General Info Watch the FULL Interactive Analysis at ANY.RUN!

URL

https://urldefense.proofpoint.com/v2/url?u=https-3A__easycarryzblog.com_links_api_phpmyadmin-2D2_editaddress_vwd-5Fjustso_m12-5Fgift-5Fgiver.php-3Fwouldnt-3Dezx1b02dd5nuq0d&d=DwIFAg&c=SsZxQMfaWJ1sSVfloc5FVGba8BA_qR4Jzdt8ol2oSPA&r=kwWm79huM4XoesfUcpHCe4mZR4YlRg1XwwybZ2uxk-ExNL-gwyjsskfjbeqXX7GE&m=tlk9CzNKc147pFw3-nfpaFEahovfkcMfvDNwLu8SrgM&s=nWCgZRHn4OIEF_A7oADx3m21Znb3Vs2gpq12JsP8-LU&e=

Verdict
Malicious activity
Analysis date
2/11/2019, 10:34:42
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
on
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads settings of System Certificates
  • chrome.exe (PID: 2924)
Changes settings of System certificates
  • chrome.exe (PID: 2924)
Application launched itself
  • chrome.exe (PID: 2924)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
39
Monitored processes
11
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2924
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://urldefense.proofpoint.com/v2/url?u=https-3A__easycarryzblog.com_links_api_phpmyadmin-2D2_editaddress_vwd-5Fjustso_m12-5Fgift-5Fgiver.php-3Fwouldnt-3Dezx1b02dd5nuq0d&d=DwIFAg&c=SsZxQMfaWJ1sSVfloc5FVGba8BA_qR4Jzdt8ol2oSPA&r=kwWm79huM4XoesfUcpHCe4mZR4YlRg1XwwybZ2uxk-ExNL-gwyjsskfjbeqXX7GE&m=tlk9CzNKc147pFw3-nfpaFEahovfkcMfvDNwLu8SrgM&s=nWCgZRHn4OIEF_A7oADx3m21Znb3Vs2gpq12JsP8-LU&e=
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\mf.dll
c:\windows\system32\shdocvw.dll

