General Info

File name

Big tits and deep ass.scr

Full analysis
https://app.any.run/tasks/118043bc-320e-4b8e-a573-f0bd4108f4e2
Verdict
Malicious activity
Analysis date
2/11/2019, 09:04:27
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

trojan

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

3559d4c2042aa3227b2a91144fe37895

SHA1

3be2f8d9fb14c4067d5952ff7938587dc040502a

SHA256

77814302f158fa09f96657adf45d2675d07977e93585701df74a9d70041c54bf

SSDEEP

12288:ONWz1AUZbht1FGdX3lvnd64iJJpCeCslYrwS:OQzO8bhO2ZLlYrp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes the login/logoff helper path in the registry
  • DydxTSap.exe (PID: 2496)
Writes to a start menu file
  • Big tits and deep ass.scr (PID: 3676)
Changes the autorun value in the registry
  • DydxTSap.exe (PID: 3216)
  • DydxTSap.exe (PID: 2496)
  • Big tits and deep ass.scr (PID: 3676)
Connects to CnC server
  • DydxTSap.exe (PID: 3216)
Starts CMD.EXE for commands execution
  • DydxTSap.exe (PID: 3216)
Creates files in the program directory
  • DydxTSap.exe (PID: 2496)
Starts itself from another location
  • Big tits and deep ass.scr (PID: 3676)
Application launched itself
  • DydxTSap.exe (PID: 2736)
  • DydxTSap.exe (PID: 4016)
  • Big tits and deep ass.scr (PID: 3000)
Connects to server without host name
  • DydxTSap.exe (PID: 3216)
Creates files in the user directory
  • DydxTSap.exe (PID: 3216)
  • Big tits and deep ass.scr (PID: 3676)
Executable content was dropped or overwritten
  • DydxTSap.exe (PID: 2496)
  • DydxTSap.exe (PID: 3216)
  • Big tits and deep ass.scr (PID: 3676)
Starts application with an unusual extension
  • Big tits and deep ass.scr (PID: 3000)
Reads settings of System Certificates
  • chrome.exe (PID: 2920)
Application launched itself
  • chrome.exe (PID: 2920)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable (generic) (42.6%)
.exe
|   Win16/32 Executable Delphi generic (19.5%)
.exe
|   Generic Win/DOS Executable (18.9%)
.exe
|   DOS Executable Generic (18.9%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
1992:06:20 00:22:17+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
260608
InitializedDataSize:
106496
UninitializedDataSize:
null
EntryPoint:
0x5f001
OSVersion:
1
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
19-Jun-1992 22:22:17
Detected languages
Russian - Russia
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
10
Time date stamp:
19-Jun-1992 22:22:17
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
CODE 0x00001000 0x00040000 0x0001C200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.99629
DATA 0x00041000 0x00001000 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.72792
BSS 0x00042000 0x00001000 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x00043000 0x00002000 0x00000C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.5962
.tls 0x00045000 0x00001000 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x00046000 0x00001000 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0.200582
.reloc 0x00047000 0x00005000 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x0004C000 0x00013000 0x0000D600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.91738
.tu9 0x0005F000 0x00006000 0x00005400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 6.35642
.adata 0x00065000 0x00001000 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
Resources
1

2

3

4

5

6

7

50

51

52

4086

4087

4088

4089

4090

4091

4092

4093

4094

4095

4096

32761

32762

32763

32764

32765

32766

32767

APIDEL

CASMUD

CBAD

CBROWSD

CCOMPRESSEDD

CDATASD

CRANDD

CRCD

CTED

CXOD

CXORD

SYSTEM

TRASHS

MAINICON

Imports
    kernel32.dll

    user32.dll

    advapi32.dll

    oleaut32.dll

    gdi32.dll

    ole32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
50
Monitored processes
17
Malicious processes
5
Suspicious processes
2

