General Info

URL

http://xn-----clcb5aki4ab6afi7g.xn--p1ai/med.microsoft.net/cha/uat/abc

Full analysis
https://app.any.run/tasks/9652ec6a-e97d-4563-a673-0734b21dc44e
Verdict
Malicious activity
Analysis date
2/11/2019, 11:08:07
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Application launched itself
  • chrome.exe (PID: 3000)
Reads settings of System Certificates
  • chrome.exe (PID: 3000)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
39
Monitored processes
10
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3000
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://xn-----clcb5aki4ab6afi7g.xn--p1ai/med.microsoft.net/cha/uat/abc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\mf.dll
c:\windows\system32\shdocvw.dll

PID
3728
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f4300b0,0x6f4300c0,0x6f4300cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2956
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3004 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
1808
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=932,1271383365220138652,16944992696421106841,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=D047695F52D4E5A856185BA6D38AF85B --mojo-platform-channel-handle=928 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2692
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=932,1271383365220138652,16944992696421106841,131072 --enable-features=PasswordImport --service-pipe-token=6594FA022F0CF9BA49D6BA57F21202F0 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6594FA022F0CF9BA49D6BA57F21202F0 --renderer-client-id=4 --mojo-platform-channel-handle=1888 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3448
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=932,1271383365220138652,16944992696421106841,131072 --enable-features=PasswordImport --service-pipe-token=1C9CF2F27D76A879A500118763E4F912 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1C9CF2F27D76A879A500118763E4F912 --renderer-client-id=3 --mojo-platform-channel-handle=2120 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2120
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=932,1271383365220138652,16944992696421106841,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=CAAAF9FC1EFDAE0B1CF6CC8F20B06BBF --mojo-platform-channel-handle=3440 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
920
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=932,1271383365220138652,16944992696421106841,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=A3F204A9820D35E29FB3026E42123BBD --mojo-platform-channel-handle=2504 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
2984
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=932,1271383365220138652,16944992696421106841,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=0A7BBA1E6BF3A603D4E5D971CB8B443A --mojo-platform-channel-handle=512 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3684
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=932,1271383365220138652,16944992696421106841,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=4FE3384F4C1377402400474736188B0F --mojo-platform-channel-handle=608 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
515
Read events
452
Write events
61
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
3000
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3000
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3000
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3000
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
3000
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
3000
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
3000
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13194353304180875
3000
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
998DDFEEF1C1D401
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
FCDE240B66AD3E3A15FEC155A1CBEE30922E47A0497CB1C6C9FBBE48E9812095
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
D9F82EC69EB89577E9D500531EDFCED8DE4632DEC8E7321623F1BB66CAB45FD5
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
2AB20A6C40871D13BD79A5F233BB6C0E3BAED31FC11D9E97F2FCEC343D210E75
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
EC40BA36E184C308FBAB4E6DAC3E3450BB85755E1414A47364B5F5AB27F5C3F6
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
C9AECB6FF0ED0BEC897EBC510AC77F2CD37DC722A9E1C2D47CDD2AA78D52EB0D
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
414F6D0D35718FDE43E01C7B126A214F3F8A997B60166CD1C04FC956EE3AB41D
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
37A858BD3327FACA61D625B462EC605ED64E520E108B94F4C3325B757DB435C4
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
17F7787CEDB9B66B8D78F7E985DCA6E31DBA26B1F7D92176EDBEDAFB5838AEBC
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
9A0044B183822416E036FA2670FC5F085B3D015E358899EB0B24B5D6E5EEB39D
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
4993193CE4423145885F9ABC18100BF108CEE8C5E6E420E1B1A3AE4E978DC09F
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
34513BD3342730ECC75E00C7222AB5805989510A29989A305D31E1274AA0FBF3
3000
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
AD3C3970817528E3CE265BFF8C09998D9390AD61594B818A744E1BB63F6D5157
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3000-13194353303165250
259
920
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
0
Suspicious files
20
Text files
108
Unknown types
0

