General Info

File name

852852.exe

Full analysis
https://app.any.run/tasks/1b3d8429-15fd-4e25-a669-d9efa194c447
Verdict
Malicious activity
Analysis date
3/14/2019, 09:29:12
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5

de0758cfb46627c0ac89266dea1ab40e

SHA1

77c3b0858235ffbff6b5f90442614a34a7594ec5

SHA256

673b6bb306a515555432467aa3287343a2617d95c7c5593400746c81afb547ff

SSDEEP

384:N8lWwOuP0WaJoG/4twp7buJvTEZl32VeEG4ZFrc:N8lWIs7/4bJbultEG4jI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
240 seconds
Additional time used
180 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • adwcleaner_7.3.exe (PID: 2584)
  • adwcleaner_7.3.exe (PID: 2452)
Loads the Task Scheduler DLL interface
  • adwcleaner_7.3.exe (PID: 2584)
Changes settings of System certificates
  • adwcleaner_7.3.exe (PID: 2584)
Executable content was dropped or overwritten
  • chrome.exe (PID: 2320)
Adds / modifies Windows certificates
  • adwcleaner_7.3.exe (PID: 2584)
Reads Environment values
  • adwcleaner_7.3.exe (PID: 2584)
Reads Internet Cache Settings
  • adwcleaner_7.3.exe (PID: 2584)
Reads Internet Cache Settings
  • chrome.exe (PID: 2320)
Application launched itself
  • chrome.exe (PID: 2320)
Dropped object may contain Bitcoin addresses
  • chrome.exe (PID: 2320)
Reads settings of System Certificates
  • chrome.exe (PID: 2320)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win64 Executable (generic) (64.6%)
.dll
|   Win32 Dynamic Link Library (generic) (15.4%)
.exe
|   Win32 Executable (generic) (10.5%)
.exe
|   Generic Win/DOS Executable (4.6%)
.exe
|   DOS Executable Generic (4.6%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:03:29 16:34:03+02:00
PEType:
PE32
LinkerVersion:
8
CodeSize:
17920
InitializedDataSize:
512
UninitializedDataSize:
null
EntryPoint:
0x650a
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
29-Mar-2018 14:34:03
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000080
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
2
Time date stamp:
29-Mar-2018 14:34:03
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00002000 0x00004548 0x00004600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.9829
.reloc 0x00008000 0x0000000C 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 0.0776332
Resources

No resources.

Imports
    mscoree.dll

Exports

    No exports.

Screenshots

Processes

Total processes
46
Monitored processes
13
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start drop and start drop and start 852852.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs adwcleaner_7.3.exe no specs adwcleaner_7.3.exe chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2940
CMD
"C:\Users\admin\Desktop\852852.exe"
Path
C:\Users\admin\Desktop\852852.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\852852.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll

PID
2320
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\users\admin\downloads\adwcleaner_7.3.exe
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\wshqos.dll

PID
3132
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f1e00b0,0x6f1e00c0,0x6f1e00cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2296
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2300 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
3484
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=960,1511454573175469007,15083455750476500150,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=D8E1EB0B4DC65E55EAA9CB7690D73A8C --mojo-platform-channel-handle=1012 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
296
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,1511454573175469007,15083455750476500150,131072 --enable-features=PasswordImport --service-pipe-token=66BFFBA0F52863CDE4FF863B4AA8F8EB --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=66BFFBA0F52863CDE4FF863B4AA8F8EB --renderer-client-id=5 --mojo-platform-channel-handle=1912 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2688
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,1511454573175469007,15083455750476500150,131072 --enable-features=PasswordImport --service-pipe-token=10A02B0D9735EDEDD34D36A873F46C70 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10A02B0D9735EDEDD34D36A873F46C70 --renderer-client-id=3 --mojo-platform-channel-handle=2152 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2904
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,1511454573175469007,15083455750476500150,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=ED1E75264694463A813CE9944B41C4F9 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=ED1E75264694463A813CE9944B41C4F9 --renderer-client-id=6 --mojo-platform-channel-handle=3532 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3968
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,1511454573175469007,15083455750476500150,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=141630598065B29DD1A665DC95AD809B --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=141630598065B29DD1A665DC95AD809B --renderer-client-id=7 --mojo-platform-channel-handle=3568 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3872
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,1511454573175469007,15083455750476500150,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=F9AFA24A7325BB529E51BBC974ABD937 --mojo-platform-channel-handle=3888 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2452
CMD
"C:\Users\admin\Downloads\adwcleaner_7.3.exe"
Path
C:\Users\admin\Downloads\adwcleaner_7.3.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Malwarebytes
Description
AdwCleaner
Version
7.3.0.0
Modules
Image
c:\users\admin\downloads\adwcleaner_7.3.exe
c:\systemroot\system32\ntdll.dll

