General Info

URL

https://sourceforge.net/projects/npp-compare/

Full analysis
https://app.any.run/tasks/f8d2cb60-22a8-4376-8104-3dc0734dfcbf
Verdict
Malicious activity
Analysis date
3/14/2019, 14:21:35
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • SearchProtocolHost.exe (PID: 252)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 2336)
Reads Internet Cache Settings
  • chrome.exe (PID: 2988)
Modifies the open verb of a shell class
  • chrome.exe (PID: 2988)
Changes settings of System certificates
  • chrome.exe (PID: 2988)
Application launched itself
  • chrome.exe (PID: 2988)
Reads settings of System Certificates
  • chrome.exe (PID: 2988)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
42
Monitored processes
14
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe searchprotocolhost.exe no specs notepad.exe no specs chrome.exe no specs PhotoViewer.dll no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
252
CMD
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
Path
C:\Windows\System32\SearchProtocolHost.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Search Protocol Host
Version
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\tquery.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msshooks.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msidle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mssph.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\authz.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\version.dll
c:\users\admin\downloads\compareplugin.v1.5.6.2.bin\compareplugin.dll

PID
2988
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://sourceforge.net/projects/npp-compare/
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\shdocvw.dll
c:\windows\system32\winshfhc.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\mpr.dll

PID
3712
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x700d00b0,0x700d00c0,0x700d00cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2944
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2992 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
1204
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=940,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=AA494380577D90A2CDEFA9D0D1E41C19 --mojo-platform-channel-handle=980 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2700
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --service-pipe-token=06F0A89E26151B7EC37DAD82D462C525 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=06F0A89E26151B7EC37DAD82D462C525 --renderer-client-id=4 --mojo-platform-channel-handle=1896 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3420
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --service-pipe-token=A476A9D1919CDB71C85A5C94B7F0B3CD --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=A476A9D1919CDB71C85A5C94B7F0B3CD --renderer-client-id=3 --mojo-platform-channel-handle=2120 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2608
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=940,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=A09DFCDC030F4C9423960A4ADC2A7883 --mojo-platform-channel-handle=4880 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\mfreadwrite.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\devenum.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll

PID
2740
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=940,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=66E9ECDCD8D63919F80B79F0B43E44F3 --mojo-platform-channel-handle=2656 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2664
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=940,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=604AFC7EEDA6AF0F6A99953AB8A2D1F6 --mojo-platform-channel-handle=2280 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2336
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\ComparePlugin.v1.5.6.2.bin.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\notepad.exe
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll

PID
3984
CMD
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa2336.25567\ComparePlugin.readme.txt
Path
C:\Windows\system32\NOTEPAD.EXE
Indicators
No indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll

PID
2852
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=940,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=E8B8B6B7742D391EEA0816A7CA5765AB --mojo-platform-channel-handle=5004 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
2716
CMD
C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
Path
C:\Windows\system32\DllHost.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
COM Surrogate
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\windows photo viewer\photoviewer.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\slc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\windows photo viewer\photobase.dll
c:\windows\system32\propsys.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\actxprxy.dll
c:\program files\windows photo viewer\imagingengine.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\psapi.dll
c:\windows\system32\icm32.dll