Dropped files

PID
Process
Filename
Type
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\4d3b5c66-a6b6-4414-828b-037c515bef8a.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF2581fd.TMP
text
MD5: 114a5074f30a041e17c53dfcc367bc5e
SHA256: d7e8dbfedd4a1029b0e1e1bd29d4f6d8d1352ca7ca036e946e123e269c7ca598
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF289a59.TMP
text
MD5: ae117d7318a54d6984a9eebdea80ea31
SHA256: be787b5f234ca359702657294fdc090eb462008b5c7605a7e444963742c5c897
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: ae117d7318a54d6984a9eebdea80ea31
SHA256: be787b5f234ca359702657294fdc090eb462008b5c7605a7e444963742c5c897
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ea07885d-eb93-4218-9716-741069a8ceda.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: d226383b17e076b95ff1db52a7be1ba0
SHA256: 39abbf2d0d8de4e053f226835d4a970b3f81792139376ba58776f82ba44605c9
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2894fa.TMP
text
MD5: d226383b17e076b95ff1db52a7be1ba0
SHA256: 39abbf2d0d8de4e053f226835d4a970b3f81792139376ba58776f82ba44605c9
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5eb5d75c-1477-426d-b928-2a67d783b278.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store
binary
MD5: 485ecfb9466a0bf1de4400472c4633a8
SHA256: 05cb3e49cb431f485f9bc7a5f219495d21d87b504e3573319a364e81628511e4
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store
binary
MD5: ec2997560da99328bdbbdc53587b8b8e
SHA256: 28f768b4e0bbd0aa97ac3a91387e4db665c933d4147a7e13da837603a10ce501
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store
binary
MD5: 23813c728e0fb98724190d33702b76e1
SHA256: a6932ab990e6676e256b1b4cfaaf295f6d6697889847708c7cfbb80cc75aceb3
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store
binary
MD5: e67fc69d87f6ca9a9c9a087d159cc0c2
SHA256: b6294ceeb5d0cd0092d05c224693fa4e909ed29076908985bdecad10ecffd808
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store
binary
MD5: 2419687c8ec2329d66c8ef2e12cc684f
SHA256: 06db4cadaaa78383fd667968d47a7692ac93dcbe0448e3016d7973a944acc77b
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store
binary
MD5: 79c1752be06359a58cd9b46d8426504a
SHA256: 25e4d9f729856753b833c5316142d81b408f7ba27d715f1a925098dd552131b1
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store_new
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store_new
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store_new
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store_new
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store
binary
MD5: 3cc99d37a785a70ba7d16545f3bd56c2
SHA256: 1e4f8732b0ad297814047105e40e45fdb7d00e7b2cc509d611bdf368c82d4ef0
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store_new
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store_new
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store
binary
MD5: 1c2feedce12a31c413506e5293216771
SHA256: 767c04f347728f41973cad3995512eb91f3c802e979034094b54fa3aca7e84b3
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store_new
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store
binary
MD5: c2214016031b74390562e798f6acb3bd
SHA256: 0fbcb586de04d475a11a421854241b6bb26e05d2d896ad8d96a796f31174ec33
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store_new
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store
binary
MD5: 0efa1399c2783b6a63c00a0944a354e5
SHA256: 86c04bdbbb82f40e4941a950ad04405e0374a228078ff94b40a72b3c7c234c4c
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store_new
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store
binary
MD5: 34c51a09f7d81365a13cce0fbcc514d4
SHA256: 549933556263a36323511cee9b2d71f881605107d708915c28118bcf0f1a0403
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store_new
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 546118fcbbd50e4367e495e19facb604
SHA256: c08f1059b686a29aca7a8502adbfadbe9115cf7e472240fc444d7156cacec78d
