General Info

URL

http://www.rj-texted.nu/downloads/rj-portable-update.exe

Full analysis
https://app.any.run/tasks/548f9267-f499-48cb-b74b-452882626836
Verdict
Malicious activity
Analysis date
3/14/2019, 10:40:19
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
240 seconds
Additional time used
180 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Downloads executable files from the Internet
  • chrome.exe (PID: 3012)
Application was dropped or rewritten from another process
  • TextED.exe (PID: 2824)
  • rj-portable-update.exe (PID: 3232)
Executable content was dropped or overwritten
  • rj-portable-update.tmp (PID: 2348)
  • chrome.exe (PID: 3012)
  • rj-portable-update.exe (PID: 3232)
Reads Windows owner or organization settings
  • rj-portable-update.tmp (PID: 2348)
Reads the Windows organization settings
  • rj-portable-update.tmp (PID: 2348)
Application was dropped or rewritten from another process
  • rj-portable-update.tmp (PID: 2348)
Reads Internet Cache Settings
  • chrome.exe (PID: 3012)
Creates files in the user directory
  • chrome.exe (PID: 3012)
Application launched itself
  • chrome.exe (PID: 3012)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
49
Monitored processes
20
Malicious processes
2
Suspicious processes
1

Behavior graph

+
drop and start start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs rj-portable-update.exe rj-portable-update.tmp texted.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3012
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.rj-texted.nu/downloads/rj-portable-update.exe
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\users\admin\downloads\rj-portable-update.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wshqos.dll

PID
3760
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x700800b0,0x700800c0,0x700800cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2992
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3016 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
920
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=AA494380577D90A2CDEFA9D0D1E41C19 --mojo-platform-channel-handle=1012 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2656
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --service-pipe-token=7902E1C7612ABD71EF83087B4AAD65DB --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7902E1C7612ABD71EF83087B4AAD65DB --renderer-client-id=4 --mojo-platform-channel-handle=1900 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3288
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --service-pipe-token=C1C7B89F1C6E299A1806F17A521DA61B --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=C1C7B89F1C6E299A1806F17A521DA61B --renderer-client-id=3 --mojo-platform-channel-handle=2128 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3404
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=219276C6961FFEED13857BA366807FD5 --mojo-platform-channel-handle=3424 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3232
CMD
"C:\Users\admin\Downloads\rj-portable-update.exe"
Path
C:\Users\admin\Downloads\rj-portable-update.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Rickard Johansson
Description
RJ TextEd Setup
Version
13.73.1
Modules
Image
c:\users\admin\downloads\rj-portable-update.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\is-mdkdc.tmp\rj-portable-update.tmp

PID
2348
CMD
"C:\Users\admin\AppData\Local\Temp\is-MDKDC.tmp\rj-portable-update.tmp" /SL5="$20140,24223727,121344,C:\Users\admin\Downloads\rj-portable-update.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-MDKDC.tmp\rj-portable-update.tmp
Indicators
Parent process
rj-portable-update.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-mdkdc.tmp\rj-portable-update.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\rj texted\win32\texted.exe

PID
2824
CMD
"c:\RJ TextEd\Win32\TextED.exe"
Path
c:\RJ TextEd\Win32\TextED.exe
Indicators
No indicators
Parent process
rj-portable-update.tmp
User
admin
Integrity Level
MEDIUM
Exit code
3221225781
Version:
Company
Rickard Johansson
Description
Source and text editor!
Version
13.73.1.176
Modules
Image
c:\rj texted\win32\texted.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\oleaut32.dll

PID
2712
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=9F7E70027E13FCB7CFC29F20CA5E5179 --mojo-platform-channel-handle=2340 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
2268
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=058F5A2B12E6318F89BA9578117F3EF6 --mojo-platform-channel-handle=516 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3512
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=1334ED77558E4F642E76F82ADE270991 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1334ED77558E4F642E76F82ADE270991 --renderer-client-id=9 --mojo-platform-channel-handle=804 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3052
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=AF5F9C8DC95D8487C2ECCA8B6D4F7A80 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=AF5F9C8DC95D8487C2ECCA8B6D4F7A80 --renderer-client-id=10 --mojo-platform-channel-handle=3248 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2748
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=D656CCD057A2AE1E5945B6D55967E198 --mojo-platform-channel-handle=4220 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3428
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=BAA17E5ED8461131A5BA1F6E479D7111 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=BAA17E5ED8461131A5BA1F6E479D7111 --renderer-client-id=12 --mojo-platform-channel-handle=4412 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3500
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=C1021835723897ADE68D2C3952AC4172 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=C1021835723897ADE68D2C3952AC4172 --renderer-client-id=13 --mojo-platform-channel-handle=3312 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2632
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=3B5D5B6D068E64209242230BA5EF100D --mojo-platform-channel-handle=4168 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3452
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=E37FB749066220BA0B8816FB146509D1 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=E37FB749066220BA0B8816FB146509D1 --renderer-client-id=15 --mojo-platform-channel-handle=1660 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3320
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=67EEF78833748FDC18B0C11061A5B333 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=67EEF78833748FDC18B0C11061A5B333 --renderer-client-id=16 --mojo-platform-channel-handle=3272 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
916
Read events
840
Write events
74
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2712
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2992
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3012-13197030034163250
259
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3012
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3012
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3012
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
3012
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
3012
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
3012
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13197030035257000
3012
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307030004000E00090028003600730300000000
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
FE8CF02E4ADAD401
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
3012
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
9B83B9DF819FCCC9D823F0885E0661163D5555A90A60463686A6F19D3EC896F1
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
4A287B0B755A5E955A1C24038AFAE4CB31FA1D3481736499DE82E6B1D362B814
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
B342412D4E675D50B94DFB5B0707C37FCBE1BD5E686C01255A390C2659433A91
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
3360FF8C2FA393550BF615763F402BF2ED8907163B54E542D5E576F1C2895994
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
292E45C8A774272F4BB513844FEBC567A0DE10FE77996001366C9DC6C187E1A3
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
19281578F4B9AFF169CBB87A828D360CBFF45F99A36CC0694804CE0B9521FF74
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
37A858BD3327FACA61D625B462EC605ED64E520E108B94F4C3325B757DB435C4
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
17F7787CEDB9B66B8D78F7E985DCA6E31DBA26B1F7D92176EDBEDAFB5838AEBC
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
9A0044B183822416E036FA2670FC5F085B3D015E358899EB0B24B5D6E5EEB39D
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
15BE3118A2FD1D679752B66E7933B8C448B7C44D2D651A58B9CBEFE02A38FAC0
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
F80C356719E2B5BD044936E233B06B90F51FA90717091B8938B72CF039CBFCA7
3012
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
3322B846CB2AF08E7D0BEA7B54C6BAECEC2594DEEC184EBC885BF62F72B9B7AC