Registry activity

Total events
1797
Read events
1690
Write events
106
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2988
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2988
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2988
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2988
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2988
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2988
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13197043310385375
2988
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\1FB86B1168EC743154062E8C9CC5B171A4B7CCB4
Blob
0300000001000000140000001FB86B1168EC743154062E8C9CC5B171A4B7CCB41400000001000000140000000F80611C823161D52F28E78D4638B42CE1C6D9E2040000000100000010000000345EFF15B7A49ADD451B65A7F4BDC6AE0F000000010000002000000010D93C9864A521F3065CC3A522509C2AFABB01581CAD9C6D8E89FDD75F9EA747190000000100000010000000E476DC02F1CECF7E6C1E756CD803F6261800000001000000100000000F3A0527D242DE2DC98E5CFCB1E991EE4B0000000100000044000000370034003200330046003800380043003700460032003600350046003000440045004600430030003800450041003800380043003300420044004500340035005F000000200000000100000098040000308204943082037CA003020102021001FDA3EB6ECA75C888438B724BCFBC91300D06092A864886F70D01010B05003061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F74204341301E170D3133303330383132303030305A170D3233303330383132303030305A304D310B300906035504061302555331153013060355040A130C446967694365727420496E63312730250603550403131E44696769436572742053484132205365637572652053657276657220434130820122300D06092A864886F70D01010105000382010F003082010A0282010100DCAE58904DC1C4301590355B6E3C8215F52C5CBDE3DBFF7143FA642580D4EE18A24DF066D00A736E1198361764AF379DFDFA4184AFC7AF8CFE1A734DCF339790A2968753832BB9A675482D1D56377BDA31321AD7ACAB06F4AA5D4BB74746DD2A93C3902E798080EF13046A143BB59B92BEC207654EFCDAFCFF7AAEDC5C7E55310CE83907A4D7BE2FD30B6AD2B1DF5FFE5774533B3580DDAE8E4498B39F0ED3DAE0D7F46B29AB44A74B58846D924B81C3DA738B129748900445751ADD37319792E8CD540D3BE4C13F395E2EB8F35C7E108E8641008D456647B0A165CEA0AA29094EF397EBE82EAB0F72A7300EFAC7F4FD1477C3A45B2857C2B3F982FDB745589B0203010001A382015A3082015630120603551D130101FF040830060101FF020100300E0603551D0F0101FF040403020186303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D307B0603551D1F047430723037A035A0338631687474703A2F2F63726C332E64696769636572742E636F6D2F4469676943657274476C6F62616C526F6F7443412E63726C3037A035A0338631687474703A2F2F63726C342E64696769636572742E636F6D2F4469676943657274476C6F62616C526F6F7443412E63726C303D0603551D200436303430320604551D2000302A302806082B06010505070201161C68747470733A2F2F7777772E64696769636572742E636F6D2F435053301D0603551D0E041604140F80611C823161D52F28E78D4638B42CE1C6D9E2301F0603551D2304183016801403DE503556D14CBB66F0A3E21B1BC397B23DD155300D06092A864886F70D01010B05000382010100233EDF4BD23142A5B67E425C1A44CC69D168B45D4BE004216C4BE26DCCB1E0978FA65309CDAA2A65E5394F1E83A56E5C98A22426E6FBA1ED93C72E02C64D4ABFB042DF78DAB3A8F96DFF21855336604C76CEEC38DCD65180F0C5D6E5D44D2764AB9BC73E71FB4897B8336DC91307EE96A21B1815F65C4C40EDB3C2ECFF71C1E347FFD4B900B43742DA20C9EA6E8AEE1406AE7DA2599888A81B6F2DF4F2C9145F26CF2C8D7EED37C0A9D539B982BF190CEA34AF002168F8AD73E2C932DA38250B55D39A1DF06886ED2E4134EF7CA5501DBF3AF9D3C1080CE6ED1E8A5825E4B877AD2D6EF552DDB4748FAB492E9D3B9334281F78CE94EAC7BDD3C96D1CDE5C32F3
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice
Progid
ChromeHTML
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Progid
ChromeHTML