PID
3652
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x701500b0,0x701500c0,0x701500cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2880
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2928 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
3980
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=900,3031516371800422712,2667241742975915268,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=11BFF5CE3237868FC9DA1CE0606B0AEB --mojo-platform-channel-handle=876 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2608
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=900,3031516371800422712,2667241742975915268,131072 --enable-features=PasswordImport --service-pipe-token=9A0EAD4AFD8AFA7516EDF6E549A9802B --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9A0EAD4AFD8AFA7516EDF6E549A9802B --renderer-client-id=4 --mojo-platform-channel-handle=1904 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3244
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=900,3031516371800422712,2667241742975915268,131072 --enable-features=PasswordImport --service-pipe-token=D98078C2AB2F37394DB98912B6D15B63 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=D98078C2AB2F37394DB98912B6D15B63 --renderer-client-id=3 --mojo-platform-channel-handle=2144 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3364
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=900,3031516371800422712,2667241742975915268,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=D4E1ADAC801699FFCE8646864DEF74C5 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=D4E1ADAC801699FFCE8646864DEF74C5 --renderer-client-id=5 --mojo-platform-channel-handle=3376 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2544
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=900,3031516371800422712,2667241742975915268,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=CBA6C4FA4B6F0E26D81B212AD36E2C50 --mojo-platform-channel-handle=3352 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3216
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=900,3031516371800422712,2667241742975915268,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=41047BB1885DB6A07FF9432196EE1527 --mojo-platform-channel-handle=4336 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
3292
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=900,3031516371800422712,2667241742975915268,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=44C30A20334982FA65A9A18467E1CC59 --mojo-platform-channel-handle=628 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
476
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=900,3031516371800422712,2667241742975915268,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=FECC162750EEDF274C945303724CBF7B --mojo-platform-channel-handle=4224 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
533
Read events
468
Write events
63
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2880
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2924-13194351298456625
259
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2924
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2924
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2924
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2924
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2924
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2924
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13194351299691000
2924
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\E6A3B45B062D509B3382282D196EFE97D5956CCB
Blob
030000000100000014000000E6A3B45B062D509B3382282D196EFE97D5956CCB140000000100000014000000A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1040000000100000010000000B15409274F54AD8F023D3B85A5ECEC5D0F00000001000000200000003E1A1A0F6C53F3E97A492D57084B5B9807059EE057AB1505876FD83FDA3DB8381900000001000000100000007EA7D53D76B46EEA695A589C2BDBFDC61800000001000000100000006CF252FEC3E8F20996DE5D4DD9AEF4244B0000000100000044000000450034003900380032003700340030003100300032003800460037004100300046003900370042003500350037003600430037003700410032003600430042005F000000200000000100000096040000308204923082037AA00302010202100A0141420000015385736A0B85ECA708300D06092A864886F70D01010B0500303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F74204341205833301E170D3136303331373136343034365A170D3231303331373136343034365A304A310B300906035504061302555331163014060355040A130D4C6574277320456E6372797074312330210603550403131A4C6574277320456E637279707420417574686F7269747920583330820122300D06092A864886F70D01010105000382010F003082010A02820101009CD30CF05AE52E47B7725D3783B3686330EAD735261925E1BDBE35F170922FB7B84B4105ABA99E350858ECB12AC468870BA3E375E4E6F3A76271BA7981601FD7919A9FF3D0786771C8690E9591CFFEE699E9603C48CC7ECA4D7712249D471B5AEBB9EC1E37001C9CAC7BA705EACE4AEBBD41E53698B9CBFD6D3C9668DF232A42900C867467C87FA59AB8526114133F65E98287CBDBFA0E56F68689F3853F9786AFB0DC1AEF6B0D95167DC42BA065B299043675806BAC4AF31B9049782FA2964F2A20252904C674C0D031CD8F31389516BAA833B843F1B11FC3307FA27931133D2D36F8E3FCF2336AB93931C5AFC48D0D1D641633AAFA8429B6D40BC0D87DC3930203010001A382017D3082017930120603551D130101FF040830060101FF020100300E0603551D0F0101FF040403020186307F06082B0601050507010104733071303206082B060105050730018626687474703A2F2F697372672E747275737469642E6F6373702E6964656E74727573742E636F6D303B06082B06010505073002862F687474703A2F2F617070732E6964656E74727573742E636F6D2F726F6F74732F647374726F6F74636178332E703763301F0603551D23041830168014C4A7B1A47B2C71FADBE14B9075FFC4156085891030540603551D20044D304B3008060667810C010201303F060B2B0601040182DF130101013030302E06082B060105050702011622687474703A2F2F6370732E726F6F742D78312E6C657473656E63727970742E6F7267303C0603551D1F043530333031A02FA02D862B687474703A2F2F63726C2E6964656E74727573742E636F6D2F445354524F4F544341583343524C2E63726C301D0603551D0E04160414A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1300D06092A864886F70D01010B05000382010100DD33D711F3635838DD1815FB0955BE7656B97048A56947277BC2240892F15A1F4A1229372474511C6268B8CD957067E5F7A4BC4E2851CD9BE8AE879DEAD8BA5AA1019ADCF0DD6A1D6AD83E57239EA61E04629AFFD705CAB71F3FC00A48BC94B0B66562E0C154E5A32AAD20C4E9E6BBDCC8F6B5C332A398CC77A8E67965072BCB28FE3A165281CE520C2E5F83E8D50633FB776CCE40EA329E1F925C41C1746C5B5D0A5F33CC4D9FAC38F02F7B2C629DD9A3916F251B2F90B119463DF67E1BA67A87B9A37A6D18FA25A5918715E0F2162F58B0062F2C6826C64B98CDDA9F0CF97F90ED434A12444E6F737A28EAA4AA6E7B4C7D87DDE0C90244A787AFC3345BB442
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
F1BB1844EDC1D401
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
2924
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
99454884B26334A2A63A7DF988293A37950C3B8A60AC973673FD0CE69E8E4BA6
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
E4C3B929B92A686FD47D6162CC915B8FBC28F6A1263A8E6D6E0E92C974F7E46B
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
882FE9DD2211E503DFFD5C35DECF7C0D319F70756A8838E7853B33046E7B3292
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
1F0204154543B8813097A5A1DBDB100A7894C8FDB5F47571F306762169A7D03B
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
76D87FF1C4DF0349ECC2CB9C5D5C321E4FE2203BA85E2D94BA1F32A5B5DC92A4
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
78A46B6D4D92FD635C29991F9795C008440D023EEDAB43C37E3DBC46B3AC061A
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
37A858BD3327FACA61D625B462EC605ED64E520E108B94F4C3325B757DB435C4
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
17F7787CEDB9B66B8D78F7E985DCA6E31DBA26B1F7D92176EDBEDAFB5838AEBC
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
9A0044B183822416E036FA2670FC5F085B3D015E358899EB0B24B5D6E5EEB39D
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
74E79208225AC01540491C9D9B04A8ABAB7FB6DD7E9352FD34AD0E3A34783B76
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
4283619B45F9239D9BB493F806D3CDDAA7452A1DB51B2D364721D21B44A69B13
2924
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
C4D5ABF1EAD77EB3B32847FFBAD1B23239DEC1808B1CD0AB5A9A7270B1EC887F
3216
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
0
Suspicious files
43
Text files
94
Unknown types
7