PID
2584
CMD
"C:\Users\admin\Downloads\adwcleaner_7.3.exe"
Path
C:\Users\admin\Downloads\adwcleaner_7.3.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Malwarebytes
Description
AdwCleaner
Version
7.3.0.0
Modules
Image
c:\users\admin\downloads\adwcleaner_7.3.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\mstask.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\gameux.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\wer.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\users\admin\appdata\roaming\mozilla\firefox\profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.dll
c:\windows\system32\macromed\flash\npswf32_26_0_0_131.dll
c:\program files\java\jre1.8.0_92\bin\dtplugin\npdeployjava1.dll
c:\program files\java\jre1.8.0_92\bin\plugin2\npjp2.dll
c:\program files\microsoft office\office14\npauthz.dll
c:\program files\microsoft office\office14\npspwrap.dll
c:\program files\google\update\1.3.33.17\npgoogleupdate3.dll
c:\program files\videolan\vlc\npvlc.dll
c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll

PID
3564
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,1511454573175469007,15083455750476500150,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=B35F1A1FDD1D8A9EEE9DE421DD85604A --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=B35F1A1FDD1D8A9EEE9DE421DD85604A --renderer-client-id=9 --mojo-platform-channel-handle=4012 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
1184
Read events
1108
Write events
75
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2320
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2320
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2320
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2320
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2320
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2320
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13197025789017000
2320
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307030004000E0008001D003800E00100000000
2320
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
2296
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2320-13197025788157625
259
2296
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2320-13197025788157625
0
2584
adwcleaner_7.3.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2584
adwcleaner_7.3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
Blob
040000000100000010000000410352DC0FF7501B16F0028EBA6F45C50F00000001000000140000005BCAA1C2780F0BCB5A90770451D96F38963F012D090000000100000042000000304006082B0601050507030406082B0601050507030106082B0601050507030206082B06010505070308060A2B0601040182370A0304060A2B0601040182370A030C6200000001000000200000000687260331A72403D909F105E69BCF0D32E1BD2493FFC6D9206D11BCD67707390B000000010000001E000000440053005400200052006F006F0074002000430041002000580033000000140000000100000014000000C4A7B1A47B2C71FADBE14B9075FFC415608589101D00000001000000100000004558D512EECB27464920897DE7B66053030000000100000014000000DAC9024F54D8F6DF94935FB1732638CA6AD77C131900000001000000100000006CF252FEC3E8F20996DE5D4DD9AEF42420000000010000004E0300003082034A30820232A003020102021044AFB080D6A327BA893039862EF8406B300D06092A864886F70D0101050500303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F74204341205833301E170D3030303933303231313231395A170D3231303933303134303131355A303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F7420434120583330820122300D06092A864886F70D01010105000382010F003082010A0282010100DFAFE99750088357B4CC6265F69082ECC7D32C6B30CA5BECD9C37DC740C118148BE0E83376492AE33F214993AC4E0EAF3E48CB65EEFCD3210F65D22AD9328F8CE5F777B0127BB595C089A3A9BAED732E7A0C063283A27E8A1430CD11A0E12A38B9790A31FD50BD8065DFB7516383C8E28861EA4B6181EC526BB9A2E24B1A289F48A39E0CDA098E3E172E1EDD20DF5BC62A8AAB2EBD70ADC50B1A25907472C57B6AAB34D63089FFE568137B540BC8D6AEEC5A9C921E3D64B38CC6DFBFC94170EC1672D526EC38553943D0FCFD185C40F197EBD59A9B8D1DBADA25B9C6D8DFC115023AABDA6EF13E2EF55C089C3CD68369E4109B192AB62957E3E53D9B9FF0025D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E04160414C4A7B1A47B2C71FADBE14B9075FFC41560858910300D06092A864886F70D01010505000382010100A31A2C9B17005CA91EEE2866373ABF83C73F4BC309A095205DE3D95944D23E0D3EBD8A4BA0741FCE10829C741A1D7E981ADDCB134BB32044E491E9CCFC7DA5DB6AE5FEE6FDE04EDDB7003AB57049AFF2E5EB02F1D1028B19CB943A5E48C4181E58195F1E025AF00CF1B1ADA9DC59868B6EE991F586CAFAB96633AA595BCEE2A7167347CB2BCC99B03748CFE3564BF5CF0F0C723287C6F044BB53726D43F526489A5267B758ABFE67767178DB0DA256141339243185A2A8025A3047E1DD5007BC02099000EB6463609B16BC88C912E6D27D918BF93D328D65B4E97CB15776EAC5B62839BF15651CC8F677966A0A8D770BD8910B048E07DB29B60AEE9D82353510