Files activity

Executable files
9
Suspicious files
76
Text files
164
Unknown types
11

Dropped files

PID
Process
Filename
Type
2348
rj-portable-update.tmp
c:\RJ TextEd\Win32\TextEd.exe
executable
MD5: a66f47fbd9d1d6d0c4b934c85cbd4428
SHA256: 043b3bd8fa2c7e7c57b67fa75ed21d806a4c5665d76b8b6242bd804022f87650
2348
rj-portable-update.tmp
c:\RJ TextEd\Win32\ImageListEditor.exe
executable
MD5: 77819f1e4c715d49a76ba3a9c61e38aa
SHA256: 35331298349d7e028362a867d5c6143f43b58c0a86d1e787996ec8c75ebe54d7
2348
rj-portable-update.tmp
c:\RJ TextEd\Win32\CharView.exe
executable
MD5: 72f27c1e79b2e4407a5610d586cf1dfb
SHA256: f6baf53386ffcb5825f3e2bcf2eef21ad964cd4e19efcb0a778e6df4f1331d9b
3232
rj-portable-update.exe
C:\Users\admin\AppData\Local\Temp\is-MDKDC.tmp\rj-portable-update.tmp
executable
MD5: 90fc739c83cd19766acb562c66a7d0e2
SHA256: 821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431
3012
chrome.exe
C:\Users\admin\Downloads\rj-portable-update.exe
executable
MD5: 7964f8818f8443fa345c00d68583d456
SHA256: b9fb963b5d838f6d60c791b477c0ede0e6f298a7cd8367e278918736a7e0ab54
3012
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 727955.crdownload
executable
MD5: 7964f8818f8443fa345c00d68583d456
SHA256: b9fb963b5d838f6d60c791b477c0ede0e6f298a7cd8367e278918736a7e0ab54
3012
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 727955.crdownload
executable
MD5: df6a9c913751dbd5f4250e57eab95408
SHA256: 45e0bde77c85dffc977008f8d67d9e9d4077442c2434499838da5871aad6f90e
3012
chrome.exe
C:\Users\admin\Downloads\9a0d5d18-b89f-4905-a8f7-eb245ab350a0.tmp
executable
MD5: 5a627bb721ec3a0158f7de09beb9d95b
SHA256: a5fbd90cbf0f2aa289eeb7a922323e9539a0a1169f70946c5018ae05e2e08161
2348
rj-portable-update.tmp
c:\RJ TextEd\Win32\SyntaxEditor.exe
executable
MD5: 008bdfc2511c498238f8160eb74072b5
SHA256: 6ee64ee501669f784d9cbf184976cd1754ee400819e37248321981fa758bdfcd
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\265deac5-7bf7-4bd6-891b-3c42b50adeef.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store
binary
MD5: a23706abfb21075da7c5b40ac4a8be40
SHA256: 036840a66927ab8f37fabbdcadd7e1cbb4517c3c1f81d1feff3e50e4c856350a
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store_new
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store_new
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store_new
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store
binary
MD5: 108cf0306e12b9e8a3419092030c8afd
SHA256: 9f1cbf7a67c3ab6f8b16a52951a27778daac1148a47513a992826018bc918497
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store_new
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store
binary
MD5: e6ebe76f6fc075a50f6fc8ed08c1f4c5
SHA256: a51871e6d7daaaa96432fd02836d05aacaec51d80739d1216a247830f2c9979f
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store_new
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store
binary
MD5: da00f5f8a1e4bdb532342a9f0ab950a3
SHA256: 48efa99cdf638eb242b760569e6dbf15c0d0c78d6fa1e4e64ea15543d6bbca5a
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store_new
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store
binary
MD5: 43424ec9a25f29f141319f796f26ce91
SHA256: 2906a981195b60d9d011e0447981e7f9082c2b2089517e81f42b380f5c9248d8
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store_new
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: bc759bfe712694ab3142135a0ee400dc
SHA256: e465aac15a12be178e04f0dc8c38f9bed9fc528eddd5c529e9cef011372ebfe0
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF23ff35.TMP
binary
MD5: bc759bfe712694ab3142135a0ee400dc
SHA256: e465aac15a12be178e04f0dc8c38f9bed9fc528eddd5c529e9cef011372ebfe0
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 9409bab446b7204c6235dfddd6066e89
SHA256: 68c1cb50ec24ac5a1dbdc7d9c845e94a1e9d60f312cf92a694f0791cd7ea105e
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF23d8c2.TMP
text
MD5: 9a25e851a0f033c8dabd821cd6d9a19b
SHA256: f263d9df7eeaa9336f8fc7fb6d5887089024b48c48de438c2ab7b738b555ae55
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 9a25e851a0f033c8dabd821cd6d9a19b
SHA256: f263d9df7eeaa9336f8fc7fb6d5887089024b48c48de438c2ab7b738b555ae55
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a15ad8fd-5d8c-4513-9b25-f13f9a683d12.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 86649c2c9e05e133cfe3dd7b9536878e
SHA256: d7a975d4a7442bd1aeed38431732d1bb39014228b19238bb2756d91455527414
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF23d6ce.TMP
text
MD5: 86649c2c9e05e133cfe3dd7b9536878e
SHA256: d7a975d4a7442bd1aeed38431732d1bb39014228b19238bb2756d91455527414
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\08d7f80a-f8f9-4d29-ab38-433c3bfa8ebc.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\a6e75b3b-c0bb-41a0-9972-856bc1f52231\index-dir\the-real-index~RF23d0c3.TMP
binary
MD5: 4b47164681180a00ca4f91a4bfbc691a
SHA256: ac9d3d351e7a9df9c4518ae8869104f1f248e087c4eecf8beb4cf96386d9ab59
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\a6e75b3b-c0bb-41a0-9972-856bc1f52231\index-dir\the-real-index
binary
MD5: 4b47164681180a00ca4f91a4bfbc691a
SHA256: ac9d3d351e7a9df9c4518ae8869104f1f248e087c4eecf8beb4cf96386d9ab59
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\a6e75b3b-c0bb-41a0-9972-856bc1f52231\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000005.ldb
binary
MD5: fdcf141a8064bd00df5801bbe6534696
SHA256: e0bb7b06a2cc31e0fabccd66e9b9db1e28424c240b0dc0af9c04401ba8d613e5
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF23c5b7.TMP
binary
MD5: 95b816c8e1b943be412c97339a35a95e
SHA256: 5903472bbeb6186835bf179eb6e56452a05597170651e620cf441b60ff612818
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF23b22f.TMP
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\temp-index
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: 95b816c8e1b943be412c97339a35a95e
SHA256: 5903472bbeb6186835bf179eb6e56452a05597170651e620cf441b60ff612818
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF23b22f.TMP
binary
MD5: 95b816c8e1b943be412c97339a35a95e
SHA256: 5903472bbeb6186835bf179eb6e56452a05597170651e620cf441b60ff612818
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\a6e75b3b-c0bb-41a0-9972-856bc1f52231\65f25b9a843df642_1
binary
MD5: d7a9437f2470b6eaaa03169c6eede4ca
SHA256: daad82daf6492403ca1724c912d9c0e3e9a12accbe36fa45c6b10147047d36be
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\a6e75b3b-c0bb-41a0-9972-856bc1f52231\65f25b9a843df642_0
binary
MD5: c7ac4358fac17ccd633cf0c3cabc896b
SHA256: d2cb9183fe31a92acd0d2225c9c9948dc9666e2ba5463884e6428b52583aac4a
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\a6e75b3b-c0bb-41a0-9972-856bc1f52231\4db55b0a5eaa7ca5_0
binary
MD5: e491fd0e52631498a6f2ba7b7ce4e621
