General Info

URL

http://194.36.173.3/svchost.exe

Full analysis
https://app.any.run/tasks/aaf191da-4a66-4848-84cc-48e2b8fe55d0
Verdict
Malicious activity
Analysis date
6/17/2019, 02:32:05
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • svchost.exe (PID: 3172)
Downloads executable files from IP
  • chrome.exe (PID: 1440)
Downloads executable files from the Internet
  • chrome.exe (PID: 1440)
Creates executable files which already exist in Windows
  • chrome.exe (PID: 1440)
Executable content was dropped or overwritten
  • chrome.exe (PID: 1440)
Reads Internet Cache Settings
  • chrome.exe (PID: 1440)
Application launched itself
  • chrome.exe (PID: 1440)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
41
Monitored processes
9
Malicious processes
0
Suspicious processes
1

Behavior graph

+
drop and start start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs svchost.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1440
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://194.36.173.3/svchost.exe
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\users\admin\downloads\svchost.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
2888
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6c680f18,0x6c680f28,0x6c680f34
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
676
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1684 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_watcher.dll

PID
760
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=936,879739905061943554,18376928256344750665,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=3951898115158110506 --mojo-platform-channel-handle=956 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\73.0.3683.75\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libegl.dll

PID
1908
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,879739905061943554,18376928256344750665,131072 --enable-features=PasswordImport --service-pipe-token=927289249614774528 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=927289249614774528 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3536
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,879739905061943554,18376928256344750665,131072 --enable-features=PasswordImport --service-pipe-token=13326005839914048453 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13326005839914048453 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3156
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,879739905061943554,18376928256344750665,131072 --enable-features=PasswordImport --service-pipe-token=184379875556032298 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=184379875556032298 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3380
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=936,879739905061943554,18376928256344750665,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4397019567368613635 --mojo-platform-channel-handle=3992 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
3172
CMD
"C:\Users\admin\Downloads\svchost.exe"
Path
C:\Users\admin\Downloads\svchost.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
svchost
Version
1.0.0.0
Modules
Image
c:\users\admin\downloads\svchost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll

Registry activity

Total events
522
Read events
474
Write events
47
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
1440
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
1440
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
1440
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
1440
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
1440
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
1440
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13205205156229375
1440
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307060001001100000020003000760100000000
1440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
676
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
1440-13205205154041875
259
676
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
1440-13205205154041875
0