Files activity

Executable files
3
Suspicious files
54
Text files
69
Unknown types
10

Dropped files

PID
Process
Filename
Type
2320
chrome.exe
C:\Users\admin\Downloads\adwcleaner_7.3.exe
executable
MD5: d96bff3d1838cd925fa443b9807b1ad2
SHA256: 6d729885daf7bcd2648df37adda4e7cc89708cc37455784a6c50a8d6021315a0
2320
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 300389.crdownload
executable
MD5: 543a05214bb85735041dbab490426c1d
SHA256: 40737655a359fd3d980f6fcbff84edd6359774c7963cf852b44e94608447a740
2320
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 300389.crdownload
executable
MD5: d96bff3d1838cd925fa443b9807b1ad2
SHA256: 6d729885daf7bcd2648df37adda4e7cc89708cc37455784a6c50a8d6021315a0
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\19fbaa28-5aa8-4e03-9bbe-ef1d2169f871.tmp
––
MD5:  ––
SHA256:  ––
2584
adwcleaner_7.3.exe
C:\Users\admin\AppData\Local\Temp\tmp2584aaaaaa
––
MD5:  ––
SHA256:  ––
2584
adwcleaner_7.3.exe
C:\AdwCleaner\settings
binary
MD5: 7b498adefc70ff81610cb0a0d3510027
SHA256: 30584ae9a71eb281b46da76069f4daa810274c7ca42f902558fec45b61816456
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
binary
MD5: 0644290188b89a8c187587a5b70f63c5
SHA256: ebbcf9df28e28b1e0099b830e2c2467094b532e8bf1360969d65388ac1849721
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: 1974e4b8ec4169ba7d72e2a5bed2162b
SHA256: dec3a402bdca81256c2f217dd167261636c61cfe1c882439698b7a38e415a41b
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: 3517fdd52a0fb3d7a61d12cb4d427adc
SHA256: 4e0de9ea72a6d7f7a2e21bd3e103aff630efb54f6376bb6d559aaa446876afc4
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs
sqlite
MD5: e657ddcb6ef420e2267c0b6ff97eb2f7
SHA256: ab34064d95d5da46ddaa3d87b1560f2cef1480f6d5a6db9e69b3c78940df75c4
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: 62abba84cb558e842b770a7fe504e320
SHA256: 04cc620a8a5a4ce5bc1af4fc1773c9eaa3b851c74d105fbaef1550a8c822587b
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: c376da64aef099f107ea8787ee945a91
SHA256: bd0034a3e178bf971d15bddc0ccff358bd128e4b519598ecf569d0cd2cf31689
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF1b583e.TMP
text
MD5: c376da64aef099f107ea8787ee945a91
SHA256: bd0034a3e178bf971d15bddc0ccff358bd128e4b519598ecf569d0cd2cf31689
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: d932a31a0fb91833edb0325c6b434b34
SHA256: 8049465356163740d6e4c0bb56b9dcaa90149631646fa6bb56d01de223bd1f8e
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e2560d67-acbc-4baf-9c97-b4d98288f8cb.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: ed3d1c71e33729de7febf8fe5e6ec916
SHA256: 69c86a85adc870f4b414d529894f622580db21bbefb5e2c4da4ba14141c7b1fc
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF1b57c1.TMP
binary
MD5: 127e77ec9ee7ecbcf56669984945a0fe
SHA256: d3843c7783a2b648a94814f99fd58df0ebda670d259a6a26188854cb008303d3
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF1b57c1.TMP
binary
MD5: 3fa3775e5617c6423af6052a74c2b6c2
SHA256: ee3b84c15790a3e666115f2f4d1099083a5d8131174078d7b6283a26e2f91d58
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1b57c1.TMP
text
MD5: 342b632bc5d1b0915e98a4a47821b9f8
SHA256: e7c5151764e5925056eb40c3648250b6b3b91052fb43ad0e4ada012fb148b89f
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
sqlite
MD5: cfefa3866f8f26db1ee92f29515feddf
SHA256: 67cb413d5a30b057e58e8535cd7324fb6aad410ee5f0f725ec84e340571ced0d
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
binary
MD5: ceb622987532ae8783d1d19ee817ac6d
SHA256: a025c4ab97404b7cd1468d4e09a96f8b2b844d3e2b07587f272a8481ba0fef11
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: 4747f88599fa1a6459d80a39109a34c4
SHA256: fea3d2f2c16027c98d54b1e0795ca58276de9e4ad54189f586b523ef9a445ac8
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
binary
MD5: 127e77ec9ee7ecbcf56669984945a0fe
SHA256: d3843c7783a2b648a94814f99fd58df0ebda670d259a6a26188854cb008303d3
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: 1dd10b873fd6ad20cf44cdac6e28091d
SHA256: e744e83e36b32564b1e9aa76efee8d0e1d4ca6f067bd7a8807b0575fce887b88