SHA256: 7302a2a621411b65e80ab8e1f7b8ebf425515977bdd61639127e981ee683e2fe
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002e
binary
MD5: 87524e015a2930991cc4204ad3b371fd
SHA256: 6a150044785b460a431dc87fc51c084044bd1d6128977d0e58d2b53c3dd886b0
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002d
compressed
MD5: 737096a391cc2cfbe167a01ba07c9ba2
SHA256: d7741f6d6c163689294530c2f3c9635ce5d26e18b715d14ec2dbe7fcd781db31
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF23b115.TMP
binary
MD5: 95b816c8e1b943be412c97339a35a95e
SHA256: 5903472bbeb6186835bf179eb6e56452a05597170651e620cf441b60ff612818
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\a6e75b3b-c0bb-41a0-9972-856bc1f52231\index
text
MD5: 4f67aba5cb5b04976834ad6da18d2017
SHA256: 4476d281b3d119577eb8f19fd90e042e5a456cba30d0bb16d05654acc91aec5b
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\a6e75b3b-c0bb-41a0-9972-856bc1f52231\index-dir\the-real-index
binary
MD5: 9cdc74b2073c660c135f6bd9706b1d8f
SHA256: 132132e0dff08ecf1f9d60c86c29c46c329cc441859adc161efad723c1854503
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1
binary
MD5: 79e227a24a4edfa7f8a2e4dfc443fb91
SHA256: 58b6d24b651400c44cda9b2b096b92f7c1fdde81072e85794bcba0170a8f8485
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0
binary
MD5: 219c5696af22bac17cc32c390c996198
SHA256: 0032272cd71c05826dcc22ee894895ccd40d77b2c254b017ab22b163680ff26b
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 2246a3480dcf8291de298367c0f6eed2
SHA256: 0c7aba7cce3da9fcaf2a44774ea694100144533d90a36648493a9100a9addc95
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF236a87.TMP
text
MD5: 2246a3480dcf8291de298367c0f6eed2
SHA256: 0c7aba7cce3da9fcaf2a44774ea694100144533d90a36648493a9100a9addc95
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ab498a28-8d76-4afc-aebb-e70227d14cb7.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002c
image
MD5: f2cc69149a8d4b16f8ae4cf69ecee093
SHA256: 6cf6fc53b9be7b07d84311b12900af7634a9b7c6a98531d7528a6dc3618f3f0f
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 63990e48cf98770605f32bd1ebb38ef9
SHA256: f4801aa5767767c6e663b2526848f0e1ed43c8741c1a63cd38958779ea5ca874
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF232b99.TMP
text
MD5: 63990e48cf98770605f32bd1ebb38ef9
SHA256: f4801aa5767767c6e663b2526848f0e1ed43c8741c1a63cd38958779ea5ca874
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\c4599351-2f63-41d4-bf69-e5d1318bfccc.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF232b2c.TMP
text
MD5: 39db1e7b9ea9fa4a70dd367dbd9dd0a6
SHA256: 0fcd4187ad38c7917424e204e9166e5b7c6979b99d7fe616a34a00301a036c51
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 39db1e7b9ea9fa4a70dd367dbd9dd0a6
SHA256: 0fcd4187ad38c7917424e204e9166e5b7c6979b99d7fe616a34a00301a036c51
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5c27a50a-373a-4bc9-939c-404599d57b82.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 4ebe680150ba7b24cd5b5e8f86565208
SHA256: 45c36199dbb292151bda0f7d97819705d81c57f0518bcdedb4e76e7d7d916e11
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF232763.TMP
text
MD5: 4ebe680150ba7b24cd5b5e8f86565208
SHA256: 45c36199dbb292151bda0f7d97819705d81c57f0518bcdedb4e76e7d7d916e11
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\6ad8fe01-16e9-46f2-961b-f709b9161877.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF2323ba.TMP
text
MD5: 2caada1694c0134212661ed47103b7fe
SHA256: c85799fa657ffc8b4ee62d983ae2b126b6393fc30647308ca9943bc2cc74ac9c
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 2caada1694c0134212661ed47103b7fe
SHA256: c85799fa657ffc8b4ee62d983ae2b126b6393fc30647308ca9943bc2cc74ac9c
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\d81f9bbc-eab1-4b78-92d5-d937f8ec4c29.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b
compressed
MD5: ac3697e6b6a96ba0778690b57f956197
SHA256: d48c43312808ccf44d9d7a6b714bbefa6201d39dc7681ff8d1a67545065149b5
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a
compressed
MD5: 6672d92a09cb7d24694e5eaedc9b470f
SHA256: afa185d29a8d426f0f69a0d5b6c746f143b7e5f892abe937b9da2c17125048a1
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029
image
MD5: 615deb7b84bf49d8a04e848cc917b100
SHA256: a85dbbf1b921caeaf0a05e13051602a327072ab15228e63876fcf978bbe26380
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028
compressed
MD5: df18476d15d2e06852ba5f33a9875ce9
SHA256: 7c23d06ec58d3b24d115dadf4f96feb079147dddcc02419b7fbc541ea20abee5
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: e4ca6701bfad96cc3ed7a48fff4f4e1a
SHA256: cbe69073e2a741f01a2eb5224644fde4e03f0407326a357afed7c543313b13d6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF22e922.TMP
text
MD5: e4ca6701bfad96cc3ed7a48fff4f4e1a
SHA256: cbe69073e2a741f01a2eb5224644fde4e03f0407326a357afed7c543313b13d6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\07f6ca80-a1a8-4295-b49e-ba5eb4f79e4f.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF22e7ca.TMP
text
MD5: 1e45a4a5ef674ca165b081a9d971892c
SHA256: 4e2db29b0fd0b1bba6ad46d26f1f7eac3a16720a11be6163bfd52f142bb50a65
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 1e45a4a5ef674ca165b081a9d971892c
SHA256: 4e2db29b0fd0b1bba6ad46d26f1f7eac3a16720a11be6163bfd52f142bb50a65
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4ded9cb0-dfa3-4c9f-800f-2e2032e6b794.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 972cbea97637e6b3eeb062c6a0bd822f
SHA256: 9d803b99d954147a37ca2a0f38a7899902a6ec2c3b5e3dbb4495d4dedbf2de08
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF22bf33.TMP
text
MD5: 972cbea97637e6b3eeb062c6a0bd822f
SHA256: 9d803b99d954147a37ca2a0f38a7899902a6ec2c3b5e3dbb4495d4dedbf2de08
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2f51753a-604f-452a-9430-acb669c418b0.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027
binary
MD5: deec74684e08797627191705fcdd29b8
SHA256: 5af7aa0ddb3b3bff7088f488d54ef6a078aa26dae581cc047d8e5a4e7fcca37e
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: c84a84dc6f5eee05cee35945a68467c8
SHA256: 1452d9a0c467e9b10d01af01462a3c04574b5697b4217e75c19ad392ad535ab6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF22aae0.TMP
text
MD5: c84a84dc6f5eee05cee35945a68467c8
SHA256: 1452d9a0c467e9b10d01af01462a3c04574b5697b4217e75c19ad392ad535ab6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a5d05e5f-d8de-4dbd-963f-a73266705fa5.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 8a165def03abb4c7ac3dd657f1a5793e
SHA256: 260f7bfc1eae240323fdac1119ae1b9e69739e78ef0a0bca1a8ee8c46ff0eb28
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF22aa06.TMP
text
MD5: 8a165def03abb4c7ac3dd657f1a5793e
SHA256: 260f7bfc1eae240323fdac1119ae1b9e69739e78ef0a0bca1a8ee8c46ff0eb28