Behavior graph

+
start drop and start big tits and deep ass.scr no specs big tits and deep ass.scr dydxtsap.exe no specs dydxtsap.exe cmd.exe dydxtsap.exe no specs dydxtsap.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3000
CMD
"C:\Users\admin\AppData\Local\Temp\Big tits and deep ass.scr" /S
Path
C:\Users\admin\AppData\Local\Temp\Big tits and deep ass.scr
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\big tits and deep ass.scr
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll

PID
3676
CMD
"C:\Users\admin\AppData\Local\Temp\Big tits and deep ass.scr"
Path
C:\Users\admin\AppData\Local\Temp\Big tits and deep ass.scr
Indicators
Parent process
Big tits and deep ass.scr
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\big tits and deep ass.scr
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\atl.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\dydxtsap.exe

PID
2736
CMD
"C:\Users\admin\AppData\Local\Temp\DydxTSap.exe"
Path
C:\Users\admin\AppData\Local\Temp\DydxTSap.exe
Indicators
No indicators
Parent process
Big tits and deep ass.scr
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\dydxtsap.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll

PID
3216
CMD
"C:\Users\admin\AppData\Local\Temp\DydxTSap.exe"
Path
C:\Users\admin\AppData\Local\Temp\DydxTSap.exe
Indicators
Parent process
DydxTSap.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\dydxtsap.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\atl.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\samlib.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wshtcpip.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
3520
CMD
"C:\Windows\System32\cmd.exe" /C ""C:\Users\admin\AppData\Local\Temp\DydxTSap.exe"" /admin
Path
C:\Windows\System32\cmd.exe
Indicators
Parent process
DydxTSap.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\dydxtsap.exe

PID
4016
CMD
"C:\Users\admin\AppData\Local\Temp\DydxTSap.exe" /admin
Path
C:\Users\admin\AppData\Local\Temp\DydxTSap.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\dydxtsap.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll

PID
2496
CMD
"C:\Users\admin\AppData\Local\Temp\DydxTSap.exe"
Path
C:\Users\admin\AppData\Local\Temp\DydxTSap.exe
Indicators
Parent process
DydxTSap.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\dydxtsap.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\atl.dll

PID
2920
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll

PID
3744
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x700d00b0,0x700d00c0,0x700d00cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3140
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1204 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
2364
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=940,1829146853318389021,16069026103428442139,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=6887CA6330AB9F540762188981DDD120 --mojo-platform-channel-handle=1012 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3100
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,1829146853318389021,16069026103428442139,131072 --enable-features=PasswordImport --service-pipe-token=3D250891496EDA59E2E6F29B4D559983 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3D250891496EDA59E2E6F29B4D559983 --renderer-client-id=5 --mojo-platform-channel-handle=1908 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3464
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,1829146853318389021,16069026103428442139,131072 --enable-features=PasswordImport --service-pipe-token=D2132A2CF80E6BE8FEDB90E8A2EB6ED0 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=D2132A2CF80E6BE8FEDB90E8A2EB6ED0 --renderer-client-id=3 --mojo-platform-channel-handle=2052 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3652
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,1829146853318389021,16069026103428442139,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=AC0C390F7D525F4A6CD845206CBDEFFB --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=AC0C390F7D525F4A6CD845206CBDEFFB --renderer-client-id=6 --mojo-platform-channel-handle=3592 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3756
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=940,1829146853318389021,16069026103428442139,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=CBB62A2B08E39C0021785872A8423247 --mojo-platform-channel-handle=3820 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3620
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,1829146853318389021,16069026103428442139,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=3766DAA97F7D345C424EB11090F246D9 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3766DAA97F7D345C424EB11090F246D9 --renderer-client-id=8 --mojo-platform-channel-handle=3880 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2900
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=940,1829146853318389021,16069026103428442139,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=6C65C0B765E2631CFDC4863546413607 --mojo-platform-channel-handle=2156 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