Dropped files

PID Process Filename Type
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\d8ac5a10-0f72-4116-88b8-c8a396a5e32d.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029 woff2
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF232919.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9012a7ba-762d-46ba-9e34-7083e200d7d0.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2327c1.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2e31e458-00ac-4c7f-b3e0-23142a7cf330.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF2254c1.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\65318230-aeb4-48bc-9eee-2bc2aca47a92.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF21faf9.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\6d41ecb4-2770-4ee0-bcf9-dbfaabc2ea9e.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF21fa4d.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\fe5ab081-a861-42cf-8387-4d427988839d.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF21ac9b.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\67d2be8a-d75d-4e50-a1f1-442377cd26bb.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF216aa0.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\b6b4cdfd-e929-41b5-aa23-3ba2e956110a.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF21658f.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\617f224f-9988-4b6b-9267-6175783c11cf.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF216234.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\285b5aea-09d3-4a73-b05f-71832bd3dca4.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000045 image
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000044 binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000043 binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000042 binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000041 binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000040 binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003f binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003e binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003d binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003c binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b html
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003a image
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000039 compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000038 compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000037 compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000036 image
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000035 compressed
2924 chrome.exe C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A2ECA083537A02B6158458FF1752C63F der
2924 chrome.exe C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A2ECA083537A02B6158458FF1752C63F binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000034 compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF21448a.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000033 compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000032 binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000031 compressed
2924 chrome.exe C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 binary
2924 chrome.exe C:\Users\admin\AppData\Local\Temp\Tar42D9.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Temp\Cab42D8.tmp ––
2924 chrome.exe C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Temp\Tar423B.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Temp\Cab423A.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000030 compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Temp\Tar422A.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Temp\Cab4219.tmp ––
2924 chrome.exe C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416 binary
2924 chrome.exe C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416 der
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002f ini
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002e image
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002d compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002c image
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b image
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a woff2
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF236382.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028 woff2
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027 compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000026 compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025 text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024 text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023 text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022 text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021 text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020 text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f html
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF213845.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\536d79db-c866-4265-8579-a71fae415b29.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF21107a.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\8276f79e-b81e-4d23-a273-8cb74321b3af.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF21101c.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\64fbd176-4a14-42aa-8710-09f48c77aa01.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF210f9f.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\87acb6cb-fd85-4260-bccb-96dfd6941be9.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a image
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019 compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018 woff2
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017 woff2
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016 compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015 compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014 image
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013 image
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012 image
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011 image
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010 image
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f image
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c compressed
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF20f0fb.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF20ed42.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF20ece4.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF20ec29.TMP binary
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9e90f0ad-9c64-4d02-9e5f-95ba4ee36928.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF20ea06.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF20e9a8.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF20e9a8.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF20e979.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\80236e9a-ce30-46e4-9a6e-a6fa699d771b.tmp ––
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF20e95a.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF20e95a.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF20e95a.TMP text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version text
2924 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat binary
3652 chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma binary