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\b8ee7ae1-763d-4a25-a8ce-d0f2521d5aa5.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 17f8fba11fc811ddb29e2267435a94be
SHA256: 36f23a85ae6c625934bb3913bcf19498991d4c073dd6804b22032d7d71a2bbe6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF22970a.TMP
text
MD5: 17f8fba11fc811ddb29e2267435a94be
SHA256: 36f23a85ae6c625934bb3913bcf19498991d4c073dd6804b22032d7d71a2bbe6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f548e3f6-e361-49d2-8b34-45bd7061dc7d.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000026
binary
MD5: cbb575a023327f9390d6f24310e36791
SHA256: d8077ef836eea51efd5ea2909a50b47815665cf0f0b40eb5b0751fc386d32326
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025
binary
MD5: 52dee28dc42833d0da4ca68362a5a63e
SHA256: c735444c27ab6bfc7473270377899d06ad45f8e053735625abc802a0ce06dd27
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024
binary
MD5: 4dcb20630847afaa1bfc3c02fd62901e
SHA256: ca1d633301c0a1077e044494b98e2fa0fc2580bbabe6f16ef79f7b9d655628d9
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023
binary
MD5: a5acbf686a8b310e1dcbe5140f350f41
SHA256: e3b6270d1c4a584b29999d4f4b1dd41f0c2dbbc72af463eaf16ff69ce7d48fdc
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
binary
MD5: a1e7b19c6da4b27d7b0985611daaeef9
SHA256: cf6aa59ecbd3216b50e76eff35577cb4259dd884c00e5b0c70ab285210013466
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 3808772f9725bcc5affb9852ea722d4a
SHA256: 911bc952494fe2e89f71bd53ef8a458b9f65ca701e6d5a47dacfe24e683a6a63
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF227c4e.TMP
text
MD5: 3808772f9725bcc5affb9852ea722d4a
SHA256: 911bc952494fe2e89f71bd53ef8a458b9f65ca701e6d5a47dacfe24e683a6a63
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\64700233-c339-48ba-a18f-984f2e6f45ee.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 672a0ca3a54820badcc5f6a6147ef09e
SHA256: 30b4605e853a87daaf71ff417dac56d39b75e54c18a3156de211d207064dccbb
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF22683a.TMP
text
MD5: 672a0ca3a54820badcc5f6a6147ef09e
SHA256: 30b4605e853a87daaf71ff417dac56d39b75e54c18a3156de211d207064dccbb
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\7144cc81-03cf-4618-ae73-58c0fd6dd75e.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 4320ca0994aa63787a0331e9e0022805
SHA256: 8c92b5e20949502686cef1ee20d9f4a33697657cbf8df07221a622fb0d91fd93
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF226730.TMP
text
MD5: 4320ca0994aa63787a0331e9e0022805
SHA256: 8c92b5e20949502686cef1ee20d9f4a33697657cbf8df07221a622fb0d91fd93
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\fc808f4b-60bd-4b31-9e30-370bf2deaa22.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: 1638bba669b0670450980a0b56133ea1
SHA256: 5f1120b75308cb1bb629a7e5e8e44991517c7e1e4d2f9bb4ee9415edfa292949
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF226684.TMP
binary
MD5: 1638bba669b0670450980a0b56133ea1
SHA256: 5f1120b75308cb1bb629a7e5e8e44991517c7e1e4d2f9bb4ee9415edfa292949
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021
image
MD5: 2ea9c67b322950098f91448a1b2683ca
SHA256: db989c429944f2dea4bbd49381d72347d9957581ec7f3ac01ca4aa1aefeace1b
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
image
MD5: d6adb1396b026f6fdbccab5cf7e7c85c
SHA256: d090567133f64683b231445b6a734ed92884ee52b2cd19f4e029d12267d2bda4
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
compressed
MD5: 250bfc5a5ee6c46cb458921d8e328621
SHA256: 34ecd1486c297195f0b3dcfeed8f3e1e073e4fd5f7eab13f763a444b3e9bd49c
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
compressed
MD5: 5ec2373f987c5cfe9c87589a09ca0e2e
SHA256: 1fd38675f82701824ea35f327e1d127b92100ce6bf942bf6c98a67528c165321
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
compressed
MD5: fa325eb35b7ed1aa8d583e57ff426de0
SHA256: 1bbb2f29970e85e9df4536fb1692df11ebc724377f363036c80cee54981b84fa
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
compressed
MD5: 8869802b43618ac96eedcec11acce5e0
SHA256: 1a5e3c1e35c422e323d25147f243555140c7be2e6097ceb2f8da312a533e320c
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
binary
MD5: ee09d5f239eff875c9579d1f044ad2b1
SHA256: 8c6e573cedfadb1f9e4cb6fe9319709dbcf595b17d28ef0ec1aaf38daaac6836
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
image
MD5: 0515236318ac3251ff39eb8372a0c129
SHA256: 228cb9c602929e1a2fb17408fe812af3599ab9f734d0b7c499ab79e15c5b8dd4
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
image
MD5: b48b6d09d8e945492d2140ca047c7878
SHA256: e022e94dcf2ac75de88f627e41d1911a70facf0934ad5d4b6aff0b2beabc1ed3
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
flc
MD5: 77ec937defeeaf05d35f23df6350a3d7
SHA256: 8bf878b777a4f947c6cc9dadb3895e11638d06606c5a62374bacf76ae13723d2
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: c221c5bf531116a1b9317342d70b8dc5
SHA256: 2c877352fdf9b998d33c319c7ba5a56200d20c61c46b56bc5149a46d68134182
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF223f55.TMP
text
MD5: c221c5bf531116a1b9317342d70b8dc5
SHA256: 2c877352fdf9b998d33c319c7ba5a56200d20c61c46b56bc5149a46d68134182
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: bc19dfb395c877deb32299d6aaf33bc2
SHA256: 82f092c4c86f0c2c124757f07bf32623c63c12a29f94cac5bf62d45f329335fb
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF223f55.TMP
text
MD5: bc19dfb395c877deb32299d6aaf33bc2
SHA256: 82f092c4c86f0c2c124757f07bf32623c63c12a29f94cac5bf62d45f329335fb
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ff3035ce-c0ad-4043-b210-6a75d3514a64.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\6f4fdcbf-58e0-47a3-adf2-8033a2482d18.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 5a0f72bc4dfc27d251733d851db7d8b2
SHA256: 365e06a276e3a50f25cf479b10d1f5038e7e455f55af5130621b0a5c90126eda
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF223eb9.TMP
text
MD5: 5a0f72bc4dfc27d251733d851db7d8b2
SHA256: 365e06a276e3a50f25cf479b10d1f5038e7e455f55af5130621b0a5c90126eda
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\8d8a31e0-7db3-4046-9c5f-2e66c2f07f45.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
image
MD5: 107b0208dc149433e2c19937035ac531
SHA256: 30c6e7dc1ed28d9f1d3b7dfdeedc343abfefc2c3835477dd5ee680aae3c5b99e
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
image
MD5: 3232607d67314138fe2af6339562e1e5
SHA256: 0c959754499d0800227bf7fc8a74cca7446aed328281acc2daab67d2aec5e440
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
binary
MD5: 378b5471d126789ad0bcc983e4e37e96
SHA256: ef3bd2a562e5f3b2f46662d069e715a800121f25b5f43710fdbc367b8bc437d7
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
compressed
MD5: 3fdf677912e1a8635b8bdbebeeea04aa
SHA256: 49e53a6d313a72b8b604b92e81f6de76700663cda2c73c7065a7b2fe484ca00b