Registry activity

Total events
648
Read events
542
Write events
105
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3676
Big tits and deep ass.scr
write
HKEY_CURRENT_USER\Software\{621B5926-D4B6-4540-B6EB-27850A21859E}
ID
4334424133363437323045424641
3676
Big tits and deep ass.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
pAnGsBKl
C:\Users\admin\AppData\Local\Programs\kcVBuflj.exe
3676
Big tits and deep ass.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3676
Big tits and deep ass.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3216
DydxTSap.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
pAnGsBKl
C:\Users\admin\AppData\Local\Programs\kcVBuflj.exe
3216
DydxTSap.exe
write
HKEY_CURRENT_USER\Software\{621B5926-D4B6-4540-B6EB-27850A21859E}
PeriodDisabed
1
3216
DydxTSap.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3216
DydxTSap.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2496
DydxTSap.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
pAnGsBKl
C:\Users\admin\AppData\Local\Programs\kcVBuflj.exe
2496
DydxTSap.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
C:\Windows\system32\userinit.exe,,C:\Program Files\CCleaner\OWQmKVnn.exe
2920
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2920
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2920
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2920
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2920
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2920
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2920
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2920
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2920
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2920
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2920
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2920
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2920
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2920
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2920
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2920
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13194345912948750
2920
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3140
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2920-13194345911980000
259

