General Info

URL

http://neuromarketing.tk/npmiw5ld/wtuds/mail_to_friend/mb_payment/links_login.php?weight=1by0w2zn5tvqx0

Full analysis
https://app.any.run/tasks/ee3b90d7-5577-4b3e-92fd-3803c5520abd
Verdict
Malicious activity
Analysis date
2/11/2019, 10:30:39
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

opendir

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
on
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads settings of System Certificates
  • chrome.exe (PID: 2980)
Application launched itself
  • chrome.exe (PID: 2980)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
38
Monitored processes
8
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2980
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://neuromarketing.tk/npmiw5ld/wtuds/mail_to_friend/mb_payment/links_login.php?weight=1by0w2zn5tvqx0
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll

PID
3708
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f4300b0,0x6f4300c0,0x6f4300cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2904
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2984 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
4048
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=924,14314600984727484759,16689743019633329455,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=B2E1C1888076D473A6BDD1020AE4BD29 --mojo-platform-channel-handle=1020 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2828
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=924,14314600984727484759,16689743019633329455,131072 --enable-features=PasswordImport --service-pipe-token=B9455384F4EF6E8F385C1B9E92958DF9 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=B9455384F4EF6E8F385C1B9E92958DF9 --renderer-client-id=4 --mojo-platform-channel-handle=1908 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3328
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=924,14314600984727484759,16689743019633329455,131072 --enable-features=PasswordImport --service-pipe-token=E5EAA1A6FB984A892442CB99A7F01DCE --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=E5EAA1A6FB984A892442CB99A7F01DCE --renderer-client-id=3 --mojo-platform-channel-handle=2044 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3952
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=924,14314600984727484759,16689743019633329455,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=707BB925707756B86AF1F599C076E255 --mojo-platform-channel-handle=3632 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
4068
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=924,14314600984727484759,16689743019633329455,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=805143836307953E9A7D2481D5FA8382 --mojo-platform-channel-handle=3436 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

Registry activity

Total events
497
Read events
455
Write events
41
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2980
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2980
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2980
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2980
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2980
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2980
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13194351056481250
2980
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2980-13194351055512500
259
4068
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
0
Suspicious files
8
Text files
68
Unknown types
0