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
Progid
ChromeHTML
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice
Progid
ChromeHTML
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice
Progid
ChromeHTML
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice
Progid
ChromeHTML
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice
Progid
ChromeHTML
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice
Progid
ChromeHTML
2988
chrome.exe
write
HKEY_CLASSES_ROOT\.htm
ChromeHTML
2988
chrome.exe
write
HKEY_CLASSES_ROOT\.html
ChromeHTML
2988
chrome.exe
write
HKEY_CLASSES_ROOT\.shtml
ChromeHTML
2988
chrome.exe
write
HKEY_CLASSES_ROOT\.xht
ChromeHTML
2988
chrome.exe
write
HKEY_CLASSES_ROOT\.xhtml
ChromeHTML
2988
chrome.exe
write
HKEY_CLASSES_ROOT\ftp
URL Protocol
2988
chrome.exe
write
HKEY_CLASSES_ROOT\ftp\DefaultIcon
C:\Program Files\Google\Chrome\Application\chrome.exe,0
2988
chrome.exe
write
HKEY_CLASSES_ROOT\ftp\shell\open\command
"C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
2988
chrome.exe
write
HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec
2988
chrome.exe
write
HKEY_CLASSES_ROOT\ftp\shell
open
2988
chrome.exe
write
HKEY_CLASSES_ROOT\http
URL Protocol
2988
chrome.exe
write
HKEY_CLASSES_ROOT\http\DefaultIcon
C:\Program Files\Google\Chrome\Application\chrome.exe,0
2988
chrome.exe
write
HKEY_CLASSES_ROOT\http\shell\open\command
"C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
2988
chrome.exe
write
HKEY_CLASSES_ROOT\http\shell\open\ddeexec
2988
chrome.exe
write
HKEY_CLASSES_ROOT\http\shell
open
2988
chrome.exe
write
HKEY_CLASSES_ROOT\https
URL Protocol
2988
chrome.exe
write
HKEY_CLASSES_ROOT\https\DefaultIcon
C:\Program Files\Google\Chrome\Application\chrome.exe,0
2988
chrome.exe
write
HKEY_CLASSES_ROOT\https\shell\open\command
"C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
2988
chrome.exe
write
HKEY_CLASSES_ROOT\https\shell\open\ddeexec
2988
chrome.exe
write
HKEY_CLASSES_ROOT\https\shell
open
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Clients\StartMenuInternet
Google Chrome
2988
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-1302019708-1500728564-335382590-1000
C70ABC16A4E22E00
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307030004000E000D0016000F008E0100000000
2944
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2988-13197043309229125
259
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2336
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\Downloads\ComparePlugin.v1.5.6.2.bin.zip
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
0
C:\Users\admin\Downloads\ComparePlugin.v1.5.6.2.bin
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\Downloads
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C800000000000000000000000000520103000000000039000000B40200000000000001000000
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C8000000000000000000000000006C01010000000000160000002A0000000000000002000000
2336
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C800000000000000000000000000580101000000000016000000640000000000000003000000
3984
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosX
132
3984
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosY
132
3984
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosDX
960
3984
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosDY
501
2852
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2716
DllHost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
DllHost.exe