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: 3fa3775e5617c6423af6052a74c2b6c2
SHA256: ee3b84c15790a3e666115f2f4d1099083a5d8131174078d7b6283a26e2f91d58
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
sqlite
MD5: 637205a69cb5e06a37d926c2a49bf0b0
SHA256: 909d5fb467322dafb4c3f5821db100cb75f6d683fb00059957f00d3750075b74
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 342b632bc5d1b0915e98a4a47821b9f8
SHA256: e7c5151764e5925056eb40c3648250b6b3b91052fb43ad0e4ada012fb148b89f
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
text
MD5: d3c2dda4abfc15962b829bb34fd69b98
SHA256: 53f07ca37e8cbde0a5e8a43c487b44655431d0eb4bed68c55744bde54010bb74
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: e12a354c94b1d9d525e465955640a5e9
SHA256: 899c9ea237e3799ea6a69ffc52eba097a4e2171ac22135c6668f5359c139cbd5
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
binary
MD5: ae9bcf932c2daf214e2820cb732ac081
SHA256: 9a9df7aa72277121b483f591306f6d3b45c4f92cdef6f8b6666fe323d6d9d746
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\0dc01c6f-85da-4b21-b345-cbf88f00b76c.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: a68be52f6038d454070b723f01732438
SHA256: b90a6362def702342fc7a07388a8ee86a3636afe82a73b30fc028c2ff3b6f864
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1b5773.TMP
text
MD5: a68be52f6038d454070b723f01732438
SHA256: b90a6362def702342fc7a07388a8ee86a3636afe82a73b30fc028c2ff3b6f864
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1b5773.TMP
text
MD5: 342b632bc5d1b0915e98a4a47821b9f8
SHA256: e7c5151764e5925056eb40c3648250b6b3b91052fb43ad0e4ada012fb148b89f
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\fdc9e962-b269-4a65-a9d2-844755ea1ce9.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: 8bc7734bf815daa8dc28a07679b1b7a4
SHA256: 03b5d8c58c81952665061aab7a1136bb27fe0f0c013f63b47248e8ae5aee399f
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\450f0395-eb53-422e-acda-9ddc8f175dbc.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 9409bab446b7204c6235dfddd6066e89
SHA256: 68c1cb50ec24ac5a1dbdc7d9c845e94a1e9d60f312cf92a694f0791cd7ea105e
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: 47ab0d55aae6ac7f94918938e61a7e2f
SHA256: 78c5aa71435df107a847269779c86bc1481025b6271e269a25eac8f23a2e794c
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: 876f84bcf5fb6eac2040d836cabd6de9
SHA256: 063d14e92786a1f66638201e50393955062ef79eeec85fb973aba2e0eb490e06
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
text
MD5: 4fae7924ca91eadafed35713762ca471
SHA256: a680f6651d43a59fcb44480e67c09ec1a80f95b1ade6ec09132b1e2667ed8043
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: d1e669d5047a1c5162bc884f6dd98e13
SHA256: e57c233659e5f51a1e6f7740bf199b27b6003c7ae12fa144854db4953fcd7216
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG
text
MD5: c3974003e1772eea1d0d0aae2f45fa75
SHA256: 10c95c16c5a19b76ba5e7b1138844595556f596bb67bcc13f4752395471363cb
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: fbadecdcc72237286af0223fc2dcbf39
SHA256: 99981e1a309149172f32e28abce0ca3f26b284a993dbc567c5cabc674e4339f6
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
sqlite
MD5: e8a751faa73b8e3fd81fc9c548d1edaf
SHA256: 5e3e478ed6602164abf01848e20bbf06dd2d62b8228a7efc0a3b44493c0b6897
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
sqlite
MD5: 102d90da137d8b7c4df6d023e01511e4
SHA256: a1c70d6985dbeea721c11c32f9ca57a27b232f73a9851b2176f480814bd7cf5e
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: a5ca3db6ad2ccc34599ea2d4f3c05712
SHA256: cb73b4f48b0c5999177ace58eaf895f2350ffd8a10d65fa10e16de30a7231032
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: 3368d93f70e0cd33275d58596aa06d25
SHA256: f6dd1b10fa476ffc423d0bbbd1750abd9175dd55f953caec868aff3e0956203b
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 54ad1e10b6b57bc9b9eed994e581dd5f
SHA256: 24d2a7516de320c3e91b1513cad94ce5ce2b964bbb8a3d1f66e8083b3205b19c
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: dbe5a0a6410ad6ac681ff79914c29911
SHA256: 95c8d8f350908ed8802ee677f8babd2d102892862ca5504290837d934f8b8ff6
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: 6b28c03b082019730d9b92099fa29cc6