Dropped files

PID
Process
Filename
Type
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 5d0447915df2cf3dc29f22a807895b95
SHA256: fa0b7182f9357a64d22a31e65db9eb800773949691811f8a8ac0d3bc3faec768
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
image
MD5: 559b052ebf07eb4abbf4212d64e3f998
SHA256: d981cbce30ae252759bdc711321c03d508999a20c631edbf59269a32d4bb7678
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\8861eab8-ff19-4217-a02b-106ccc4c544b.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 574c8758d65e4f8d152dfed530f55760
SHA256: 06ab988f146d27b88c019952326d971d0d71b5d04284be9f369cfb91c55cd96d
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF250887.TMP
text
MD5: 574c8758d65e4f8d152dfed530f55760
SHA256: 06ab988f146d27b88c019952326d971d0d71b5d04284be9f369cfb91c55cd96d
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\064bb441-2b07-437d-9256-1fd8674a7fc6.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF24d0ed.TMP
text
MD5: eb900519a844d87f6d04d20d9d16ed61
SHA256: 6b63bb6320123b4fdfa12951b33b271da94a7809db522709b02df65b176514f7
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\e19cdbf2-8ebe-47f3-9a37-54e0df89864b.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF249376.TMP
text
MD5: 518fc7567190058fed6c1184238c7b49
SHA256: c4a893feabfa09a00b5635fd3e82784af298a67527887b176e14398d1dcacd97
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 518fc7567190058fed6c1184238c7b49
SHA256: c4a893feabfa09a00b5635fd3e82784af298a67527887b176e14398d1dcacd97
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9359bcab-950a-48d6-9105-cc49815477d4.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: bb71a6daaf94b1f5cef9b29d6890d82c
SHA256: b93dd1ec4131a30ba39de52dcfdba464b2d42474122cea34581449fba1b83e12
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF249309.TMP
text
MD5: bb71a6daaf94b1f5cef9b29d6890d82c
SHA256: b93dd1ec4131a30ba39de52dcfdba464b2d42474122cea34581449fba1b83e12
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\dbddbabb-04d9-431e-9ea5-1cb54825b48d.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: eb900519a844d87f6d04d20d9d16ed61
SHA256: 6b63bb6320123b4fdfa12951b33b271da94a7809db522709b02df65b176514f7
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF2492ab.TMP
text
MD5: eb900519a844d87f6d04d20d9d16ed61
SHA256: 6b63bb6320123b4fdfa12951b33b271da94a7809db522709b02df65b176514f7
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\a8ff9a4a-d6ea-4874-9af8-4fa6dceb2af0.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF2473aa.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021
image
MD5: ec5c0f57807188daadca80f72e8e311b
SHA256: 2348df3f6ef9b95ba494e9341f3fc7c49117b8829fe03b5fb4cb47452f0c9208
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
image
MD5: d6f9a8fc50fee3f986d69c1b1d7e692d
SHA256: dfb62f50ef1b79f51a828ec76c179f39f83dc11e8be08c1e4da6795f7c49c6a7
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
image
MD5: 812d7991e0fabe1e8e3334115c4365e6
SHA256: 14d5f9ffa79fbb8269dc3d47805e07ae63e3db93b424cdce5fde53e4c6a0b43e
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
image
MD5: 042b661bcfa7930bbf6470659f506e19
SHA256: b8ff47c69f9495e6ea65471b668c7d0145a9b2122aa780087cd59ca4ef8644b5
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
image
MD5: b141754a7af79e85b95c129efa623e13
SHA256: 54e408290bafacaad2eaf0b17ec04ecf29ae7333a69784730a1af7d749b3c4a9
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
image
MD5: e34260258e02031fd24fd5f00e3a5750
SHA256: 494a3efdafd5407a5a88d922f5a4a72d71ac2f3ad8f3f9fe607f8cf89314dfa1
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
image
MD5: 9c44768f96799099d709dab99c1946c8
SHA256: e5f99941f717ee56ec795c58e4c73d8f72d15494deb92d94894e2f0ea0f47b7e
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
image
MD5: 25b3cbdbacb2a877ba466e2a52e4e585
SHA256: 1b7e0a2736aeb5f656f8b9cc2fda4b3eb2ea212d2f344dae9b7792136c9c5562
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
image
MD5: 49dd30b2490501bfc3e1135f63c75af1
SHA256: 3dde975bef15653e64134deee5e1dd5220720f5ecb8fc26adc38f63b6cb57226
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
image
MD5: 4029992f562b6f6ea0c36c62b9281530
SHA256: 5adbed9d75481c04641b70a78519079b1aa08150757ee14f7c84327356e73b1f
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
image
MD5: 63ba6bd9a52074ca0b96a158fda82724
SHA256: 86e144004efb160b3881955199d0e19a61d544b61da37987378d5aa145922440
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
image
MD5: 041ae4440193c9bb4cecfa0fff16053a
SHA256: 2c9c5a6210f61ae37d5739e7f23a12d75c804ea78d273efd06477f96996e47e5
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
image
MD5: ccddb63c2d739cd976adff0fe1b771a5
SHA256: 7cd7e6f219cf7119bc8048bdea48ba9882b08bd2bb4fbbbd788ed5e8d083eb28
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
image
MD5: bb8f1a4b815e5b5f9d9605b25ba57f8c
SHA256: ae2d4400e565d145254e34e17e88d7a6d3a717891354150d6c3846b4334b0bfe
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF252f78.TMP
text
MD5: 5d0447915df2cf3dc29f22a807895b95
SHA256: fa0b7182f9357a64d22a31e65db9eb800773949691811f8a8ac0d3bc3faec768
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
image
MD5: 31909ced370b72731143a99631d0e9d9
SHA256: 2e8938c98c069ac7aa671d06017da7407b58cd35445018db8015f08b7fc98c84
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
image
MD5: f65bd881574c9ab2ba66cb580f725d6d
SHA256: 04353bddf769dd9c4ef92537c2cc9b4d196ac395694922f81fee22dcc5011794
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
image
MD5: 373813b38b3003477b1eeae4175f8b46
SHA256: c765e4987cb07d81176d7b9684757d10504ec6edb7b16d81c358e1fc5c794817
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
image
MD5: 90f37d9566ae1e5d8c7046048ef2d163
SHA256: ec98997c22b759397fa6152406ff7d3542ce7337f9c8aa36f0093a134bbab166
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
image
MD5: 702dc49ffaaea13fd8b00e52dff75b6f
SHA256: e1ba94ce897761646dd2e7dc3cab5d84da5a576390aa42ab6bb5ee7297ffd13c
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
image
MD5: d3a4a618d8ceca7b0f0b4edb6acf1c32
SHA256: 6d1c61c97d0d24827499d8b1d4b963e70e689d0eda84dc688a7e4e01256233fa
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: 29f3f0d3eab6c876087a5b7194db1251
SHA256: 54380ed2483ebba4138d3fa3085eb96f306f4c0a67ccb7ff01867beed2186dd0
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF246ff1.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF246fa3.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: 8cf23cd60dc9687ad79cfe93501f481e
SHA256: 89a75f55cdd2c0d9625c088247de5c19a99d3d43a149e2abd4086708903ba3ce
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF246ec8.TMP
binary
MD5: 8cf23cd60dc9687ad79cfe93501f481e
SHA256: 89a75f55cdd2c0d9625c088247de5c19a99d3d43a149e2abd4086708903ba3ce
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\dd9e2fee-8b44-4b5e-a50e-eb34b9c587d1.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF246cb5.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF246c86.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF246c76.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF246c47.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF246c47.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\06d7c33a-d8ea-4a2e-8af5-3f1b2ae58bc3.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF246c18.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF246c18.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: 9543068b6751e1f3e11f91d72ee78d95
SHA256: d060ad21ae6e04cb58668caa52adfca573e018102cc07554d2ed3eae11ab7785