Files activity

Executable files
1
Suspicious files
73
Text files
64
Unknown types
10

Dropped files

PID
Process
Filename
Type
2336
WinRAR.exe
C:\Users\admin\Downloads\ComparePlugin.v1.5.6.2.bin\ComparePlugin.dll
executable
MD5: a5d5673b4aff3149826977bd5d84b35d
SHA256: 8195d36bf1f4154fc80209b925ae7e3f4c6f45341383bde40dbacf20635211f1
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000040
binary
MD5: 22b35059573a3676182e12d021107905
SHA256: 59db7c7acf7f44dca6de64a6bb6b086ce04c2bb6bfb448ff01d8cf68a25c952e
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003f
binary
MD5: 844e44ab12a5d8f80ff77c66f06bb3a4
SHA256: 45b3e0a7357c65b1d27fac976debb388dbbe4d1a1a283916fa896cdad7bf5782
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003e
binary
MD5: 8b2a9b120678fca6cc5106f230eb36d4
SHA256: b678896792f9be18a42d188b84f465990fae487d2048e38f065bedcd90f6f6dc
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003d
binary
MD5: 7444c8c5713dcaf0f99544704278afa1
SHA256: 5b6a79f4fceb9fc2f2828aafc2a044a44c874387d5a94696c97cdbed351b0d24
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003c
binary
MD5: 727fb2f14f5b5b236a8ba4313f745675
SHA256: ce9febd27f73568380a3084ebc03c8fa83614da3030bb747e908998041f61143
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b
compressed
MD5: 646d6853a9ef9fb842fea5dd24b31ae1
SHA256: 1bf13a27700aa0b22d597a14a1e2374be9b3f093ab9b3748898680758da6f536
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 100429106c88f7d3888293972f111c1a
SHA256: 30fdcc9c4d50966e785f6cdc2746cbbdbd0ef2e94e2d28f9a10f41b1d03d734a
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF21a538.TMP
text
MD5: 100429106c88f7d3888293972f111c1a
SHA256: 30fdcc9c4d50966e785f6cdc2746cbbdbd0ef2e94e2d28f9a10f41b1d03d734a
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\946e5c06-c138-43ed-9882-bd3a5e30a960.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 5c912358c35e7031ce8d4a15a54304b4
SHA256: d327b6dac999a47c83fd285334b62e6c10eb1956aa1bea6e4fcf43a21debd8b6
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF219eef.TMP
text
MD5: 5c912358c35e7031ce8d4a15a54304b4
SHA256: d327b6dac999a47c83fd285334b62e6c10eb1956aa1bea6e4fcf43a21debd8b6
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\979d8315-83c6-45fc-900f-83f3dbaec7a7.tmp
––
MD5:  ––
SHA256:  ––
2336
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DIa2336.25567\ComparePlugin.readme.txt
text
MD5: 92b767a746d32d9f6dfddaa54c32a9b5
SHA256: 747824bd58f3bce37014bd01cd6f1806e46e9f1de773c3060dbb73c0f148dd94
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000042
binary
MD5: 6f57deda7ddc886ddbba1c7bb132df95
SHA256: 771205826762fde12862a1591065f51d995b878e40d1c10323a1db65700f3439
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 6f9cdeba4c891f906ad98d5475294f23
SHA256: 438ca01e3ef2c3450d7f881338f524a4f0db3c67d52f013208e164c799a95abb
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2176c5.TMP
text
MD5: 6f9cdeba4c891f906ad98d5475294f23
SHA256: 438ca01e3ef2c3450d7f881338f524a4f0db3c67d52f013208e164c799a95abb
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\029c545a-d10b-49d9-b72c-8422a0528931.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF214dd1.TMP
flc
MD5: a863f17bd8cab997eac4d248316df30a
SHA256: 86fae96f4996f1628d29057a3ad51711d09189437a7b1aa64e036b6bfcb74a39
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
flc
MD5: a863f17bd8cab997eac4d248316df30a
SHA256: 86fae96f4996f1628d29057a3ad51711d09189437a7b1aa64e036b6bfcb74a39
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a20b62a5-4f24-4425-a905-7f4b4c8882a6.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF214545.TMP
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
flc
MD5: eb0a307546dba80195dca559bff56485
SHA256: 7e493e4c868f2d33670b434d5323164972ff6713a4caa4ba1d47a03a44dcc1ba
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\405242e7-0ba6-4373-9f13-4d6a62e2df48.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\59af79aa-cb62-4347-91ee-361dfd32bb33.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\Downloads\ComparePlugin.v1.5.6.2.bin.zip:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2988