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF26a966.TMP
text
MD5: 546118fcbbd50e4367e495e19facb604
SHA256: c08f1059b686a29aca7a8502adbfadbe9115cf7e472240fc444d7156cacec78d
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\28b0ae28-403d-46e9-92ac-4fda28f48c66.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 0e81d033112c9aa7ffc6a977ade1a874
SHA256: f61fc5a4c2c6b1b8e7a4ad42a6daf2777f1f54a75946b1cc83b9300aae5ba832
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF26a8f9.TMP
text
MD5: 0e81d033112c9aa7ffc6a977ade1a874
SHA256: f61fc5a4c2c6b1b8e7a4ad42a6daf2777f1f54a75946b1cc83b9300aae5ba832
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\f75f2c84-c7a8-43fc-83b5-99266ff8162a.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 52b59312ce67748b39fafcad9cacabe2
SHA256: 294eb046c38a18939622d0b82d58e6370bf21d6b32f5102dce2a7ef8f3576a70
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF26a07d.TMP
text
MD5: 52b59312ce67748b39fafcad9cacabe2
SHA256: 294eb046c38a18939622d0b82d58e6370bf21d6b32f5102dce2a7ef8f3576a70
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ab4b3fbf-f217-4101-b3db-89bdc0f9ef88.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF2696c8.TMP
text
MD5: 427eca98266a2ff70e1f2831f0037502
SHA256: 49d7cbb13065351de107a44ad346e6c12de34a323d3429294880bc2305521f17
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 427eca98266a2ff70e1f2831f0037502
SHA256: 49d7cbb13065351de107a44ad346e6c12de34a323d3429294880bc2305521f17
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\644ac463-5e84-4f7a-b973-7220c866d01f.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 3f4071a54562be21c986d1fb28d10ae9
SHA256: 07ff02f5d97e324c4f32f26ee7fbacbd0051d32da8fcf64c3cfd28a531a7b8fc
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF265357.TMP
text
MD5: 3f4071a54562be21c986d1fb28d10ae9
SHA256: 07ff02f5d97e324c4f32f26ee7fbacbd0051d32da8fcf64c3cfd28a531a7b8fc
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\6b617572-03ca-4e72-89ab-43f3b901078a.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 31666570d3b787808624a244487d4a26
SHA256: 688dd22f3ab32895988defa007ae9e8fc2a1a2d30552207ae40c59307d0f5662
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF25e163.TMP
text
MD5: 31666570d3b787808624a244487d4a26
SHA256: 688dd22f3ab32895988defa007ae9e8fc2a1a2d30552207ae40c59307d0f5662
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\63211ad3-e1c5-44e3-8ccc-cd34eea4f42b.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF25e0f5.TMP
text
MD5: 3dcf3d0e395b24483cf09ab6adfea4f6
SHA256: e5694d2a9bb956407a5627f613cb1866e176c5fea15ac7ea11fb7bd3525e16af
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 3dcf3d0e395b24483cf09ab6adfea4f6
SHA256: e5694d2a9bb956407a5627f613cb1866e176c5fea15ac7ea11fb7bd3525e16af
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\874e4705-82e6-4aa4-86f5-374b50d577ae.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: b5e661dc889f87ea46dc65ad9ed2bc5e
SHA256: 832e29bf9cfea63d60a82420fc792df27e36054cd92bd93cd62733bbf1758c63
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF25d5ca.TMP
text
MD5: b5e661dc889f87ea46dc65ad9ed2bc5e
SHA256: 832e29bf9cfea63d60a82420fc792df27e36054cd92bd93cd62733bbf1758c63
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e9754de9-7fd3-49fa-ba3a-efc74283c435.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF25b801.TMP
text
MD5: e71f75f2ae651b93dabdb266b5f30660
SHA256: a60428fdbfda2022ff3f5febed24fbca4dbb763308899c9f48cbfcb50a562516
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: e71f75f2ae651b93dabdb266b5f30660
SHA256: a60428fdbfda2022ff3f5febed24fbca4dbb763308899c9f48cbfcb50a562516
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\b9c33f26-603b-4453-a3f6-96cd6bc84b9d.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: e89d27dcd8aea576bd012617e271174e