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
56
TCP/UDP connections
17
DNS requests
10
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2980 chrome.exe GET 200 145.14.144.29:80 http://neuromarketing.tk/npmiw5ld/wtuds/mail_to_friend/mb_payment/links_login.php?weight=1by0w2zn5tvqx0 US
html
shared
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/css/ouibounce.css FR
text
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/css/bootstrap.css FR
text
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/css/style.css FR
text
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/css/theme_c3b2nq.css FR
text
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/lib/backDay-de.js FR
text
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/news-top.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/asseenin.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/top-banner.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/janie.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/mid-image.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/2.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/code-step3.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/t1.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/t2.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/t3.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/t4.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/t5.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/side1.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/side2.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/side3.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/side4.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/side5.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/side6.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/side7.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/checkmark.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/codeside-step1.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/codeside-step2.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/codeside-step3.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/code-step1.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/code-step2.png FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/lewis.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/tanya.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/jenni.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/cash.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/katy.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/amanda.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/julie.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/sarah.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/kirs.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/celia.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/alanna.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/alice.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/mark.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/ashley.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/hick.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/brit.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/shel.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/molly.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/jill.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/jenna.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/laura.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/sara.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/silver.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/got.jpg FR
image
malicious
2980 chrome.exe GET 200 213.186.33.4:80 http://atelier-accordeon.com/libraries/simplepie/html/images/favicon.ico FR
image
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2980 chrome.exe 216.58.205.227:443 Google Inc. US whitelisted
2980 chrome.exe 216.58.210.3:443 Google Inc. US whitelisted
2980 chrome.exe 145.14.144.29:80 Hostinger International Limited US shared
2980 chrome.exe 172.217.22.109:443 Google Inc. US whitelisted
2980 chrome.exe 213.186.33.4:80 OVH SAS FR malicious
2980 chrome.exe 104.20.68.46:443 Cloudflare Inc US shared
2980 chrome.exe 172.217.18.10:443 Google Inc. US whitelisted
2980 chrome.exe 172.217.23.163:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.gstatic.com 216.58.205.227
whitelisted
neuromarketing.tk 145.14.144.29
shared
clientservices.googleapis.com 216.58.210.3
whitelisted
accounts.google.com 172.217.22.109
shared
atelier-accordeon.com 213.186.33.4
malicious
cdn.000webhost.com 104.20.68.46
104.20.67.46
unknown
translate.googleapis.com 172.217.18.10
whitelisted
www.000webhost.com 104.20.68.46
104.20.67.46
shared
tradingtracker.net 104.27.133.38
104.27.132.38
suspicious
ssl.gstatic.com 172.217.23.163
whitelisted

Threats

PID Process Class Message
2980 chrome.exe Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain

Debug output strings

No debug info.