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
image
MD5: 38a4848797a2fcb063a766ae0cc02e45
SHA256: ec2b1e90d551286ab81a802503b16870753a1d1cc4d1d6a8ea69a94d86c1958c
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
compressed
MD5: 0dd3c2eb3aa13704834a4e49c615d588
SHA256: ff5e66a3022a60909c9968d21d0a990f2870e971a46e145ae867ade3b4297c3c
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
compressed
MD5: 7d66c1f1501eca31a4e000d94f3eb7ad
SHA256: 7b062c27a0e7b0033c56c5c6283b8f4fc3716db534d0420b0b60be1f088132d3
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
flc
MD5: 7e7f1ec094ce0156c927d3b04fbe04f0
SHA256: 983a64cfb93a352df639d464ade8b57fb1356f3d88541453c4d8bc2cfd996cd7
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
image
MD5: fee6bcb494ab0b0b26f6d27b1eb1e1bb
SHA256: db2dc0c2c1de04d7225f5f9eedc85f9da9778805ded39c98b90a1fe211a5ce61
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
compressed
MD5: add5bb80416c26f7c28719e958358b3f
SHA256: a306c0648ad5677440b32ea320034994f934eb02df8bdd75c27f6bf785fefc20
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
compressed
MD5: c56ae712affba11eaf7d2c39157578f0
SHA256: d0a3d50c65fc89bcac840567856ec2c8bc424b0b2ecf9314b369f1d38b9ae507
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
binary
MD5: 70df48b16f1108f8cdcd9ac20707b5ba
SHA256: b573cc9b0dafeddfb24f1e5b01cefebb48b02587926ce3f1c8ac1ae43c347d78
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
binary
MD5: a505f542f1582c6aba3bf6e1ac3d0d83
SHA256: 18df4fbc16336503c108e7a9bedb133313ea8243c4460cb4ba9972968ac28287
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
binary
MD5: 021b8d293c14358bb37b18ba45792aa5
SHA256: 5b149d68659ebeab90f1116b8704a32dc240fbf85171bd4a4f70d57a3d8d4bb8
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
text
MD5: ad36371a9b5233af3aafe8fd5e62e6fb
SHA256: f77310a8f2357c9e0e98b59f4217e880f2317b9c6d2e15367292a954c31cc837
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
text
MD5: 8ddcd8b46559486c5c65d91b1964f9b1
SHA256: 30953aa5d4726c71b4e633a258e82d3979243f4597973adfbe45f005d79bcc8b
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF2217c8.TMP
text
MD5: 8ddcd8b46559486c5c65d91b1964f9b1
SHA256: 30953aa5d4726c71b4e633a258e82d3979243f4597973adfbe45f005d79bcc8b
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF2217a9.TMP
text
MD5: b36272766fafe4f495f275ab24d055a4
SHA256: c6ed4b87e6b46abc8f08c947e4c78f8d4416b35ab63980b8314794cc43d0c365
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
text
MD5: b36272766fafe4f495f275ab24d055a4
SHA256: c6ed4b87e6b46abc8f08c947e4c78f8d4416b35ab63980b8314794cc43d0c365
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: c2c2b590ae2a998bcbb6de67972a2b5b
SHA256: 2ba7f08442c132c88792c35ad68c284137b5781249ac9eedd9c2311dfadf505d
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF221586.TMP
text
MD5: c2c2b590ae2a998bcbb6de67972a2b5b
SHA256: 2ba7f08442c132c88792c35ad68c284137b5781249ac9eedd9c2311dfadf505d
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\cf2db031-26b9-46ba-a5cd-031758b82798.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF21f5aa.TMP
text
MD5: 8a499c9ce17a2e5aca40e19df3cab8ff
SHA256: 81a6fa3934c3b6c4d0cb4fed4b20196709d13dd1a4065389994c6efa30d3b28e
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 8a499c9ce17a2e5aca40e19df3cab8ff
SHA256: 81a6fa3934c3b6c4d0cb4fed4b20196709d13dd1a4065389994c6efa30d3b28e
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 07b65c04606553679bbbdfa8cff7256b
SHA256: 1cc20cfbaff7d97ea9e330b45848552cea54c9be500ee00ee8e3abf5759691e6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF21f4ee.TMP
text
MD5: 07b65c04606553679bbbdfa8cff7256b
SHA256: 1cc20cfbaff7d97ea9e330b45848552cea54c9be500ee00ee8e3abf5759691e6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\42e9ee6e-7fa9-43bc-af8d-ebbb0b4bd5dc.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF21cf07.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 8da9187ee469a203a28032fef69ca5c9
SHA256: 7bf5c7b8c93208dd2f700a5dbfbaebd3433e0d3844ad249caa352f5cb2abf55c
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF21a73c.TMP
text
MD5: 8da9187ee469a203a28032fef69ca5c9
SHA256: 7bf5c7b8c93208dd2f700a5dbfbaebd3433e0d3844ad249caa352f5cb2abf55c
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\9a7a6836-fbe1-45b7-9156-1145b97a080d.tmp
text
MD5: 8da9187ee469a203a28032fef69ca5c9
SHA256: 7bf5c7b8c93208dd2f700a5dbfbaebd3433e0d3844ad249caa352f5cb2abf55c
2348
rj-portable-update.tmp
c:\RJ TextEd\ImageLists\Std_Images_Toolbar32x32.bin
mp3
MD5: 438b1f01dade6e56df3b85e2f339249e
SHA256: 5604c20d75102e341ac86c180abd346ed0d500e25aab71258d0081780a67f1fd
2348
rj-portable-update.tmp
c:\RJ TextEd\Templates\Language\Empty.ini
text
MD5: 364dc899ea72aa937023bebb06272784
SHA256: 9b6a942728f21e58271e1e5431815550a0ee31a8cd4804dbc62e3a1e58762147
2348
rj-portable-update.tmp
C:\RJ TextEd\Templates\Language\is-5TJ7Q.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\ImageLists\is-C39VU.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\ImageLists\Std_Images_Toolbar24x24.bin
mp3
MD5: a0df4c0f27982f97a50fcbd14ef5eac1
SHA256: 64ee18a4e2d7c3e63d1aed4fa32b3d510ac49368960025e9fab93dc101be2cec
2348
rj-portable-update.tmp
C:\RJ TextEd\ImageLists\is-M93CQ.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\ImageLists\Std_Images_Toolbar20x20.bin
mp3
MD5: 31fa772396800d45fc92a541b38c087a
SHA256: a4545a25e4200ec58387dd919bf798c590eaa704cfde262d4c783984ab3a81de
2348
rj-portable-update.tmp
C:\RJ TextEd\ImageLists\is-VCB1K.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\ImageLists\Std_Images_Toolbar16x16.bin
mp3
MD5: 91d2649fa71f692f416745ebebdc3d05
SHA256: b65e9551ba1ea6402a83453e5dbb542441315261f038056b97b4e21089ce2917
2348
rj-portable-update.tmp
C:\RJ TextEd\ImageLists\is-C5UM8.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\ImageLists\Pure_Flat_Toolbar32x32.bin
mp3
MD5: d2fee96325f8b1437968b9cedf637d22
SHA256: 73a3a731f12c6201ee7cd02c3df7c17a69979234344fec77d5c5c923df4b5aa5
2348
rj-portable-update.tmp
C:\RJ TextEd\ImageLists\is-6C0PQ.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\ImageLists\Pure_Flat_Toolbar24x24.bin
mp3
MD5: 81ccc6a7d2426ed2866900cdac2c4d06
SHA256: c7a1096989f6227856770f8c22261609a289c24b9e2ddc5a156f03d522c1111d
2348
rj-portable-update.tmp
C:\RJ TextEd\ImageLists\is-QQM9P.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\ImageLists\Pure_Flat_Toolbar20x20.bin
mp3
MD5: 9e12acac039d59a3ee1d973c6cddb9dc
SHA256: 94aba998fc151713d44f0ce529fe1e53088ea60ec1d5aca3aac4696567c2e19d
2348
rj-portable-update.tmp
c:\RJ TextEd\ImageLists\Pure_Flat_Toolbar16x16.bin
mp3
MD5: 71acbe0de91df920ae88ee663153a4e0
SHA256: bfd26ea8cf4be5fc5fbc79a3d023747b25e975cd4f33741f8d5b3518bdb954c6
2348
rj-portable-update.tmp
