
SHA256: ab9a58c578e5b2b8588c0cfb968284cd377b698879077a2d56ef0d47caaf4ead
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\hvc.ppt
text
MD5: 2ccfc50627884fc11d6be4de9e129952
SHA256: efb2e9f58cc7200b47af08c5ad211b717fefd1e79334087f688f754b2db9e2e9
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\lcm.jpg
text
MD5: 4748aca6669db27f150dd5e5244c2ce6
SHA256: 5b9cb0faf96800662da106e6756944364cef9f233c09f91f577dc4bb6c9fb43d
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\plu.txt
text
MD5: 62e15abef6011096d977323146042b94
SHA256: 18826b30d8f22b15683ad21d2c30a0e58297b9672133feefc4a4d3beb4654790
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\pnu.dat
text
MD5: 2e64192a095d55fafe09c5f373d47a8c
SHA256: c028bef0db192d658c91746c2f0879620efee40740415feeaf8b476640452ea5
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\orc.dat
text
MD5: 260080a6a42daebb4733edd08cd25c38
SHA256: 84e9d5b7d53bd1486b5a28e7e4564979962f20b06b10d38e1616c7bc5e644be8
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\oqh.pdf
text
MD5: 6dc6b682990aee736799c7a3dcd4d2c5
SHA256: e3063aaada2e0074fa1c1781a5f095c3d38d619fe319780486582efd199e2942
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\jjo.dat
text
MD5: 890ebb976dd0299c51c83bc8f7736fa8
SHA256: 73c05b69d945a5d7699347a977106b156c653a62c163f2b598710f5f808d4494
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\wpv.mp4
text
MD5: e25f03a8c123b50b7da9522742a7f96d
SHA256: 40c20f54e99d5c824dd00938294f7b953dc332ac1a65fb6769d85c211e2ab06e
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\fxh.mp3
text
MD5: 2a533f89ed2dbe5d4b200cf1219459a1
SHA256: 2abab6d9054f0bc95e54d73f364908258e8dfe560b111568bee6d88e2b268cba
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\xpf.icm
text
MD5: d1ae551cd87292e9e63df7eadcb5731e
SHA256: 1460ed8d2e66ba13c642a75d07e3a57f7af68db02052d52596635079bb86d289
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\ven.jpg
text
MD5: d24aa6b72adcc1aa37ad5b672fe4ce41
SHA256: 652892f5c0e41dcb44252e98f9dc2f4bc9b8b4f03fc22db7a75939be063ffbcb
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\dcl.ico
text
MD5: 20dd42a032b7ae003c51f6b74daf1426
SHA256: 61b3465fde2b0fe18211009a6eacf75ba5003b129b42524584e29d81d7413d18
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\tec.mp4
text
MD5: 09c103b52a575f9215d5286bcd9f7677
SHA256: e64de7b8bd3aaaa4285cf8dbf4dab60b29fb9d405759115e6f8d550e33501505
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\fqf.ppt
text
MD5: 10e43168d5b5560797c01242e5019f54
SHA256: e9589b68fa6b579e50ae5d253f7bdc2eebdffd55d9581332d307643cdedc8998
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\gfw.jpg
text
MD5: 67ab0afc87603d32fb4736109d73da20
SHA256: 809cb0b88ecefb1a7ecd1a0e4ac52a49d4b796de528a4d4d5e107fa5578e270a
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\cfs.ppt
text
MD5: 371fdaeb1656cda2029cbc7746f4b148
SHA256: 4211d2b9c8e420fa0bbd35442da9282a677319a9050699d54c87bb0cfec1e963
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\jwj.pdf
text
MD5: 6845aa067a77f4901f4c749dcedb5000
SHA256: 9dbcebb81aedfc0f2a613f19f6199dd38d9fa6be7ef55fcd4d74625c10665bc3
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\pjh.txt
text
MD5: 9a12d7ea76c5bda624220bf19ebb256a
SHA256: 419d25350a7d616eec79f878fce77539243c16efef46b9f7f8ad6c5797c61505
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\hme.mp4
text
MD5: f746d2a75f693f05b7a69c4b40a01eb1
SHA256: 0064e146a77dcea352986b9773347eb28e24fa3ab92e493b2cbd5f6f524540c8
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1e5571.TMP
text
MD5: 21c29735d00a466b1b3b10209e6868c5
SHA256: b74cd4307091bb85614403af3979c241e0b467ab287352a1e0c2baf153e6e734
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\kuf.icm
text
MD5: 9a1f3a2d58d8776db4a71ec76dfcde3c
SHA256: c962c6522cfb41b79afc775a011c4cc9c37fc118f891a66289a0f2302f09beb7
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\pph.mp4
text
MD5: 91c3f3eca5363dbcd06dca315adc2732
SHA256: 8fa08207c6680304049d020cac7c6b481748682ac0858e02e7b7ec32e79672f4
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\wca.icm
text
MD5: 1ed051f8dc1ae6f3601d19a55256a658
SHA256: d01ac16cb8a75ce173a2679b044209b3bda9314b14f64263ca9d07ce29c19cd0
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\xcq.dat
text
MD5: f8321f232cd449c6cc6fc41ca6eaf9ee
SHA256: ac9c4be800ab6c4b28664dfa8d9d57f80addb5f9248a5ce7dec16d6357af36b9
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\kin.pdf
text
MD5: 301a22129a44db3f62419cd657f32096
SHA256: b62f62fd0f19074e96f71135501f545121d7106cccc4fbc8a7012fee2fb83cb6
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\buw=lpj
text
MD5: dc68313416226b2247ae11e641833686
SHA256: 48d7cba16f4cd83e6bbb05ca909836fa85c0cbbee2b1ddecf006277b3c31efc4
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\rui.txt
text
MD5: 9e57eb568acfb78e40580269a3bf6288
SHA256: 3a88928c4fc810799b0e76571fd5a464475c95123157fcbbcab821c77a4465bc
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\wlp.ppt
text
MD5: 8cc74d7b0656627b8acbb8a457f997a5
SHA256: 575b79f4a99ae08bc45e29d7230b0964bd347666a788e46a949080389047e70f
3180
INVOICE 2019.exe
C:\Users\admin\AppData\Local\Temp\23633053\daa.mp3
text
MD5: 65d02dea9bd83e45405d13560dac0bc2
SHA256: 630c00526ebe7dce4ae3c267f8735bc712f2d61ec1957cb2f92b707e41e45003
2848
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\f55b0dcb-9071-42d3-ab84-15a70893204b.tmp
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
27
DNS requests
19
Threats
87