chrome.exe
C:\Users\admin\Downloads\ComparePlugin.v1.5.6.2.bin.zip
compressed
MD5: 07618543ef7dce847e0e2577e2e6687b
SHA256: 7213673f789f4feff5c9a14330a01eae8d41587c8599786ba314854d97b896c1
2664
chrome.exe
C:\Users\admin\AppData\Local\Temp\32a11768-3735-490f-9b03-a9edb2b24b71.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 312302.crdownload
compressed
MD5: 07618543ef7dce847e0e2577e2e6687b
SHA256: 7213673f789f4feff5c9a14330a01eae8d41587c8599786ba314854d97b896c1
2988
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 312302.crdownload
compressed
MD5: b0ceaea5adb8633244102e63546360b7
SHA256: 58221402deb6fce8c5ea943d3a18e81b9ab65d6f2a5f0e55580b6418cf016b5e
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
binary
MD5: 9269593ab4cb0ec10b77ae248421b0f0
SHA256: 8740b2fccaf376a29d2b7dafae82bc1c2cfddf0623c1e4a3cd437e5a47cfb328
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF214063.TMP
binary
MD5: 9269593ab4cb0ec10b77ae248421b0f0
SHA256: 8740b2fccaf376a29d2b7dafae82bc1c2cfddf0623c1e4a3cd437e5a47cfb328
2988
chrome.exe
C:\Users\admin\Downloads\57a5c453-4ff8-486e-a618-30ad0c24da80.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5779894e-833a-4138-98e9-1dee172f9e16.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF213400.TMP
text
MD5: 8aec17bb685503c671ef89d8f18a0ce3
SHA256: f6e0074f32be1624345d173a71b0bb959bc6327a7a125e0b159717ca2a8208e7
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 8aec17bb685503c671ef89d8f18a0ce3
SHA256: f6e0074f32be1624345d173a71b0bb959bc6327a7a125e0b159717ca2a8208e7
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\a2b32ade-6184-4cb8-920b-eb886422e956.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: cb852ecd83751b29b95418b398a94de0
SHA256: ee5b0b2f5f5476e9be39aab312f5c40d54f0d2b47f2b15e65dc1410b19b146fd
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF213392.TMP
text
MD5: cb852ecd83751b29b95418b398a94de0
SHA256: ee5b0b2f5f5476e9be39aab312f5c40d54f0d2b47f2b15e65dc1410b19b146fd
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\80f18e7d-1ddf-489f-bf3e-e3c36fdbf179.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2132c7.TMP
text
MD5: 1eee75e382a3ac965527fede11f881cf
SHA256: 4cd00e5be880d1a7bda79b0fc1d2206e6947214c8a44a9cb4dd99a37112c2db6
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 1eee75e382a3ac965527fede11f881cf
SHA256: 4cd00e5be880d1a7bda79b0fc1d2206e6947214c8a44a9cb4dd99a37112c2db6
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\36e93892-6d78-4d45-ad8a-f47e8ac866db.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003a
image
MD5: 405ad1fa02c4a2b214c9ea31dae18d7f
SHA256: 647734f833934b08f0adddf8d9b7c1e752c29c6b10816155f2f3ced394bd1bfc
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000039
binary
MD5: 9995db2d2bedd1b69c3a4464fc36267b
SHA256: d48cf25c569d5cb0ca6ae726e53b2a53dcd556d54c996d36a562f5610e71fb04
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000038
binary
MD5: 25cacd639a2c9caec9426c9e0fe2a1e2
SHA256: 7e8c7882afd9b73cfae925a256ae3783bba065b0453f4eaa89dd21ab73a816b9
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000037
binary
MD5: 46266438259f120cc8085629551aeeb9
SHA256: 846cd41265f8835b79d6ca302f2b1efbe1622a8788b1a46c89a6b9707a6db38b
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000036
image
MD5: 99815270b37d0ab6d6458ce70e67bcde
SHA256: 0207894f8f74da7e5d871fc85e72eb5f26bf825145302ed1b4d8c933cd0bc02e
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000035
binary
MD5: 56fe0f147cc9cd0507c23af119dd8465
SHA256: f7656fa624827ff7b0a5cff2ce7f4403697e0d204831114e8f28b3c26b382486
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000034
binary
MD5: f1b944aaff323e7b6338f46e3a01e35d
SHA256: 6c19e430912bd257a6aafa9a1d1a2568d5926926b877a57310419d01852a0d55
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000033
compressed
MD5: fe38832ee04ceb7ee6af849ce47d9742
SHA256: 1144b0c4c1da6c04eb779de2916893c2890229d888753bda9c5666d3bb7a9e13
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000032
compressed
MD5: 88cb40963c459cb88b5a781e57ed0ccc
SHA256: f303554fe17a12ece5a4923884895078c7e6bea40ba1f2ab61b48a39b9049b1e