SHA256: ae6ff972c7c746e28597a7617e42708ee86b85c5f2ad3d3e622f2aba507a390a
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 458290a7a76131cf2080bab98d254b93
SHA256: 12887927a7c377475c24b7ec3661869aa41e41064aa53b5f9277cf415e4ef17b
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF1b50ad.TMP
text
MD5: 458290a7a76131cf2080bab98d254b93
SHA256: 12887927a7c377475c24b7ec3661869aa41e41064aa53b5f9277cf415e4ef17b
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5346d02d-bd34-4986-9650-44f749e8f31e.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF1b507e.TMP
binary
MD5: 045b706fdcfed31b1f933486fcad0f79
SHA256: f1e84f33c8df4fab51256aad9af1163a4cb801a72a4f13276ba7296bc72b8665
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 045b706fdcfed31b1f933486fcad0f79
SHA256: f1e84f33c8df4fab51256aad9af1163a4cb801a72a4f13276ba7296bc72b8665
3132
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: 9543068b6751e1f3e11f91d72ee78d95
SHA256: d060ad21ae6e04cb58668caa52adfca573e018102cc07554d2ed3eae11ab7785
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 66623fcfd9cade09228ffdcda3a3a7bb
SHA256: de6027e873880d53f03345932ca7d578c7c9ed44e8c05a2adc4ea19b93e75668
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1b506e.TMP
text
MD5: 66623fcfd9cade09228ffdcda3a3a7bb
SHA256: de6027e873880d53f03345932ca7d578c7c9ed44e8c05a2adc4ea19b93e75668
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\38f9fe76-aac3-4bb8-ad36-4d0d5193254b.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 338e10d60c6e27d584afb288682c0cd5
SHA256: 2b71b83ce493c367d268f988b6ae155d6800c209a5eff28967356346abef5933
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1b4fe1.TMP
text
MD5: 338e10d60c6e27d584afb288682c0cd5
SHA256: 2b71b83ce493c367d268f988b6ae155d6800c209a5eff28967356346abef5933
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ef0962f2-f7f7-445f-934f-fb38f08fdccb.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: d876df84940ab4c69ef40b6e7201556a
SHA256: 514bc4b15f6a803b3e4aaf7d1f053d5e765f1ded62bda506b9f6dd5cbfc53ffb
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF1b46aa.TMP
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\c65a467a-4a5c-47e3-aa63-ac1687398513.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\03504f60-c9a9-41e6-80a2-5a2f8f95d193.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\Downloads\adwcleaner_7.3.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log
binary
MD5: 991641dbcc63a7eacba784846f16492f
SHA256: d402a1e89776f26565012ebd063638b57e09e58efc77105415906eebafc0fdd0
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG
text
MD5: 1e3b7027700f1f902ffe1dd0b54e08e5
SHA256: f75887bf6d6797f573112162a94a7984d438981137586c0cbb9b013affd991c4
2584
adwcleaner_7.3.exe
C:\AdwCleaner\settings
binary
MD5: f27b7bcdd120aa682f214d8d8e5e8669
SHA256: 869d7e3e6f503fe546617d505b176635e56d3714b99dca9022ec2f049b92ab16
2584
adwcleaner_7.3.exe
C:\AdwCleaner\settings
binary
MD5: fc78499b3c0cacde0972d97009969524
SHA256: aa9366b54861359c4ecb984181c1e9ff8b0d9bdcdd80ac12387c2fc9bc205d5d
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: 69905120ae1fd36398d3a8df83146f4b
SHA256: 789275d3cc49794d42e1ac2ae086536bca5fbd5e8095323de3e9c2c5fc948f27
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF1b4216.TMP
binary
MD5: 69905120ae1fd36398d3a8df83146f4b
SHA256: 789275d3cc49794d42e1ac2ae086536bca5fbd5e8095323de3e9c2c5fc948f27
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
compressed
MD5: b4e236a86c8ca201e95253f6bf886c16
SHA256: c88d1054aae7188f2dd45b911511219187f7764644fae5c6a210703c995a9b8d
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
binary
MD5: d52626562d9ad9ab4b253d404d4bf76a
SHA256: 4ca3ae272b06b6ff6f5bdae7589355c919d0f302e197aad2ace49c255462e111
2584
adwcleaner_7.3.exe
C:\AdwCleaner\Logs\AdwCleaner[S00].txt
text
MD5: a0add5bd5ce7038441f01cd7778b877d
SHA256: 1531c700be888e37ac11ef23c2eb339b1253416acf6be9666e1da0d145b5f0c7
2320
chrome.exe
C:\Users\admin\Downloads\4cafbce5-3b3b-4cd4-a34a-29108c43bf34.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
binary