C:\RJ TextEd\ImageLists\is-11UG1.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\ImageLists\is-TFRFA.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\_list.ver
text
MD5: 06d94b21a3adce66f690f520a74a0486
SHA256: a6d5d5b0595148674fce8c51c966642ab6d49dda4a81ed780aedb0f15206edc0
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\Urdu.ini
text
MD5: 9f785a36f5af99b96f6f3fd42a625f71
SHA256: 44f4fc373ed4aea76b84b1854250507353228026dde73ee000197e1d0da09bee
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\User defined\_list.ver
text
MD5: bdc56e02ce9703447c73114c721bbcb1
SHA256: f9e5dd2dfca748fc4194eb87450d1ce38f0bc25f3085e3b7d7baeb3d8845bd3f
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\User defined\is-AMLP1.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-ILAB1.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-D5V8S.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\Slovenian.ini
text
MD5: b47e6883eaef09ab765ce9c40bfb2847
SHA256: 103b07f07c0828bea7d24653538a1a5d5bebada96652b51b83e959fcdecb31b6
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\Spa.ini
text
MD5: 48845e265b347de6979d7d17f6bd7233
SHA256: be12d197ebe5e6c91da7a058b04fe2ee29c52e29cc3eb3656b69c51a383f917e
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\Ukraine_UA.ini
text
MD5: 60913a4f060309333741eaf2a5d57efe
SHA256: 7532ad960cd5faf8781ac6805604c8ae3b64015fa50ba9ee78661560d39a33f4
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\swe.ini
text
MD5: 87e8e0672d01dc80996cac3046688a4e
SHA256: 0681de7d4ec7b6a8af677916b579c6fd777c3853a3f16478538c934b66c24e5c
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-OF579.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-6DPKQ.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-26KEP.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-AE35D.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\Russian2.ini
text
MD5: a313707ef08e03780a7b2c1266f47365
SHA256: f0b767ad7fbbb5189bb85a167ec1bb805e78b96500b05c10daeb1f514601eb94
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\Russian.ini
text
MD5: e3c28cb30bb16a32563fa6aaec05fa09
SHA256: da9b05a6b51da88a4a9c755861d21c9e3ced588e1db1a9420a9d38c5f4401b6d
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-UKUMD.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-VAHOE.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\Polish.ini
text
MD5: a95cafdc080239323360fb100a053c59
SHA256: 8bb285e45b078bda312be7cc3839885018e8ad88c05cb2eed81ecd44c7f41982
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\jpn.ini
text
MD5: f311d0a496ecdac20b513060c2f63829
SHA256: 29b6d58d09becb2f177c4cbc611294a8a8b7e732d5c0a525ea8800f9265cee23
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\PT-BR.ini
text
MD5: afb85781a0dd920a6bbe52fec9f89be9
SHA256: 218f2711977e7f295d40826637273d25bb0cdefe1c914d34c2174015f3f29013
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-LTJOT.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-TUDNA.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-2CDIU.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\Hungarian.ini
text
MD5: bad460bd5e4da7d3cd680a62e7c086f7
SHA256: 8cc0b4f9ed9234038f2a81a3c73a11caae674d5f55cfe1b10d001021c65a7da3
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\ita.ini
text
MD5: 9af3638f2585a799e846abcdec5d64a9
SHA256: 5ded5075220f3c6d9373766ed094a3f33da833c0b039b8432a2d5d3186b758f2
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-ENI35.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-VF5AR.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\French.ini
text
MD5: a594f3c0e92608149de6e28cb139ce6e
SHA256: 343dfc4027d133589d39d26cd65084c36dc966ab043b98612e6d0510cef6926c
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\Fra.ini
text
MD5: e455223b93f53d38f379ae92188fca10
SHA256: a4e2abce678a07c96da465d77c7696d3e5ca04d7627d0be3873c53aee0b70913
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-A2PIK.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-G7RF1.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\Esp.ini
text
MD5: 00bd88fc57e99c08d6aae4561595e200
SHA256: dc0261a6a00815032c5f1379cc10ccc9e4ae4649734caf90c672f2ad17c7b7ef
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\eng.ini
text
MD5: 364dc899ea72aa937023bebb06272784
SHA256: 9b6a942728f21e58271e1e5431815550a0ee31a8cd4804dbc62e3a1e58762147
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\dutch.ini
text
MD5: ac091483da60c5ef563ae05511b55c9a
SHA256: ffe002659a0fc42381348c75a070c91db475217248cbe9f13ec0dcdfb5a24381
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-48N85.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-RVIJL.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-4J3PP.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\Deutsch_CH.ini
text
MD5: 5de8ce3bb496cf2121a20b709859799a
SHA256: f070b2b02ad27cb30206aa0850b4534a421fa91b419ee0e511d8d695c6868ee4
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\Deutsch_DE.ini
text
MD5: b06c93f3f0fc64f7f639c9704f7fb0c5
SHA256: 4c0fcfd3d619c04f7eb166eeaea45cb22cc3bf3193738c4137e90194f970f48f
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\de-AT.ini
text
MD5: 46f3192e0df396c76d96212fd260a16a
SHA256: aac70e8f472a96d9658411732ff62507e9f245117ec33dc93563f7a6d5540411
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-I4PT2.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-8T6VV.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-EO0EP.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\cht.ini
text
MD5: 5bc5e1a6d8712e9ad1ab9f4673d4bcfb
SHA256: be824f06b0823c5d6dce79c92c7836817608bf4e5f3deeb64a92f0e74e53d9a7
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\czech.ini
text
MD5: 7551e508a513c8a19c47f30f26d90dad
SHA256: 50407cba39611f675069a1f51b89ba55a1949a9e6343b80576f2d76595fe7a74
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-1SKHL.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-OH2B8.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\chn.ini
text
MD5: 6fc00206423c34e8987ec72f62da4dd8
SHA256: 237894ad1b4ee0621d7b9ddb7ac5f01dfa68e260c7f22897b273a18eeb913ada
2348
rj-portable-update.tmp
c:\RJ TextEd\Language\Cat.ini
text
MD5: 9a6aa392b7a323d4a7342e41bbe0d011
SHA256: ae8f8b4774d46bd3afc16328333fc126c636dd21edd3b74366e84d8f687a5627
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-HN9I7.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\Language\is-30022.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\ReadMe\History.txt
text
MD5: d8249a03c07bbcae8905462addf41e02
SHA256: 11629336a4a3a6411f80199a7f80b5bcb51bbaa688c35a599657aaafe7073491
2348
rj-portable-update.tmp
c:\RJ TextEd\Version.ini
text
MD5: 96f008e1a3866afc636a9d63f4b292c5
SHA256: fa82a56df3720da45dfac7c230dc74913584206d4d66a924cfbef6d25f9ea167