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000031
binary
MD5: 15572ac533ae2f1e144f3ca7e1287a51
SHA256: 72a760c15eef986d2ae12025382039b873950ef196d2f406cf7e0cdff5bc86fe
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000030
compressed
MD5: 5ef36007df728e6a793531d9213ebda9
SHA256: b5efa86424cf5db9db8a9185586013a05f5edd3030483233b0a6e6c11892b2a6
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002f
compressed
MD5: c78053d04d99ca1852b6b49fa4099644
SHA256: 20d65d0e376fcfcbc525d04ec3caa152a270e10555466940a77d382e745fd841
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002e
compressed
MD5: c9b5c2f0ecafdae31e921ba5eebffb84
SHA256: 79495fb9adb36f6854a3f94137ec9c25d91b3a6f6594e47ed36acd435aaa7f8a
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002d
binary
MD5: 10dc8ae96458907856334d23970316e9
SHA256: 0f3be665e82644c1d5995c0d03c78cf814dbcec6bed09ca3dfea88a5b61e4752
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002c
binary
MD5: bc326ff61495981ac221013fb681a7e7
SHA256: 4d1a28346b74a7f2b3d11ff1e56ae196cdd390b37d3ea285805c5a98f6dd9c3e
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b
binary
MD5: 19c875685f8843600e78f682db2eaaf8
SHA256: 2d0551c47f9842fdc75d2fd0d51a5d83f74bf6928aedca8cb1c32ad8b911ac40
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a
binary
MD5: c1a9e47b372e5910ce80c1dbf0b0c615
SHA256: 56cbd09ab127ad0eec244a90139a503dbc6d04263b005f4dc7533c5508833390
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029
compressed
MD5: 6f5e885922e854700ee4a3ec7051b0b1
SHA256: 6e81da392cd8a8afaef14a8125f0d892fd5433027eebb18e735c4e1813a16848
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028
binary
MD5: 613fa75028a9ced1b0ca116b54a2edef
SHA256: f6d255a33d5c89294f9ea4d01718a50f568dcc51820464ff00ebe584cdf7162f
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000026
binary
MD5: 09d1a87a9af109bbaf240d5c322ac175
SHA256: a248293c91856c6e2bf936ef0bf4ce37b56c2ee8172a80e09798b4ef3c845be1
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027
binary
MD5: 7116c1f8d440d05259054beac6c96e3f
SHA256: a4224aa10a05b35a6ba7b0d4e6b383ea47c5a2eef543e77efc72a7e1a4847664
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025
binary
MD5: e8a930575282f643edd9ee89f7a5238c
SHA256: 2f9a5d232ec3fb60312f4f41aa1fb847bce80bfb3c5108f4a72d959c7b03f6a6
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024
binary
MD5: 9158db9eaa0df7af0b072bcc1c2f10d6
SHA256: ab140da7d3ca3e13c44f7f4bda6592b5ef0b8c2d16a47275cb0fbd7c25f2c07d
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023
binary
MD5: c9e83da15efe4132b4580856d97201b8
SHA256: 9ab8fe8257bb0b6ec492cff64e0a4b66d1c99e76118cb4ac8c13923dc1ec73c7
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
binary
MD5: e47e17257d8abf9832a7bcf12c812820
SHA256: 052b0c0dbbd6ed9a5a42e09f09eaaaf5533efb36025c08609d5fe30a8e671537
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021
binary
MD5: 8232cd833c719999422468e1d59705b4
SHA256: d38eae35f2f66cf53099ca39f96e433102e24f322376724fda09d0d4effd600e
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
binary
MD5: 36959d400cf1cbc784fa50cba13b0049
SHA256: dab2229ac2eb3abd850e13364035cff574b156f88becd90bacb5130adf674634
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
binary
MD5: b59bfe0ac752a7a6f878858f2153b0df
SHA256: dae392fb1f250a706996a9ee9df86946f31bc2800a84614956b4e2d3e816e2b9
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
binary
MD5: 1327fdaf54de5c4a02db89e195c159d4
SHA256: be1272df26f60544824e6ab50769197d89ac7f83605e57f089c843d54044a444
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF210adc.TMP
text
MD5: e558b7546df971fb81328289f88cf927
SHA256: 150454c07b7b07452de22c124c9b88f7f0d22293c130cb2aff81401703f079fe
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: e558b7546df971fb81328289f88cf927
SHA256: 150454c07b7b07452de22c124c9b88f7f0d22293c130cb2aff81401703f079fe
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e82f1dc8-64ac-4b86-a020-1b5e23e560ad.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
binary
MD5: 6dc796861deb8c3c74606f1bc6add50c
SHA256: 0814d16e633ca9ed62e9d0bc57a1249910e590a825dde936c67e0720c12e2bfe