MD5: 436a1e08885a35f235e9df61d2a42d7a
SHA256: 004e97af16de076424da01db8e523b8fd848a7051386ff55417a3a431d014817
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF1b34f7.TMP
binary
MD5: 436a1e08885a35f235e9df61d2a42d7a
SHA256: 004e97af16de076424da01db8e523b8fd848a7051386ff55417a3a431d014817
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\56f62616-daba-4864-8c55-329c5a992bfa.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
compressed
MD5: 577933043c324d12f774e7e87e4a9304
SHA256: e445c41d675a13516f5870ce882b9d03d900c6ae71fad092ec81e9e4435620c3
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF1b313e.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
compressed
MD5: b267e0beaf9f19bd27bb9e75c8b3a365
SHA256: 6a95e159840ea5ca5885ff4ecf01c5d3e7ec56b193d8373237f580536a96eaf4
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
image
MD5: 0515236318ac3251ff39eb8372a0c129
SHA256: 228cb9c602929e1a2fb17408fe812af3599ab9f734d0b7c499ab79e15c5b8dd4
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
binary
MD5: 14d7b04d2b8a81d5b23d1eb85d7735d3
SHA256: 1e90a80662cd856b29c5880f3f914971215ac2ceb75e90d9354567afbb69ec0b
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\1cce99c0daebf9c6_0
binary
MD5: eee8956d72479a98b5ca9fc86254fddc
SHA256: c6f4cae11b4c3951a80fc71f85a64f7a7acef7ef497f85fc2d411f4e6935ce64
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\40bba07c05914591_0
binary
MD5: 8ea8e30bc09ac010b63eab85f8d99eb5
SHA256: d1531c37b742fc40e1fcd4359ed71d939c9220ecc53fc9c63192c2c5007ad99e
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG.old
text
MD5: 65e3a899ee20811d157b572ffa34a607
SHA256: fdbc070214092df54b10dc06b2a40f0cc30ad00d410ba67de9f98a3d53f08a75
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF1b2e21.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\0373d45519c142fc_0
binary
MD5: fc26fa5255145d2fef17aa5c4fec4aa0
SHA256: 8c91e9d7397f476d869e6434657920d2c2d8cb2f87f4705ce72cb798af62a72c
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: 20d2a9236d1415ce02fb01c699b3c158
SHA256: 0ebfa1b5f9ae1b0bd6762dbe123ab9fe0844bc1f5a43db60c59b143e1c7d86d6
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF1b2d94.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\50da1ec5d44a313d_0
binary
MD5: 95d5dbc6e1a6df14529d714c83d3c0bb
SHA256: 7f88d74314bccd66a0954b9378a36b68bef98267adfd9ad09a6d836f642196ef
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\3a41e250d088c297_0
binary
MD5: becfa9c43b42126f4c5951338b142cee
SHA256: ea4b6b3c725cabd80ad41ed2bdfae6b88a2cfdd483b6855e0aa8b389b02776a4
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF1b2d36.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF1b2cf8.TMP
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
binary
MD5: 0f871fc4b4f79df7ffa86348e6193f73
SHA256: 3e13b8d6653e3c4631a19424ecbfda9d0420424847a6287d42c4d0d46785d2cf
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF1b2caa.TMP
binary
MD5: bee61425161cac87ddae80f41250cdf3
SHA256: 2f0c33803f8d4d1ea0d5c1558d3e1f0f39a9edb6d77184ddad984114ff073d53
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: bee61425161cac87ddae80f41250cdf3
SHA256: 2f0c33803f8d4d1ea0d5c1558d3e1f0f39a9edb6d77184ddad984114ff073d53
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f3af0520-f51f-4812-b4e4-474f89381509.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF1b2a1a.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF1b29cb.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF1b29bc.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF1b299d.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF1b298d.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\30aa9273-72ae-49d7-844b-b33beac15f8e.tmp
––
MD5:  ––
SHA256:  ––
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF1b296e.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF1b296e.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
2320
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
2584
adwcleaner_7.3.exe
C:\AdwCleaner\settings
binary
MD5: f6cbc1d40b1cfd4ced05db7055ab150d
SHA256: 3493f1a6fb70b8da1ed42a2b0bf9b9a0efeafda5f5daaf0d1cf9f554c78d72fb