2348
rj-portable-update.tmp
C:\RJ TextEd\is-4M9NF.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
C:\RJ TextEd\ReadMe\is-66P5Q.tmp
––
MD5:  ––
SHA256:  ––
2348
rj-portable-update.tmp
c:\RJ TextEd\Win32\TextEd.jdbg
jdbg
MD5: 6561596cd9fe78fc036b2d238203ac1c
SHA256: b19667a415f4047e77102a365bc73ad67f5a6829be650a95cf25f462db692371
2348
rj-portable-update.tmp
C:\RJ TextEd\Win32\is-M751N.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store
binary
MD5: 56593c7b234624d7ae8c89f1818afd60
SHA256: b6447d2e2c0e9b54cd6f1ada504cbc5cc33f69d0f1ac9a1bfd885e4a88ff23ee
2348
rj-portable-update.tmp
C:\RJ TextEd\Win32\is-KEPG5.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store
binary
MD5: bd2a05bc63a946ea99e1de94c59059c0
SHA256: 46a9238c3152029a3371ba7b757cac42b7feb9bfbf9f196b1fdd990261065978
2348
rj-portable-update.tmp
C:\RJ TextEd\Win32\is-1M0SG.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store
binary
MD5: 0f09498dbbd2a78aa34d3d74f5bba927
SHA256: 4354f5b75ad8a05fb9fce0318c5810eee954c81f091f9a90188a991c35ffed49
2348
rj-portable-update.tmp
C:\RJ TextEd\Win32\is-9OLT0.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store
binary
MD5: d42e25e7884e8262abcdb9c62303e830
SHA256: 73d535e4573d1c975cad7008ddde171dc4e8cf33b61a1cf170720469e68217a3
2348
rj-portable-update.tmp
C:\RJ TextEd\Win32\is-D2M0I.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: a853fbb852ec96d295953f0d168392c9
SHA256: 7fc5594826b1b8665d7e670fc47706398c56978e13d8cfde0707428f4b207e43
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2160bd.TMP
text
MD5: a853fbb852ec96d295953f0d168392c9
SHA256: 7fc5594826b1b8665d7e670fc47706398c56978e13d8cfde0707428f4b207e43
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1ad78372-d132-44a6-8941-40e175fe9f7b.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF215b1f.TMP
text
MD5: 81674994bcf2b9dff24495fb2f6cf687
SHA256: b6875a6d544f2245fc7b9da785c24f05a78c58364f911d5763f65f8afa3e15e8
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\a8d757d6-988a-4cde-8aed-07d014d4bd50.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: d932a31a0fb91833edb0325c6b434b34
SHA256: 8049465356163740d6e4c0bb56b9dcaa90149631646fa6bb56d01de223bd1f8e
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store_new
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF2138d2.TMP
binary
MD5: 97536613cba553caceb2ce42028f9118
SHA256: 138c2af4226af4c68ece7affa8df4bcb92c7486e50ecacfdb0f8986994fdfb9b
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 97536613cba553caceb2ce42028f9118
SHA256: 138c2af4226af4c68ece7affa8df4bcb92c7486e50ecacfdb0f8986994fdfb9b
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a9b68041-97a8-43c9-81d7-5ea92fdf4c45.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF2130b4.TMP
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: d1db811dce6c26823fb4e96335e5f38a
SHA256: f6810f1c7270be2f14224bc83d2a03327ccc675e976fba82204cfaff3430e359
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1f891192-f8fa-4013-a04e-b97de87d39f7.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\dfb0500d-044c-4a8f-98c9-11c39a85890f.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\Downloads\rj-portable-update.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store_new
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store_new
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 430a0dda81fc67c77edd76352b63aede
SHA256: 9a96184313c0f7236856da796be59f31bc5ba37a8cc3774b97867fd7dbb9ba98
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF210b2a.TMP
text
MD5: 430a0dda81fc67c77edd76352b63aede
SHA256: 9a96184313c0f7236856da796be59f31bc5ba37a8cc3774b97867fd7dbb9ba98
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1bed773f-bdf9-443b-a125-20961a4d60aa.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: e9422f072ef499381895ed2cc7e57640
SHA256: 5b7ad81ef8906bf42a0eeabed64db862ffb592bebfa091fa2aae50234617f5e3
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF210abd.TMP
text
MD5: e9422f072ef499381895ed2cc7e57640
SHA256: 5b7ad81ef8906bf42a0eeabed64db862ffb592bebfa091fa2aae50234617f5e3
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\24d121af-c6ac-410c-b91c-c850ca9e284f.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 81674994bcf2b9dff24495fb2f6cf687
SHA256: b6875a6d544f2245fc7b9da785c24f05a78c58364f911d5763f65f8afa3e15e8
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF210a50.TMP
text
MD5: 81674994bcf2b9dff24495fb2f6cf687
SHA256: b6875a6d544f2245fc7b9da785c24f05a78c58364f911d5763f65f8afa3e15e8
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\58f03d1a-823f-45c2-a60b-01f9da921ac6.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF20fdfb.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF20fa42.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF20f9e5.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF20f919.TMP
binary
MD5: ec43b27294f0dd04813f9a1cf4228e7b
SHA256: 1ae18b91fccb28bd93a5a91972e92a0d1bac7a7308f99de47718a2d2799d4f62
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: ec43b27294f0dd04813f9a1cf4228e7b
SHA256: 1ae18b91fccb28bd93a5a91972e92a0d1bac7a7308f99de47718a2d2799d4f62
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\345c7b10-ba41-469c-b7fd-96bb65a996fa.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store
binary
MD5: 16e294070e1b5d8e1a9098ab7efebbd5
SHA256: ff88aecaa4eeb55e76cb9b90356d499abdd3eeb6c7aa32f89f4c95510132850d
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF20e60e.TMP
binary
MD5: d4c990cdc5db44f2dcb5ddcff1a4af20
SHA256: 4b0164857ed8079e2cd7be27051a1f5db230e936b6f1ad7f624b9e87ae9dd80a
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
binary
MD5: d4c990cdc5db44f2dcb5ddcff1a4af20
SHA256: 4b0164857ed8079e2cd7be27051a1f5db230e936b6f1ad7f624b9e87ae9dd80a
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\7394d39e-6dc1-4a71-9e61-118f681fc1ac.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF20e488.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF20e459.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF20e459.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF20e40b.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF20e40b.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a4c806f6-671a-4ad9-9aa7-97d793cbf183.tmp
––
MD5:  ––
SHA256:  ––
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF20e3fb.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF20e3dc.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
3760
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
3012
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store
binary
MD5: 8402062d6164aba8ff15c07497281754
SHA256: bd8bd37efa9e7ab81bfac4a45596f46a836833dd6b77adf90d0c9ff82a3478d2