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
binary
MD5: d9e11ecb0fe1024af05a09010a990815
SHA256: 047c5e4914eaf8dd6fb47fb4eb5df898defa5cfc2f98fb5eca293242ce5096d9
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 401c9174cf93cbb3147c4c6c1a078eff
SHA256: cff202ad261c012e91ae28fea36865afc0531cd3a8f033c868e9305caf2a0a62
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
compressed
MD5: 36bfc79ca4b951c1b178e0bf41deff8b
SHA256: b03090d9279a8e24888990ceed1bda62f978afcaf9277dfc79a2f239f523a493
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 6f37f23903f87b8fe603de46908a64fa
SHA256: af7b92ce3e69a2c8a054e77d0fb0c5dd61cdc5269ce1ed4297731d7145ceae10
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF210aad.TMP
text
MD5: 6f37f23903f87b8fe603de46908a64fa
SHA256: af7b92ce3e69a2c8a054e77d0fb0c5dd61cdc5269ce1ed4297731d7145ceae10
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF210aad.TMP
text
MD5: 401c9174cf93cbb3147c4c6c1a078eff
SHA256: cff202ad261c012e91ae28fea36865afc0531cd3a8f033c868e9305caf2a0a62
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5b214b42-2152-4593-8baa-b020875f45e9.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\789c383d-c341-4ec6-ad43-1675971e542a.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4CA77D36767B6202D4786BF3D1EC5242
binary
MD5: 9cd73709d967f27366c7f2ccbf74b649
SHA256: 864d6171a7619f2cd354870bd16108802e6b6e05fe3caf88c03d70131e3b1162
2988
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4CA77D36767B6202D4786BF3D1EC5242
der
MD5: dc32c3a76d2557c768099dea2da9a2d1
SHA256: f1c1b50ae5a20dd8030ec9f6bc24823dd367b5255759b4e71b61fce9f7375d73
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
binary
MD5: e951a3dc05dfc1bbb8c906001c5b5ec2
SHA256: 9bf3e535ab2a24a0cf0713abc99bbd9dcc11969c8afc3fb0e8745498191be6b0
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
binary
MD5: dcf85de1347e6b5364aed61e5f0b5660
SHA256: 5a33b95fbc5fd59c198fce71938fa3f643c4ab5f34b95baa27a7876d9380f3d6
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
binary
MD5: c48d7075b65e37aa18892695c5623a51
SHA256: 6a7c643d9c3e58235f8697be19d86e9c3757f6201cb639b26d9938e5dfa9330f
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
compressed
MD5: 4b55e625e0987b99176c0a42c57d6762
SHA256: d8f834287b24d94cc106d53f433ac8aa6cb6c9770d25c55d2166f922fc7d1139
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
compressed
MD5: 37c2cbc1facd70dee30a4af04998dda4
SHA256: 684b380b4b3b47a32c80ab9b633cb10b0ac594f2de49583c152386e9a97da71c
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
compressed
MD5: 5735342c8818b9d8e1c0abe3939e7fbe
SHA256: d1d990c76a9e6205b9e2c05bfbe2941eef2deeacc832fd411fd32df3a851a17e
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
compressed
MD5: 6f20ecf6ee2f932429d8f2d67afa4a55
SHA256: 696644671c3215cc4b737317aaefef7bb7539e9a2473776339889a4d05d2bec0
2988
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 3dcea4a9177fa058bd9753729115ebb6
SHA256: 6c4c3ff51238d5ca416d34217a90ae8df97cc61a9566df06fc6783caedb74644
2988
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarEB28.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabEB27.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 02c1120f28378fd32b58cec3bb9458c2
SHA256: f3c77083fe5d71225ceea0337e819ed7049e2a5692e6c662c5a0eaa97db3dff9
2988
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarEB17.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabEB16.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF20eb00.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2988
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarEA98.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabEA97.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: ab61779c444bc51071a6fa2e114c33b9
SHA256: 6c15dea9e19508c242e17f68cb8fe3b7fe1e445d14dc7c6ae98c6ad7d4c051bc
2988
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
2988
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarEA86.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabEA85.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
woff2
MD5: 7fbbfd1610770d594aef639cfefdd0b0