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
26
DNS requests
17
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
2320 chrome.exe 216.58.208.35:443 Google Inc. US whitelisted
2320 chrome.exe 216.58.207.67:443 Google Inc. US whitelisted
2320 chrome.exe 172.217.23.131:443 Google Inc. US whitelisted
2320 chrome.exe 172.217.23.170:443 Google Inc. US whitelisted
2320 chrome.exe 172.217.18.13:443 Google Inc. US whitelisted
2320 chrome.exe 216.58.207.35:443 Google Inc. US whitelisted
2320 chrome.exe 216.58.207.46:443 Google Inc. US whitelisted
2320 chrome.exe 128.140.224.121:443 T-Mobile Czech Republic a.s. RO unknown
2320 chrome.exe 216.58.210.4:443 Google Inc. US whitelisted
2320 chrome.exe 172.217.22.35:443 Google Inc. US whitelisted
2320 chrome.exe 216.58.205.234:443 Google Inc. US whitelisted
2320 chrome.exe 172.217.21.195:443 Google Inc. US whitelisted
2320 chrome.exe 172.217.18.14:443 Google Inc. US whitelisted
2584 adwcleaner_7.3.exe 23.38.53.212:443 Akamai International B.V. NL whitelisted
2584 adwcleaner_7.3.exe 51.15.213.27:443 Online S.a.s. FR unknown
2584 adwcleaner_7.3.exe 54.200.45.65:443 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
kawaja.hopto.org No response malicious
www.gstatic.com 216.58.208.35
whitelisted
clientservices.googleapis.com 172.217.23.131
whitelisted
www.google.de 216.58.207.67
whitelisted
safebrowsing.googleapis.com 172.217.23.170
whitelisted
accounts.google.com 172.217.18.13
whitelisted
ssl.gstatic.com 216.58.207.35
whitelisted
apis.google.com 216.58.207.46
whitelisted
softpedia-secure-download.com 128.140.224.121
unknown
www.google.com 216.58.210.4
whitelisted
www.google.lv 172.217.22.35
whitelisted
fonts.googleapis.com 216.58.205.234
whitelisted
fonts.gstatic.com 172.217.21.195
whitelisted
sb-ssl.google.com 172.217.18.14
whitelisted
adwcleaner.malwarebytes.com 23.38.53.212
whitelisted
telemetry-01.adwc.fr33tux.org 51.15.213.27
unknown
telemetry.malwarebytes.com 54.200.45.65
52.25.65.145
52.88.181.175
whitelisted

Threats

No threats detected.

Debug output strings

Process Message
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner
adwcleaner_7.3.exe [Application] Closing AdwCleaner