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
39
DNS requests
30
Threats
3

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3012 chrome.exe GET 200 93.188.2.52:80 http://www.rj-texted.nu/downloads/rj-portable-update.exe SE
executable
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3012 chrome.exe 216.58.208.35:443 Google Inc. US whitelisted
3012 chrome.exe 216.58.205.227:443 Google Inc. US whitelisted
3012 chrome.exe 93.188.2.52:80 Loopia AB SE malicious
3012 chrome.exe 172.217.18.109:443 Google Inc. US unknown
3012 chrome.exe 216.58.207.67:443 Google Inc. US whitelisted
3012 chrome.exe 172.217.22.78:443 Google Inc. US whitelisted
3012 chrome.exe 172.217.16.202:443 Google Inc. US whitelisted
3012 chrome.exe 172.217.16.163:443 Google Inc. US whitelisted
3012 chrome.exe 172.217.18.100:443 Google Inc. US whitelisted
3012 chrome.exe 172.217.168.195:443 Google Inc. US whitelisted
3012 chrome.exe 216.58.205.234:443 Google Inc. US whitelisted
3012 chrome.exe 172.217.23.163:443 Google Inc. US whitelisted
3012 chrome.exe 172.217.21.227:443 Google Inc. US whitelisted
3012 chrome.exe 172.217.18.174:443 Google Inc. US whitelisted
3012 chrome.exe 172.217.16.174:443 Google Inc. US whitelisted
3012 chrome.exe 172.217.18.14:443 Google Inc. US whitelisted
3012 chrome.exe 93.188.2.53:443 Loopia AB SE suspicious
3012 chrome.exe 172.217.22.42:443 Google Inc. US whitelisted
3012 chrome.exe 185.23.21.16:443 E24 Sp. z o.o. PL unknown
3012 chrome.exe 148.251.66.55:443 Hetzner Online GmbH DE unknown
3012 chrome.exe 216.58.207.34:443 Google Inc. US whitelisted
3012 chrome.exe 172.217.16.142:443 Google Inc. US whitelisted
3012 chrome.exe 91.198.174.208:443 Wikimedia Foundation, Inc. NL unknown
3012 chrome.exe 52.222.150.151:443 Amazon.com, Inc. US unknown
3012 chrome.exe 172.217.22.46:443 Google Inc. US whitelisted
3012 chrome.exe 91.198.174.192:443 Wikimedia Foundation, Inc. NL suspicious

DNS requests

Domain IP Reputation
www.gstatic.com 216.58.205.227
whitelisted
clientservices.googleapis.com 216.58.208.35
whitelisted
www.rj-texted.nu 93.188.2.52
suspicious
accounts.google.com 172.217.18.109
whitelisted
ssl.gstatic.com 216.58.207.67
whitelisted
sb-ssl.google.com 172.217.22.78
whitelisted
safebrowsing.googleapis.com 172.217.16.202
whitelisted
www.google.de 172.217.16.163
whitelisted
www.google.com 172.217.18.100
whitelisted
www.google.ch 172.217.168.195
whitelisted
fonts.googleapis.com 216.58.205.234
whitelisted
fonts.gstatic.com 172.217.21.227
whitelisted
apis.google.com 172.217.18.174
whitelisted
consent.google.com 172.217.18.14
whitelisted
www.rj-texted.se 93.188.2.53
unknown
encrypted-tbn0.gstatic.com 172.217.16.174
whitelisted
translate.googleapis.com 172.217.22.42
whitelisted
kubadownload.com 185.23.21.16
whitelisted
vessoftstatic.com 148.251.66.55