Files activity

Executable files
7
Suspicious files
42
Text files
51
Unknown types
1

Dropped files

PID
Process
Filename
Type
3676
Big tits and deep ass.scr
C:\Users\admin\AppData\Local\Programs\kcVBuflj.exe
executable
MD5: 3559d4c2042aa3227b2a91144fe37895
SHA256: 77814302f158fa09f96657adf45d2675d07977e93585701df74a9d70041c54bf
3216
DydxTSap.exe
C:\{27850A21-9820-09CA-7A55-EBFFAB2B7CA4}\LiaDBxyu.exe
executable
MD5: 3559d4c2042aa3227b2a91144fe37895
SHA256: 77814302f158fa09f96657adf45d2675d07977e93585701df74a9d70041c54bf
3676
Big tits and deep ass.scr
C:\{27850A21-9820-09CA-7A55-EBFFAB2B7CA4}\LiaDBxyu.exe
executable
MD5: 3559d4c2042aa3227b2a91144fe37895
SHA256: 77814302f158fa09f96657adf45d2675d07977e93585701df74a9d70041c54bf
3676
Big tits and deep ass.scr
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hQqAKWmD.exe
executable
MD5: 3559d4c2042aa3227b2a91144fe37895
SHA256: 77814302f158fa09f96657adf45d2675d07977e93585701df74a9d70041c54bf
3676
Big tits and deep ass.scr
C:\Users\admin\AppData\Local\Temp\DydxTSap.exe
executable
MD5: 3559d4c2042aa3227b2a91144fe37895
SHA256: 77814302f158fa09f96657adf45d2675d07977e93585701df74a9d70041c54bf
2496
DydxTSap.exe
C:\Program Files\CCleaner\OWQmKVnn.exe
executable
MD5: 3559d4c2042aa3227b2a91144fe37895
SHA256: 77814302f158fa09f96657adf45d2675d07977e93585701df74a9d70041c54bf
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\224d373a-a41e-46a6-9787-2e8854f54d9d\index-dir\the-real-index
binary
MD5: 54f6f6c73b08bc18a01115a8917bbdce
SHA256: b338ed6fe315ce53a6e861104bc2eed9ea64d2f9c5e7361e5bfef9d568dab27c
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\224d373a-a41e-46a6-9787-2e8854f54d9d\index-dir\the-real-index~RF21a2d7.TMP
binary
MD5: 54f6f6c73b08bc18a01115a8917bbdce
SHA256: b338ed6fe315ce53a6e861104bc2eed9ea64d2f9c5e7361e5bfef9d568dab27c
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\224d373a-a41e-46a6-9787-2e8854f54d9d\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF21979c.TMP
binary
MD5: e450701f7586b685862f2aa6417828e0
SHA256: e19866fecf4c981089207bf57116943c63360a3093cb4a7270294488c16aeeff
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.tmp
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF218433.TMP
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: e450701f7586b685862f2aa6417828e0
SHA256: e19866fecf4c981089207bf57116943c63360a3093cb4a7270294488c16aeeff
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF218404.TMP
binary
MD5: e450701f7586b685862f2aa6417828e0
SHA256: e19866fecf4c981089207bf57116943c63360a3093cb4a7270294488c16aeeff
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\224d373a-a41e-46a6-9787-2e8854f54d9d\e64f4a26267430e4_1
binary
MD5: 0477ab4be385d8d58bd7d61c8123a185
SHA256: b6811674530712bfc2f0691a9f2b7251885bfc46f01f9a898931a2dd57d0712e
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\224d373a-a41e-46a6-9787-2e8854f54d9d\e64f4a26267430e4_0
binary
MD5: c185d3b35f109f4ec3ebdda81b7fa148
SHA256: bb1bbf56757c70f3e56a3c4ee37c6bfd126585d4dd7e326dce2bc729e2b69a36
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF218404.TMP
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\224d373a-a41e-46a6-9787-2e8854f54d9d\4db55b0a5eaa7ca5_0
binary
MD5: a8144a6e1ad75455493746ac3db0d853
SHA256: 5a3022ff6985c2628d50fff9034e55c9e9d387da35e497a9d75dfca905421301
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
binary
MD5: 037c59007ed99bd240ec43b76b4b077f
SHA256: 7b4a4ef18ec5fb8c1130003c77afbbf6844368266605adfaaa51b428fddc3f1e
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF218329.TMP
binary
MD5: e450701f7586b685862f2aa6417828e0
SHA256: e19866fecf4c981089207bf57116943c63360a3093cb4a7270294488c16aeeff
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\224d373a-a41e-46a6-9787-2e8854f54d9d\index-dir\the-real-index
binary
MD5: 9735dc8e7d82018c1ba3d898c38380df
SHA256: f4bfb1ce96f35b68ff9f390ebdcff7f645da4c516cc318a44a26744440bfa7e0
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1
binary
MD5: cdd35b5b5b83382fbb9849e469c9b627
SHA256: 8858325c9bb56712547b6200f201ac647ce5454dea9be56b5cfd3b9ea3976a7e
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\224d373a-a41e-46a6-9787-2e8854f54d9d\index
text
MD5: 4f67aba5cb5b04976834ad6da18d2017
SHA256: 4476d281b3d119577eb8f19fd90e042e5a456cba30d0bb16d05654acc91aec5b
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0
binary
MD5: 3d79a39be294989670ac4bf76e2b73cb
SHA256: 13cace7ad38db6afa0b6faf5e82fff7c18615c401a1e0d461da3f4dcf944ee21
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF217cb1.TMP
text
MD5: 3ab316cf62c3abb8d4b0d2525fe578f8
SHA256: a64a85e29be1ab7b24cfacbcde094ecc6b4873a8f528c4e898a7f5d79cc8c7c2
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 3ab316cf62c3abb8d4b0d2525fe578f8
SHA256: a64a85e29be1ab7b24cfacbcde094ecc6b4873a8f528c4e898a7f5d79cc8c7c2
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\3ac8a33b-1706-432a-94de-8d8c1a6991de.tmp
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 78fee15a0d24414c12e1c8fc4280b0dc
SHA256: a5495c6323c4ad7613373c4bce90942da4f683f60942ee62641f4ca60e908a4f
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF217c63.TMP
text
MD5: 78fee15a0d24414c12e1c8fc4280b0dc
SHA256: a5495c6323c4ad7613373c4bce90942da4f683f60942ee62641f4ca60e908a4f
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d1f6c2b1-c116-4126-a98f-871e403193fe.tmp
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF217c15.TMP
text
MD5: 3f71bbdce025c47dd485aa6c5ad647ab
SHA256: 37c8e2078a5d2ced2158a1b9662b3fe723a115b65444321ad8d13af438e00b93
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 3f71bbdce025c47dd485aa6c5ad647ab
SHA256: 37c8e2078a5d2ced2158a1b9662b3fe723a115b65444321ad8d13af438e00b93
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\b341f453-7c84-4843-b5ce-e38fbcc4f33a.tmp