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
32
TCP/UDP connections
97
DNS requests
62
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2924 chrome.exe GET 200 91.235.137.17:80 http://eperdreocca.tk/index/?4831537102803 RU
html
suspicious
2924 chrome.exe GET 301 89.108.105.13:80 http://mashina.com/mblog/latestpost RU
––
––
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/latestpost/ RU
html
unknown
2924 chrome.exe POST 200 89.108.105.13:80 http://mashina.com/mblog/2019/02/06/home-equity-line-of-credit-reviews/ RU
text
html
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-includes/css/dist/block-library/style.min.css?ver=5.0.3 RU
text
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/plugins/luckywp-cookie-notice-gdpr/front/assets/main.min.css?ver=1.1.0 RU
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/themes/showcase-lite/style.css?ver=5.0.3 RU
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/themes/showcase-lite/css/nivo-slider.css?ver=5.0.3 RU
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/themes/showcase-lite/css/responsive.css?ver=5.0.3 RU
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/themes/showcase-lite/css/default.css?ver=5.0.3 RU
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/themes/showcase-lite/css/animation.css?ver=5.0.3 RU
text
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.2.12 RU
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css?ver=3.2.12 RU
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-includes/js/jquery/jquery.js?ver=1.12.4 RU
text
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 RU
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/plugins/luckywp-cookie-notice-gdpr/front/assets/main.min.js?ver=1.1.0 RU
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/themes/showcase-lite/js/jquery.nivo.slider.js?ver=5.0.3 RU
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/themes/showcase-lite/js/custom.js?ver=5.0.3 RU
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.2.12 RU
text
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-includes/js/wp-embed.min.js?ver=5.0.3 RU
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/plugins/mfaer/MyFeaturedAds.js?ver=1.4 RU
text
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/imgs/best-heloc-rates-min.png RU
image
unknown
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-includes/js/wp-emoji-release.min.js?ver=5.0.3 RU
text
unknown
2924 chrome.exe GET 200 172.217.18.98:80 http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js US
text
whitelisted
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/wp-content/themes/showcase-lite/images/search-icon.png RU
image
unknown
2924 chrome.exe GET 200 172.217.18.98:80 http://pagead2.googlesyndication.com/pagead/js/r20190204/r20190131/show_ads_impl.js US
text
whitelisted
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/favicon.ico RU
image
unknown
2924 chrome.exe GET 200 13.35.254.82:80 http://x.ss2.us/x.cer US
der
whitelisted
2924 chrome.exe GET 200 8.253.204.120:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
2924 chrome.exe GET 200 104.111.245.93:80 http://cert.int-x3.letsencrypt.org/ NL
der
whitelisted
2924 chrome.exe GET 200 8.253.204.120:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt US
der
whitelisted
2924 chrome.exe GET 200 89.108.105.13:80 http://mashina.com/mblog/2019/02/06/home-equity-line-of-credit-reviews/ RU
html
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2924 chrome.exe 67.231.146.66:443 Proofpoint, Inc. US unknown
2924 chrome.exe 172.217.23.131:443 Google Inc. US whitelisted
2924 chrome.exe 172.217.21.227:443 Google Inc. US whitelisted