SHA256: 00355df7006394ff1bde001bf1ebad01d70f33576536c35d8bd92591f820b1e3
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF25b736.TMP
text
MD5: e89d27dcd8aea576bd012617e271174e
SHA256: 00355df7006394ff1bde001bf1ebad01d70f33576536c35d8bd92591f820b1e3
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\4975a728-6687-49c0-9397-2459a4691821.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF25ac97.TMP
text
MD5: 2a7274d263bbd1456b2482f92558fb63
SHA256: debfc8291fe79ab0e4be2265b5d08b0c9705bcf0a08cd781ea01b60cd985c00b
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 2a7274d263bbd1456b2482f92558fb63
SHA256: debfc8291fe79ab0e4be2265b5d08b0c9705bcf0a08cd781ea01b60cd985c00b
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\7bdc3546-f5c5-4289-968e-c90da4815e6d.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 114a5074f30a041e17c53dfcc367bc5e
SHA256: d7e8dbfedd4a1029b0e1e1bd29d4f6d8d1352ca7ca036e946e123e269c7ca598
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 1f8319c5fd4963c2dcbf8bd3e8cf55e1
SHA256: 994fc34a2259f10690361fdc1a7972e4ab8712914519984958c04430e4f4792e
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF28d500.TMP
text
MD5: 0e81d033112c9aa7ffc6a977ade1a874
SHA256: f61fc5a4c2c6b1b8e7a4ad42a6daf2777f1f54a75946b1cc83b9300aae5ba832
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2581fd.TMP
text
MD5: 1f8319c5fd4963c2dcbf8bd3e8cf55e1
SHA256: 994fc34a2259f10690361fdc1a7972e4ab8712914519984958c04430e4f4792e
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\c6b52178-b283-46fe-8c1a-5986bc7c5a87.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\38e2dec3-f72c-4d89-8add-16df72b015dd.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 8a499c9ce17a2e5aca40e19df3cab8ff
SHA256: 81a6fa3934c3b6c4d0cb4fed4b20196709d13dd1a4065389994c6efa30d3b28e
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF257eb1.TMP
text
MD5: 8a499c9ce17a2e5aca40e19df3cab8ff
SHA256: 81a6fa3934c3b6c4d0cb4fed4b20196709d13dd1a4065389994c6efa30d3b28e
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\8881da57-ed9c-436e-b09a-76565658d3e1.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 8d661853d13bed72820c53f930ed8b05
SHA256: 9a0a1512aa6ad35ba7c091242f6483650c6fd46395b58f752d14115a17c7aab4
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF257e15.TMP
text
MD5: 8d661853d13bed72820c53f930ed8b05
SHA256: 9a0a1512aa6ad35ba7c091242f6483650c6fd46395b58f752d14115a17c7aab4
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ae7d8deb-daa0-40b3-8bc3-ca066d6866b0.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
text
MD5: 322530275a6447b42e86b55bada9e89f
SHA256: eb4d3274a43857a7fb95f9520632ed8f566c61cba59b5c79bcea9b61eee31de8
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
text
MD5: 8ddcd8b46559486c5c65d91b1964f9b1
SHA256: 30953aa5d4726c71b4e633a258e82d3979243f4597973adfbe45f005d79bcc8b
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
binary
MD5: 021b8d293c14358bb37b18ba45792aa5
SHA256: 5b149d68659ebeab90f1116b8704a32dc240fbf85171bd4a4f70d57a3d8d4bb8
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF256156.TMP
text
MD5: 8ddcd8b46559486c5c65d91b1964f9b1
SHA256: 30953aa5d4726c71b4e633a258e82d3979243f4597973adfbe45f005d79bcc8b
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
text
MD5: b36272766fafe4f495f275ab24d055a4
SHA256: c6ed4b87e6b46abc8f08c947e4c78f8d4416b35ab63980b8314794cc43d0c365
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF256146.TMP
text
MD5: b36272766fafe4f495f275ab24d055a4
SHA256: c6ed4b87e6b46abc8f08c947e4c78f8d4416b35ab63980b8314794cc43d0c365
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF25584d.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 05ee1aecc58fa758876a550f56942af3
SHA256: ab181002d0b6f2507e2046f90bcd12eb84a777643e4147e4196d7321093b1627
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF253043.TMP
text
MD5: 05ee1aecc58fa758876a550f56942af3
SHA256: ab181002d0b6f2507e2046f90bcd12eb84a777643e4147e4196d7321093b1627