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG
text
MD5: b2ecd9ff63366bd2dbb7f40f8dce6c53
SHA256: 290c505e059766cca45b83ae773fda9d697bb26e60229a226c4ca0dac59fd8f0
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log
binary
MD5: 991641dbcc63a7eacba784846f16492f
SHA256: d402a1e89776f26565012ebd063638b57e09e58efc77105415906eebafc0fdd0
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF216dcc.TMP
binary
MD5: 65b200cde0994dadacb905b0754f6be2
SHA256: a57f85cf5c485d6e045e4ccdb1ffa6414d0990edff79c6b7880bfcdd5212573f
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: 65b200cde0994dadacb905b0754f6be2
SHA256: a57f85cf5c485d6e045e4ccdb1ffa6414d0990edff79c6b7880bfcdd5212573f
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
compressed
MD5: 7a3cb9df72697034f7a9b99af59983b6
SHA256: 61770cbac81339f8cd850a20321bfc4320d03b29711b8991d47f6b34a6528b08
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
binary
MD5: d588efb6bf8e5dcbde855e5831a980b8
SHA256: c228864dbea110664a600fc0da282932eae58fa907328cf95c5491bb2bc8cd96
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
compressed
MD5: 1b7227da00e4bd9da370113d89ca7f40
SHA256: 45e11133387ab0fefe4705aa0a641ac39723412b504a03192ac825487d95aa96
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF215d42.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
compressed
MD5: 52084fa108193d5b2c71a12c410b5652
SHA256: ad2853845c2e83d33e4618d72f881f5fbdcd3a2dc605d3e217ebb0552624410d
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
image
MD5: 0515236318ac3251ff39eb8372a0c129
SHA256: 228cb9c602929e1a2fb17408fe812af3599ab9f734d0b7c499ab79e15c5b8dd4
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
binary
MD5: 1899f3d2e3a6ba22e61d75e8357fd36c
SHA256: 69f5b57f7d63676e22379ab4268d2a568cd0051facffdbe341c769f4aaed9b48
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\353ab5148181f0c4_0
binary
MD5: 9f55a62bd775dc47c7bf173e12501dc8
SHA256: 8cce3f6cf5a20d79a6e07c0c97c6c20bfaf45b145f42a3ad1ce89374a5b61bee
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\40bba07c05914591_0
binary
MD5: c405c1bb0aff8f277c6be458f63cfac7
SHA256: fcb0324ad68a5373347904c218d1a40018bb421fe1e66a07b3928d3bd212c4d3
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG.old
text
MD5: 65e3a899ee20811d157b572ffa34a607
SHA256: fdbc070214092df54b10dc06b2a40f0cc30ad00d410ba67de9f98a3d53f08a75
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF215a06.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\e64f4a26267430e4_0
binary
MD5: fd0a332eb53d05466cf01487191efc8f
SHA256: ba8efc8a3d3ba38b3ddca4ba6e39c9042c9151ef0406be089946bb606b84f9aa
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF215999.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: 1a2e809ef04228cd18e3e2158c073614
SHA256: 1dc3f335d9bbc0fbea412449a63d1b96e4e610468b61f04249c9193e1ab46d48
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\50da1ec5d44a313d_0
binary
MD5: deddc51ae202781fc756354795dc1c7d
SHA256: 533a3d73e2a48f9ef920d834347d0b91809a406a94a1f845357b1785683987c8
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\3a41e250d088c297_0
binary
MD5: 61a3992fa50d4269f95915a340e3e23a
SHA256: a47df02153a100922733e7abde8ff9c5a1dfe16483a8289cae80a4c771fd29cf
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF21593b.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF2158fc.TMP
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
binary
MD5: 14bfb9faf9b7c307fba294ed740bf79c
SHA256: 6dc472e9c42b17d4abd6456d3369a5905dc33713c2f8dd04a1543e40f06c0ce8
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: 5ec8525ef9ddbdfa3ca2edd5b87d92a3
SHA256: 70d4eb4350ce201674078872a80995d7765fda8278c2d8b31d136fd78b10a781
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF215860.TMP
binary
MD5: 5ec8525ef9ddbdfa3ca2edd5b87d92a3
SHA256: 70d4eb4350ce201674078872a80995d7765fda8278c2d8b31d136fd78b10a781
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\c969d7d2-0ebc-4151-9936-bc4b6156a186.tmp
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF21562e.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF2155d0.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF2155c0.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF215591.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF215591.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\3bb63c83-e000-4c00-9a4c-171873b8b114.tmp
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF215572.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF215562.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3744
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 2e595d1ddba662614038352074cc14ad
SHA256: 8b1d0fd0f29a103f49588c5a1399ddd0df081bc4da681823a34570067b8b5af3
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9595c0b9-566a-4359-8fc3-a8d5002a3f1f.tmp
––
MD5:  ––
SHA256:  ––
3216
DydxTSap.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0cf1809bdef89b784852b519f80deecd_90059c37-1320-41a4-b58d-2b75a9850d2f
dbf
MD5: 87f313c72e47267f66da58d68cdfd758
SHA256: 9137616d61352222e53a81b3b0cd2dd9097392cff2fdf982034d63271ea7e9d4
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 6690c86c3970f5ea80f18be9e02df977
SHA256: 06b20ef2bb1da87026fca30c4dac518c773b4d228309d297d0faf558cdb699c9
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF21a884.TMP
text
MD5: 6690c86c3970f5ea80f18be9e02df977
SHA256: 06b20ef2bb1da87026fca30c4dac518c773b4d228309d297d0faf558cdb699c9
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\809e5bc0-4e0e-463c-9958-206b3a3de476.tmp
––
MD5:  ––
SHA256:  ––
2920
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF21aaa7.TMP
text
MD5: 2e595d1ddba662614038352074cc14ad
SHA256: 8b1d0fd0f29a103f49588c5a1399ddd0df081bc4da681823a34570067b8b5af3