2924 chrome.exe 172.217.22.13:443 Google Inc. US whitelisted
2924 chrome.exe 104.248.162.246:443 US unknown
2924 chrome.exe 216.58.208.42:443 Google Inc. US whitelisted
2924 chrome.exe 176.123.9.52:443 Alexhost Srl MD unknown
2924 chrome.exe 172.217.21.195:443 Google Inc. US whitelisted
2924 chrome.exe 91.235.137.17:80 Serverius Holding B.V. RU suspicious
2924 chrome.exe 193.201.224.70:443 PE Tetyana Mysyk UA unknown
2924 chrome.exe 192.0.73.2:443 Automattic, Inc US whitelisted
2924 chrome.exe 89.108.105.13:80 Domain names registrar REG.RU, Ltd RU unknown
2924 chrome.exe 172.217.18.98:80 Google Inc. US unknown
2924 chrome.exe 172.217.18.98:443 Google Inc. US unknown
2924 chrome.exe 172.217.18.162:443 Google Inc. US whitelisted
2924 chrome.exe 216.58.205.226:443 Google Inc. US whitelisted
2924 chrome.exe 172.217.21.226:443 Google Inc. US whitelisted
2924 chrome.exe 216.58.207.65:443 Google Inc. US whitelisted
2924 chrome.exe 216.58.207.68:443 Google Inc. US whitelisted
2924 chrome.exe 64.233.184.94:443 Google Inc. US whitelisted
2924 chrome.exe 109.203.109.51:443 Node4 Limited GB unknown
2924 chrome.exe 172.217.16.162:443 Google Inc. US whitelisted
2924 chrome.exe 104.19.198.151:443 Cloudflare Inc US shared
2924 chrome.exe 205.185.208.52:443 Highwinds Network Group, Inc. US unknown
2924 chrome.exe 172.217.23.136:443 Google Inc. US whitelisted
2924 chrome.exe 13.35.253.29:443 US unknown
2924 chrome.exe 216.58.208.40:443 Google Inc. US whitelisted
2924 chrome.exe 13.35.254.82:80 US unknown
2924 chrome.exe 172.217.23.174:443 Google Inc. US whitelisted
2924 chrome.exe 31.13.90.6:443 Facebook, Inc. IE whitelisted
2924 chrome.exe 216.58.206.10:443 Google Inc. US whitelisted
2924 chrome.exe 8.253.204.120:80 Global Crossing US unknown
2924 chrome.exe 23.211.1.39:443 Akamai Technologies, Inc. NL unknown
2924 chrome.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
2924 chrome.exe 139.59.185.157:443 Digital Ocean, Inc. GB unknown
2924 chrome.exe 66.102.1.157:443 Google Inc. US whitelisted
2924 chrome.exe 147.75.204.215:443 Packet Host, Inc. NL unknown
2924 chrome.exe 151.101.0.65:443 Fastly US unknown
2924 chrome.exe 23.111.11.83:443 netDNA US unknown
2924 chrome.exe 104.111.245.93:80 Akamai International B.V. NL unknown
2924 chrome.exe 157.240.1.35:443 Facebook, Inc. US whitelisted
2924 chrome.exe 147.75.83.1:443 Packet Host, Inc. US unknown
2924 chrome.exe 50.19.60.226:443 Amazon.com, Inc. US whitelisted
2924 chrome.exe 54.246.91.175:443 Amazon.com, Inc. IE unknown
2924 chrome.exe 52.211.120.46:443 Amazon.com, Inc. IE unknown
2924 chrome.exe 23.111.9.217:443 netDNA US unknown
2924 chrome.exe 217.12.15.83:443 Yahoo! UK Services Limited GB shared
2924 chrome.exe 185.33.223.80:443 AppNexus, Inc –– unknown
2924 chrome.exe 34.232.220.109:443 Amazon.com, Inc. US unknown
2924 chrome.exe 18.153.11.13:443 US unknown
2924 chrome.exe 173.241.240.143:443 OPENX TECHNOLOGIES, INC. US unknown
2924 chrome.exe 172.217.18.174:443 Google Inc. US whitelisted
2924 chrome.exe 172.217.18.14:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
clientservices.googleapis.com 172.217.21.227
whitelisted
urldefense.proofpoint.com 67.231.146.66
whitelisted
www.gstatic.com 172.217.23.131
whitelisted
accounts.google.com 172.217.22.13
whitelisted
easycarryzblog.com 104.248.162.246
unknown
fonts.googleapis.com 216.58.208.42
whitelisted
getmyfreetraffic.com 176.123.9.52
unknown
s.w.org 192.0.77.48
whitelisted
fonts.gstatic.com 172.217.21.195
whitelisted
eperdreocca.tk 91.235.137.17
suspicious
getmyconfigplease.com 193.201.224.70
unknown
secure.gravatar.com 192.0.73.2
whitelisted
mashina.com 89.108.105.13
unknown
pagead2.googlesyndication.com 172.217.18.98
whitelisted