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\d7a4e5c1-07b5-4bf7-ae61-d3004a3fc074.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF250943.TMP
text
MD5: 489520332d56d5369534a946aac9fcea
SHA256: cb202d1a242f1b2d994477fa48b7b3b1e51de9306a1e3c734899121ed3bdd79e
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 489520332d56d5369534a946aac9fcea
SHA256: cb202d1a242f1b2d994477fa48b7b3b1e51de9306a1e3c734899121ed3bdd79e
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\fdfc21d1-5caf-468d-ae97-f096ef0eeac9.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF24d1b8.TMP
text
MD5: 8e2f6d541e4513e34f391a9f5a05a3b6
SHA256: 39800723f0f26375d0193a42bc982eb865c33f4be35e70b871c5b83555d8b264
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\6ffc5079-48a2-43b2-8c90-05f8c4f0d89e.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: d932a31a0fb91833edb0325c6b434b34
SHA256: 8049465356163740d6e4c0bb56b9dcaa90149631646fa6bb56d01de223bd1f8e
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: e6ac609ee26314476f8e9ac0b5b60432
SHA256: c9540fd75db7a3843d844eb1165a3275e1e60233a102de12a805a789c283abd6
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF249442.TMP
text
MD5: e6ac609ee26314476f8e9ac0b5b60432
SHA256: c9540fd75db7a3843d844eb1165a3275e1e60233a102de12a805a789c283abd6
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ea8f9373-d86b-4d9a-9284-7a1a4fb9b0e1.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2493d4.TMP
text
MD5: 9f47ea1f9b027c90067f6fc68b2e3392
SHA256: d776d5c270f0cac6c48a103c28010964b32cfb9c3114f3e7d30a79a7a8fb3259
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 9f47ea1f9b027c90067f6fc68b2e3392
SHA256: d776d5c270f0cac6c48a103c28010964b32cfb9c3114f3e7d30a79a7a8fb3259
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1b6543d3-35fa-437a-8261-c79a6504d58a.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 8e2f6d541e4513e34f391a9f5a05a3b6
SHA256: 39800723f0f26375d0193a42bc982eb865c33f4be35e70b871c5b83555d8b264
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF249348.TMP
text
MD5: 8e2f6d541e4513e34f391a9f5a05a3b6
SHA256: 39800723f0f26375d0193a42bc982eb865c33f4be35e70b871c5b83555d8b264
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\643de937-9f8f-4593-87b4-f8054e5c5502.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF247446.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF24711a.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF2470bc.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: 63fa580b1c723444e0704d9b18f91518
SHA256: 6e6851ea361f48786fff4cb758f19ec84828a8bd99f1d13b59ecdd7169183b56
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF246fd1.TMP
binary
MD5: 63fa580b1c723444e0704d9b18f91518
SHA256: 6e6851ea361f48786fff4cb758f19ec84828a8bd99f1d13b59ecdd7169183b56
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\930c58f7-7770-43af-993e-2bc99e96a570.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF246daf.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF246d41.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF246d41.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF246d22.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\83f5afba-a556-4815-9882-34b2f247f92e.tmp
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF246cf3.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF246cf3.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF246ce3.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: cf5f48f4c30f262b4dd300675972a298
SHA256: d393dc51038dd06c92a915b97132f7b5f20f26ab264c299c8d85a0ca8ff65832
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
––
MD5:  ––
SHA256:  ––
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
3728
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: 9543068b6751e1f3e11f91d72ee78d95
SHA256: d060ad21ae6e04cb58668caa52adfca573e018102cc07554d2ed3eae11ab7785