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
7
TCP/UDP connections
22
DNS requests
125
Threats
11

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3216 DydxTSap.exe POST 200 95.141.37.227:80 http://95.141.37.227/ IT
text
html
malicious
3216 DydxTSap.exe POST 200 35.225.160.245:80 http://mluztamhnngwgh.com/ US
text
text
malicious
3216 DydxTSap.exe POST 404 208.100.26.251:80 http://rauggyguyp.com/ US
text
html
malicious
3216 DydxTSap.exe POST 200 95.141.37.227:80 http://95.141.37.227/ IT
text
html
malicious
3216 DydxTSap.exe POST 200 95.141.37.227:80 http://95.141.37.227/ IT
text
html
malicious
3216 DydxTSap.exe POST 404 208.100.26.251:80 http://rauggyguyp.com/ US
text
html
malicious
3216 DydxTSap.exe POST 200 35.225.160.245:80 http://mluztamhnngwgh.com/ US
text
text
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3216 DydxTSap.exe 95.141.37.227:80 Seflow S.N.C. Di Marco Brame' & C. IT malicious
3216 DydxTSap.exe 35.225.160.245:80 US malicious
3216 DydxTSap.exe 208.100.26.251:80 Steadfast US malicious
2920 chrome.exe 216.58.205.227:443 Google Inc. US whitelisted
2920 chrome.exe 172.217.21.227:443 Google Inc. US whitelisted
2920 chrome.exe 216.58.207.67:443 Google Inc. US whitelisted
2920 chrome.exe 172.217.16.170:443 Google Inc. US whitelisted
2920 chrome.exe 216.58.207.45:443 Google Inc. US whitelisted
2920 chrome.exe 172.217.22.35:443 Google Inc. US whitelisted
2920 chrome.exe 216.58.210.14:443 Google Inc. US whitelisted
2920 chrome.exe 216.58.207.68:443 Google Inc. US whitelisted
2920 chrome.exe 216.58.207.42:443 Google Inc. US whitelisted
2920 chrome.exe 172.217.21.195:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
mycojenxktsmozzthdv.com No response unknown
furiararji.com No response unknown
rauggyguyp.com 208.100.26.251
malicious
llullzza.com No response unknown
inbxvqkegoyapgv.com No response unknown
mluztamhnngwgh.com 35.225.160.245
malicious
zrkdvzjhse.com No response unknown
wyuhdsdttczd.com No response unknown
mydojltbqjnwailyyoa.com No response unknown
hpaxgpkteomjaxywwelr.com No response unknown
pibqzedhzwt.com No response unknown
wbgzpjfxlxlcvbth.com No response unknown
nsxdczggybtkdukmyf.com No response unknown
jarjvddjzqrmnepeqwd.com No response unknown
plxeyaja.com No response unknown
vlbqryjd.com No response unknown
lfehajeex.com No response unknown
swtjyuhuefvl.com No response unknown
ftdkuoulfhfudds.com No response unknown
afececrkycbeyqm.com No response unknown
eblgaosyeszzjkbhhdyh.com No response unknown
xjjcditjfkgkihfe.com No response unknown
xnloppwhfamkcltuxkif.com No response unknown
mblmvrla.com No response unknown
ktqyrmiyvnidd.com No response unknown
vxlkofoazme.com No response unknown
jsntwyjcv.com No response unknown
wvquldqwwsttp.com No response unknown
pivzovznpssx.com No response unknown
ggspyfmreouxnhqi.com No response unknown
www.google.de 216.58.205.227
whitelisted
www.gstatic.com 216.58.207.67
whitelisted
clientservices.googleapis.com 172.217.21.227
whitelisted
safebrowsing.googleapis.com 172.217.16.170
whitelisted
accounts.google.com 216.58.207.45
shared
ssl.gstatic.com 172.217.22.35
whitelisted
apis.google.com 216.58.210.14
whitelisted
www.google.com 216.58.207.68
whitelisted
www.google.co.uk 172.217.21.227
whitelisted
fonts.googleapis.com 216.58.207.42
whitelisted
fonts.gstatic.com 172.217.21.195
whitelisted