api.whatsapp.com 185.60.216.53
unknown
wordpress.org 198.143.164.252
whitelisted
adservice.google.co.uk 216.58.205.226
whitelisted
adservice.google.com 172.217.18.162
whitelisted
googleads.g.doubleclick.net 172.217.21.226
whitelisted
www.googletagservices.com 172.217.18.162
whitelisted
tpc.googlesyndication.com 216.58.207.65
whitelisted
ssl.gstatic.com 172.217.23.131
whitelisted
www.google.com 216.58.207.68
whitelisted
csi.gstatic.com 64.233.184.94
64.233.184.120
74.125.126.94
74.125.126.120
108.177.12.94
108.177.12.120
74.125.23.94
74.125.23.120
74.125.28.94
74.125.28.120
74.125.200.94
74.125.200.120
64.233.161.94
64.233.161.120
74.125.128.94
74.125.128.120
whitelisted
www.national-debt-help.com 109.203.109.51
unknown
www.googleadservices.com 172.217.16.162
whitelisted
cdnjs.cloudflare.com 104.19.198.151
104.19.199.151
104.19.195.151
104.19.197.151
104.19.196.151
whitelisted
code.jquery.com 205.185.208.52
whitelisted
ssl.google-analytics.com 172.217.23.136
whitelisted
www.national-debt-help.co.uk 109.203.109.51
unknown
widget.trustpilot.com 13.35.253.29
13.35.253.60
13.35.253.96
13.35.253.71
whitelisted
x.ss2.us 13.35.254.82
13.35.254.54
13.35.254.34
13.35.254.176
whitelisted
www.googletagmanager.com 216.58.208.40
whitelisted
www.google-analytics.com 172.217.23.174
whitelisted
connect.facebook.net 31.13.90.6
whitelisted
ajax.googleapis.com 216.58.206.10
216.58.207.74
172.217.16.170
216.58.208.42
172.217.16.138
172.217.22.42
172.217.22.74
216.58.210.10
172.217.18.106
172.217.23.170
172.217.21.202
216.58.205.234
172.217.21.234
172.217.18.10
whitelisted
www.download.windowsupdate.com 8.253.204.120
67.27.233.126
8.248.127.254
67.27.235.254
8.253.95.249
whitelisted
s.adroll.com 23.211.1.39
unknown
static.hotjar.com 147.75.204.215
147.75.83.19
147.75.83.82
147.75.80.178
147.75.205.49
147.75.33.239
147.75.205.43
147.75.83.23
whitelisted
bat.bing.com 204.79.197.200
13.107.21.200
whitelisted
tag.marinsm.com 151.101.0.65
151.101.64.65
151.101.128.65
151.101.192.65
unknown
protect.pushgroup.co.uk 139.59.185.157
unknown
a.optnmstr.com 23.111.11.83
unknown
stats.g.doubleclick.net 66.102.1.157
66.102.1.155
66.102.1.154
66.102.1.156
whitelisted
cert.int-x3.letsencrypt.org 104.111.245.93
whitelisted
www.facebook.com 157.240.1.35
whitelisted
api.optmnstr.com 50.19.60.226
50.17.52.222
unknown
script.hotjar.com 147.75.83.1
147.75.83.19
147.75.81.98
147.75.32.173
147.75.205.43
147.75.205.49
147.75.83.23
147.75.204.215
whitelisted
d.adroll.com 54.246.91.175
176.34.190.23
unknown
www.google.co.uk 172.217.21.227
whitelisted
vars.hotjar.com 147.75.204.215
147.75.205.49
147.75.83.19
147.75.80.178
147.75.81.98
147.75.32.173
147.75.205.43
147.75.83.1
malicious
in.hotjar.com 52.211.120.46
52.214.192.35
34.251.86.222
52.17.198.148
34.240.64.255
52.210.217.24
34.250.137.55
52.30.74.76
unknown
a.optmnstr.com 23.111.9.217
unknown
ads.yahoo.com 217.12.15.83
217.12.15.54
whitelisted
x.bidswitch.net 18.153.11.13
18.153.11.14
18.153.11.8
18.153.11.9
18.153.11.10
18.153.11.11
18.153.11.12
whitelisted
cm.g.doubleclick.net 172.217.16.162
whitelisted
us-u.openx.net 173.241.240.143
whitelisted
idsync.rlcdn.com 34.232.220.109
34.195.208.119
34.196.120.233
34.200.62.249
34.193.122.41
52.0.206.42
52.20.14.48
52.200.63.47
whitelisted
ib.adnxs.com 185.33.223.80
185.33.223.198
185.33.223.216
185.33.223.215
185.33.223.200
185.33.223.210
185.33.223.204
185.33.223.208
whitelisted
national-debt-help.com 109.203.109.51
unknown
clients1.google.com 172.217.18.174
whitelisted
clients2.google.com 172.217.18.14
whitelisted

Threats

PID Process Class Message
2924 chrome.exe Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain

Debug output strings

No debug info.