Files activity

Executable files
4
Suspicious files
21
Text files
57
Unknown types
6

Dropped files

PID
Process
Filename
Type
1440
chrome.exe
C:\Users\admin\Downloads\svchost.exe
executable
MD5: 1e698d5ff280bbadf5a7aeb639efa2cd
SHA256: 275ec66e7af231985c27836191332106d6f48ca50f22d71fb83d72ec85433a90
1440
chrome.exe
C:\Users\admin\Downloads\ac390399-4ed9-4dd8-b410-91f15ef1e8b8.tmp
executable
MD5: c4d238141a97eeb4f644632b9a806d8a
SHA256: f945c8ba70f63675711d03e1b53e9eb4ee75fd337b79f729c69ec3be71db5f4a
1440
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 88438.crdownload
executable
MD5: 1e698d5ff280bbadf5a7aeb639efa2cd
SHA256: 275ec66e7af231985c27836191332106d6f48ca50f22d71fb83d72ec85433a90
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: b53e667218fdd5e7313602b5127c3cff
SHA256: 320c712a7a713b6fce7f73f05b4bbc3cad928566e7a57adfa18d7f36a6e978fe
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF127519.TMP
text
MD5: 3e2c512c2f96f4a7659958d6a8fad20f
SHA256: b605fab9f782ac7fd125ac1bd06f61f9ae09bbf0b7b99bf4927a12f833f4dfb7
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF127528.TMP
text
MD5: 82ce2ddbbacbd2b5dd4379edc804c401
SHA256: 9a0d68b337393a13ccd06c294199dde50bc0bd1677739f8f6b44bba74423da6c
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 3e2c512c2f96f4a7659958d6a8fad20f
SHA256: b605fab9f782ac7fd125ac1bd06f61f9ae09bbf0b7b99bf4927a12f833f4dfb7
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\7361ce61-317b-41d5-85c0-6da2e213bd3b.tmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\b55af40d-cb00-4700-9bc7-017166fc4df8.tmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: ca75f670d6657ad4d30a2c6a58709652
SHA256: 11369352be4089156b889234de574cd4f8284f56a8e9920b4d3345863e8c204b
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\LOG
text
MD5: 5346bdddca4946c31380f6b7171409a6
SHA256: 4205a92339361cb24cafd52c5caf04f787ed083b659bd81b784c39713cd04b78
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF127519.TMP
text
MD5: 82ce2ddbbacbd2b5dd4379edc804c401
SHA256: 9a0d68b337393a13ccd06c294199dde50bc0bd1677739f8f6b44bba74423da6c
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000002
binary
MD5: 22bf0e81636b1b45051b138f48b3d148
SHA256: e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
sqlite
MD5: c71fbb1dcd2ebd822a42bfef1b09d486
SHA256: 640f56b9d345466d0f501287f4defd9530df6ee0b3198ddb53fc5273d996e1b7
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: 4d80c261cf739f77472928798c5bb34b
SHA256: 4442ba76a290205ecb9a654dc4676d340cd8312518d25debc707973375b594f1
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000003.log
binary
MD5: 0599d4fb730db4d58fd95f52c52f282f
SHA256: 27a58a69108b039c62837edf7003993617d04327f5440fc1d709f854983e2d5f
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\afe9a0c2-d4d5-446c-a50f-a00f771e82e2.tmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
sqlite
MD5: d5a38ff34170edfcd7b25fb782d54861
SHA256: 405ac0ee04ba36a174f79e9005e16b46d1691ad9cf05a5d951c8c18d5ce66db5
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: d1f604157b0745a40453afb93a6caa42
SHA256: 468456974fd86b33647942820dce7284879acfab9e9e6eca008e1fdcf9006fb5
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: 42b99d2c54448c260eeaaa09db1fb6d5
SHA256: b9d9549ae3041e4d16a473866186e57c1b0ae3cb4f92f1e41526010d90a3da88
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: 20787ec6c564a89f672bea11580eebcd
SHA256: bce87e3eae3337f4414de9d6aeda888ae2ed792cd536d44db04ea749c1d35384
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
binary
MD5: 7b9d83b5c23deefe0d14d3ddef7bca80
SHA256: 5994a59cacb04a9887b8291642056d5369167e275ec09539bc16b6d51e290ba1
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
binary
MD5: 1cd815ad2f2a7f78d9930e1161e828fd
SHA256: f1aa6f373879177d8154e4ae052174d8f0bc4cfbae3ecb3c1062e98daf3acb68
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: f6b9ba1e125f0a215e5bbb4c4f152f79
SHA256: c2ff18a0b8702886e5a230e0c44a79f0e6fe167f539c079b454b504b01eda55f
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: f339c94f410b581b7c23d533399fe6cf
SHA256: 580ff38eb051f2e4b665828b23322e9f40536ba4907857b65e24b914776e3689
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
text
MD5: 0a3c90d86ec2f068d31fbe8c53ed9d54
SHA256: 331c28c48b4924e5bbe1f6526bc95413d6a16b6832816d0873681778f9e10980
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000018
binary
MD5: dc50999a09b1e2f6e9350855136b865e
SHA256: f759b718dac41a2b27aca56179793c7063060dd8dc1bc051948866503c275b6f
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: f9a9c9f31f381c750c0b23fdd8704040
SHA256: a4d613a7e83491ee2856d49fe0e788e288f1738f70508bc59fc866ba00c7395e
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\16a9b9d9-60ed-4c48-bc19-7b466f6448d5.tmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites
sqlite
MD5: ce3615469d3c267d58692854cdfd2fe1
SHA256: 5d1274b58203d224625ef41c7d560835a9bd45415c60a87b0b2d1b3ca06ca794
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 89c00a8e4f5230432acea5e752ed1170
SHA256: 23550ad3798aff7c3fa2b3b06f807ff63af264f257945a8525ccaa6c07ac4bfe
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
text
MD5: 8464468e2f38164f46167e83e4d11019
SHA256: ed83dcdbe43cb3edc4445c865d13f5504ee0b133ac0cdae7cf77442feee932aa
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: 8ce3ee06cc2dde5d05c80701ad1d424e
SHA256: df6269e549e834052075631f31a325a4bfaf886582b636e70d6c4e93d84d586e
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: 43218b79e0493c0be3d1537c053c88e1
SHA256: 050987a7001ff834d9958cb2f4c1a44c8bf991fd81e57573496b79a08a72a0cc
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1269fd.TMP
text
MD5: 799f8a9a9e82aa402abee472a924d324
SHA256: 42fdd155624aeb2cabbc306607aeb4ab96f6dc9ca773c21b0d2404b13cda13c2
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 799f8a9a9e82aa402abee472a924d324
SHA256: 42fdd155624aeb2cabbc306607aeb4ab96f6dc9ca773c21b0d2404b13cda13c2
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\58819a6c-333e-4a13-a748-c544ea1494ae.tmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: f3aaf8fa9110fd37d9c6894837e0f679
SHA256: c63bc9336e5c949b1ff9346974d2d0abd3020922cb3ced4d7bd986a745a6f40c
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF12530a.TMP
binary
MD5: f3aaf8fa9110fd37d9c6894837e0f679
SHA256: c63bc9336e5c949b1ff9346974d2d0abd3020922cb3ced4d7bd986a745a6f40c
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\eb3368bb-053d-48b4-816c-dfe17ce63ed1.tmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 89bfe87202322d5d3aa3d6116b3a61b3
SHA256: 3e5c595b0689e2d2b9c13be7eae65fd370ebd5f3a36784eae951f03a7225f56a
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2cb68c64-a252-4e6d-84e5-966a646039fe.tmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\Downloads\svchost.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: e45f30285109b88e92440cf72f8f011b
SHA256: 51abc79b16733ce75a3feae79b13967bcd2df68037419e6acb5548f1d98be347
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF122dfd.TMP
text
MD5: b53e667218fdd5e7313602b5127c3cff
SHA256: 320c712a7a713b6fce7f73f05b4bbc3cad928566e7a57adfa18d7f36a6e978fe
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\26cbfe94-a037-44bf-9ac1-f8cf255b3689.tmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: b4b63bc8e93ca13fc7ec1fd42b620f60
SHA256: c77894d9bf1c5e1a465fe923834d83e71b4395b84e0760fa669462270817e5d6
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1229d7.TMP
text
MD5: b4b63bc8e93ca13fc7ec1fd42b620f60
SHA256: c77894d9bf1c5e1a465fe923834d83e71b4395b84e0760fa669462270817e5d6
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a8dc8144-c19d-4720-bdc0-961c776f3821.tmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 1a138a1569edd937c8ada3469eacae62
SHA256: b6e92060c4f9f35db0f5b554190991df7d9ed7c7856a86e782a3f6de8856f589
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF12290c.TMP
text
MD5: 1a138a1569edd937c8ada3469eacae62
SHA256: b6e92060c4f9f35db0f5b554190991df7d9ed7c7856a86e782a3f6de8856f589
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\e4db136d-3715-4251-a066-eb031a852e3b.tmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF127528.TMP
text
MD5: 81a62b1b42f5a6a18a726937fdcb81b1
SHA256: bd30b0b7e93e3cc34cf323970554a9a2617df6d3b6892602115e380f1b951de2
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF121b8f.TMP
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000001.dbtmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF120893.TMP
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 82ce2ddbbacbd2b5dd4379edc804c401
SHA256: 9a0d68b337393a13ccd06c294199dde50bc0bd1677739f8f6b44bba74423da6c
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT~RF120651.TMP
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF120392.TMP
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\c1a2eefa-3fde-41cf-b3d9-571036810192.tmp
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF120344.TMP
text
MD5: c5a804a5780cfc948a8db73979de968b
SHA256: 2c6f183b3e9dfa1bdf791091ad09cdcb079307d23864dbc07c81f280aa7d9227
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: c5a804a5780cfc948a8db73979de968b
SHA256: 2c6f183b3e9dfa1bdf791091ad09cdcb079307d23864dbc07c81f280aa7d9227
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: 70f27bb5ff84782e8065f81ee64e6008
SHA256: fd5dd0c6f1056c6ee6c2d29bd31653abb589e7d528957942e65b3972b7ecb4e9
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 768258eee3510091c97ade3bca3dc828
SHA256: 1f00cceba22a3fa7d0fffdebb99b95f0dfe19d2cda162abc09fc0d8a6e8ff21d
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF1202f6.TMP
text
MD5: 768258eee3510091c97ade3bca3dc828
SHA256: 1f00cceba22a3fa7d0fffdebb99b95f0dfe19d2cda162abc09fc0d8a6e8ff21d
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: 007e2c8f160468cc5a8b6c225f0ac40c
SHA256: 7f09cf7ac785c12f0062eb23854505c4ed396c6522eca7109b43ad5cc1a5f74b
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: f679598350690f14a2479935d826682b
SHA256: 4e7e1987eaf5ec751eb16b9f7cbae1c55873f1afe8e2b52416ed454f4efbf239
2888
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
1440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 81a62b1b42f5a6a18a726937fdcb81b1
SHA256: bd30b0b7e93e3cc34cf323970554a9a2617df6d3b6892602115e380f1b951de2