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2848 chrome.exe GET 200 91.204.116.75:80 http://www.chassisxl.be/wp-content/languages/Invoice%20Documents.zip FR
compressed
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3736 RegSvcs.exe 8.8.8.8:53 Google Inc. US whitelisted
3736 RegSvcs.exe 5.2.79.228:5456 Liteserver VOF NL malicious
2848 chrome.exe 172.217.23.131:443 Google Inc. US whitelisted
2848 chrome.exe 216.58.208.35:443 Google Inc. US whitelisted
2848 chrome.exe 216.58.207.67:443 Google Inc. US whitelisted
2848 chrome.exe 172.217.23.170:443 Google Inc. US whitelisted
2848 chrome.exe 172.217.18.13:443 Google Inc. US whitelisted
2848 chrome.exe 216.58.207.35:443 Google Inc. US whitelisted
2848 chrome.exe 216.58.207.46:443 Google Inc. US whitelisted
2848 chrome.exe 216.58.210.4:443 Google Inc. US whitelisted
2848 chrome.exe 172.217.22.35:443 Google Inc. US whitelisted
2848 chrome.exe 216.58.205.234:443 Google Inc. US whitelisted
2848 chrome.exe 172.217.21.195:443 Google Inc. US whitelisted
2848 chrome.exe 77.55.7.116:443 Nazwa.pl Sp.z.o.o. PL unknown
2848 chrome.exe 91.204.116.75:80 AZNET s.a.r.l. FR unknown
2848 chrome.exe 216.58.210.14:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
likotrading.hopto.org 5.2.79.228
malicious
www.google.de 216.58.207.67
whitelisted
clientservices.googleapis.com 172.217.23.131
whitelisted
www.gstatic.com 216.58.208.35
whitelisted
safebrowsing.googleapis.com 172.217.23.170
whitelisted
accounts.google.com 172.217.18.13
shared
ssl.gstatic.com 216.58.207.35
whitelisted
apis.google.com 216.58.207.46
whitelisted
www.google.com 216.58.210.4
whitelisted
www.google.lv 172.217.22.35
whitelisted
fonts.googleapis.com 216.58.205.234
whitelisted
fonts.gstatic.com 172.217.21.195
whitelisted
aswe.pl 77.55.7.116
unknown
www.chassisxl.be 91.204.116.75
unknown
sb-ssl.google.com 216.58.210.14
whitelisted
clients1.google.com 216.58.207.46
whitelisted
clients2.google.com 216.58.207.46
whitelisted

Threats

PID Process Class Message
3736 RegSvcs.exe A Network Trojan was detected ET TROJAN Possible NanoCore C2 60B
3736 RegSvcs.exe A Network Trojan was detected MALWARE [PTsecurity] NanoCore.RAT
3736 RegSvcs.exe A Network Trojan was detected ET TROJAN Possible NanoCore C2 64B
3736 RegSvcs.exe A Network Trojan was detected MALWARE [PTsecurity] NanoCore.RAT
3736 RegSvcs.exe A Network Trojan was detected ET TROJAN Possible NanoCore C2 64B
3736 RegSvcs.exe A Network Trojan was detected MALWARE [PTsecurity] NanoCore.RAT
3736 RegSvcs.exe A Network Trojan was detected ET TROJAN Possible NanoCore C2 64B
3736 RegSvcs.exe A Network Trojan was detected MALWARE [PTsecurity] NanoCore.RAT
3736 RegSvcs.exe A Network Trojan was detected MALWARE [PTsecurity] NanoCore.RAT
3736 RegSvcs.exe A Network Trojan was detected ET TROJAN Possible NanoCore C2 64B
3736 RegSvcs.exe A Network Trojan was detected MALWARE [PTsecurity] NanoCore.RAT
3736 RegSvcs.exe A Network Trojan was detected MALWARE [PTsecurity] NanoCore.RAT
3736 RegSvcs.exe A Network Trojan was detected MALWARE [PTsecurity] NanoCore.RAT
3736 RegSvcs.exe A Network Trojan was detected MALWARE [PTsecurity] NanoCore.RAT
3736 RegSvcs.exe A Network Trojan was detected MALWARE [PTsecurity] NanoCore.RAT
3736 RegSvcs.exe A Network Trojan was detected MALWARE [PTsecurity] NanoCore.RAT
3736 RegSvcs.exe A Network Trojan was detected MALWARE [PTsecurity] NanoCore.RAT
3736 RegSvcs.exe A Network Trojan was detected ET TROJAN Possible NanoCore C2 60B

69 ETPRO signatures available at the full report

Debug output strings

No debug info.