Threats

PID Process Class Message
3216 DydxTSap.exe A Network Trojan was detected MALWARE [PTsecurity] Trojan.Ransom.DirCrypt
3216 DydxTSap.exe Potentially Bad Traffic ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
3216 DydxTSap.exe A Network Trojan was detected MALWARE [PTsecurity] Trojan.Ransom.DirCrypt
3216 DydxTSap.exe A Network Trojan was detected MALWARE [PTsecurity] Trojan.Ransom.DirCrypt
3216 DydxTSap.exe A Network Trojan was detected ET TROJAN W32/DirCrypt.Ransomware CnC Checkin
3216 DydxTSap.exe A Network Trojan was detected MALWARE [PTsecurity] Trojan.Ransom.DirCrypt
3216 DydxTSap.exe Potentially Bad Traffic ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
3216 DydxTSap.exe A Network Trojan was detected MALWARE [PTsecurity] Trojan.Ransom.DirCrypt
3216 DydxTSap.exe Potentially Bad Traffic ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
3216 DydxTSap.exe A Network Trojan was detected MALWARE [PTsecurity] Trojan.Ransom.DirCrypt
3216 DydxTSap.exe A Network Trojan was detected MALWARE [PTsecurity] Trojan.Ransom.DirCrypt

Debug output strings

No debug info.