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
10
TCP/UDP connections
17
DNS requests
11
Threats
4

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3000 chrome.exe GET 403 78.110.50.104:80 http://xn-----clcb5aki4ab6afi7g.xn--p1ai/med.microsoft.net/cha/uat/abc RU
html
malicious
3000 chrome.exe GET 403 78.110.50.104:80 http://xn-----clcb5aki4ab6afi7g.xn--p1ai/favicon.ico RU
html
malicious
3000 chrome.exe GET 403 78.110.50.104:80 http://xn-----clcb5aki4ab6afi7g.xn--p1ai/med.microsoft.net/cha/uat/abc RU
html
malicious
3000 chrome.exe GET 403 78.110.50.104:80 http://xn-----clcb5aki4ab6afi7g.xn--p1ai/favicon.ico RU
html
malicious
3000 chrome.exe GET 403 78.110.50.104:80 http://xn-----clcb5aki4ab6afi7g.xn--p1ai/med.microsoft.net/cha/uat/ RU
html
malicious
3000 chrome.exe GET 403 78.110.50.104:80 http://xn-----clcb5aki4ab6afi7g.xn--p1ai/favicon.ico RU
html
malicious
3000 chrome.exe GET 403 78.110.50.104:80 http://xn-----clcb5aki4ab6afi7g.xn--p1ai/med.microsoft.net/cha/uat/56473829384576 RU
html
malicious
3000 chrome.exe GET 403 78.110.50.104:80 http://xn-----clcb5aki4ab6afi7g.xn--p1ai/favicon.ico RU
html
malicious
3000 chrome.exe GET 403 78.110.50.104:80 http://xn-----clcb5aki4ab6afi7g.xn--p1ai/ALRo_O6Ix-yihZlfeT/qea/=%20Payments/2019-02 RU
html
malicious
3000 chrome.exe GET 403 78.110.50.104:80 http://xn-----clcb5aki4ab6afi7g.xn--p1ai/favicon.ico RU
html
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3000 chrome.exe 216.58.210.3:443 Google Inc. US whitelisted
3000 chrome.exe 216.58.205.227:443 Google Inc. US whitelisted
3000 chrome.exe 172.217.22.109:443 Google Inc. US whitelisted
3000 chrome.exe 78.110.50.104:80 ZAO Hosting Telesystems RU malicious
3000 chrome.exe 172.217.23.163:443 Google Inc. US whitelisted
3000 chrome.exe 216.58.206.4:443 Google Inc. US whitelisted
3000 chrome.exe 172.217.16.195:443 Google Inc. US whitelisted
3000 chrome.exe 172.217.23.174:443 Google Inc. US whitelisted
3000 chrome.exe 216.58.207.74:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.gstatic.com 216.58.205.227
whitelisted
xn-----clcb5aki4ab6afi7g.xn--p1ai 78.110.50.104
malicious
clientservices.googleapis.com 216.58.210.3
whitelisted
accounts.google.com 172.217.22.109
shared
ssl.gstatic.com 172.217.23.163
whitelisted
www.google.com 216.58.206.4
whitelisted
www.google.de 172.217.23.163
whitelisted
www.google.at 172.217.16.195
whitelisted
clients1.google.com 172.217.23.174
whitelisted
safebrowsing.googleapis.com 216.58.207.74
whitelisted
clients2.google.com 172.217.23.174
whitelisted

Threats

PID Process Class Message
3000 chrome.exe Generic Protocol Command Decode SURICATA HTTP unable to match response to request
3000 chrome.exe Generic Protocol Command Decode SURICATA HTTP unable to match response to request
3000 chrome.exe Generic Protocol Command Decode SURICATA HTTP unable to match response to request
3000 chrome.exe Generic Protocol Command Decode SURICATA HTTP unable to match response to request

Debug output strings

No debug info.