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
9
DNS requests
6
Threats
5

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
1440 chrome.exe GET 200 194.36.173.3:80 http://194.36.173.3/svchost.exe unknown
executable
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
1440 chrome.exe 194.36.173.3:80 –– suspicious
1440 chrome.exe 172.217.22.3:443 Google Inc. US whitelisted
1440 chrome.exe 172.217.23.141:443 Google Inc. US whitelisted
1440 chrome.exe 216.58.206.4:443 Google Inc. US whitelisted
1440 chrome.exe 172.217.18.174:443 Google Inc. US whitelisted
1440 chrome.exe 172.217.22.99:443 Google Inc. US whitelisted
1440 chrome.exe 216.58.207.46:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
clientservices.googleapis.com 172.217.22.3
whitelisted
accounts.google.com 172.217.23.141
shared
www.google.com 216.58.206.4
whitelisted
sb-ssl.google.com 172.217.18.174
whitelisted
ssl.gstatic.com 172.217.22.99
whitelisted
safebrowsing.google.com 216.58.207.46
whitelisted

Threats

PID Process Class Message
1440 chrome.exe Misc Attack ET COMPROMISED Known Compromised or Hostile Host Traffic group 21
1440 chrome.exe A Network Trojan was detected ET INFO Executable Download from dotted-quad Host
1440 chrome.exe Potentially Bad Traffic ET CURRENT_EVENTS SUSPICIOUS svchost.exe in URI Probable Process Dump/Trojan Download
1440 chrome.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
1440 chrome.exe Potentially Bad Traffic ET INFO SUSPICIOUS Dotted Quad Host MZ Response

Debug output strings

No debug info.