SHA256: ead13ccfbdea5462c3af37aa6ae04e64ed65a31c33f76e46da5e86ec85c52064
2988
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarEA74.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabEA73.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
compressed
MD5: 884a3cd3e23031bcd43e0cfc349aec4a
SHA256: 3da595f4aa5fb980fadcbb723d77c98191f6583f605b8c6d7676791066ad1d25
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
compressed
MD5: a6ce90b9145f18e7a721eb3819daaaab
SHA256: 94fe45c14a2ce4fd5f1401c835e5d63111ebf89ff58e03d6b780592f02abf778
2988
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B7C322D57057B3593664F2D411D5C076
binary
MD5: b03281eff3afe9c3ab5959e4a30bc96b
SHA256: 3276070ae4d886acc392cd0d5ec493a0e03c14ccbb967dfc85a53ab2845ad202
2988
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B7C322D57057B3593664F2D411D5C076
der
MD5: 345eff15b7a49add451b65a7f4bdc6ae
SHA256: 154c433c491929c5ef686e838e323664a00e6a0d822ccc958fb4dab03e49a08f
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
woff2
MD5: f1a4a058fbba1e35a406188ae7eddaf8
SHA256: 1670565574aab8aa0a287a4cd8f49cf0d8b0959ebe344f90ca8af696ede9c23b
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
compressed
MD5: 0605204d6afe6dd509555ef6e2de8768
SHA256: 453df7743af7316dca21368e69935d05e1625b2f1cea02d4f47902c1a8a7d866
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF20e91c.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
compressed
MD5: 724ae826c7a688c8fca5c71b3b7e790d
SHA256: 8698dc49cd1b3f239fd713e3d4db4aa6c7317ed6116cf2d998779a43eb77aa52
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
compressed
MD5: 84f004985e432d8590679042e1192ee1
SHA256: ceded7040a0498e4660f67cd3463e40f4f9569e92e568cd65c62097cb1c41a0d
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: 6b1e95ec851f811a79969c80db657af7
SHA256: 8942d298a6bb039465f2d525224739df6b5d9674d4d27ee06287a4a1b201ea45
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF20e747.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF20e6f9.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: f3063b93f2b73320b69ac95b4df9d7be
SHA256: 4d0654334c7787b5c64405664d01166408a208833a9ebbf4465d5f160625592c
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF20e64d.TMP
binary
MD5: f3063b93f2b73320b69ac95b4df9d7be
SHA256: 4d0654334c7787b5c64405664d01166408a208833a9ebbf4465d5f160625592c
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\302c4b38-8d5f-4c14-9dab-3755ad516dae.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF20e42a.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF20e3fb.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF20e3ec.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF20e3dc.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF20e3cc.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\dd9469ea-c394-4446-816e-5547a76204de.tmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF20e3bd.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF20e36f.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
3712
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
2988
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000041
image
MD5: d65c264e4bdd1c8da99465495ca400fb
SHA256: 9e13eff01bc5c9d668e0a2624d97c45f7523558a6bb65630271068be1592c35e

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
6
TCP/UDP connections
201
DNS requests
141
Threats
3

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2988 chrome.exe GET 200 104.18.10.39:80 http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt US
der
whitelisted
2988 chrome.exe GET 200 13.35.254.34:80 http://x.ss2.us/x.cer US
der
whitelisted
2988 chrome.exe GET 200 13.35.254.34:80 http://x.ss2.us/x.cer US
der
whitelisted
2988 chrome.exe GET 200 13.107.4.50:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
2988 chrome.exe GET 200 13.107.4.50:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
2988 chrome.exe GET 200 204.13.202.71:80 http://ssl.trustwave.com/issuers/STCA.crt US
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2988 chrome.exe 216.58.208.35:443 Google Inc. US whitelisted
2988 chrome.exe 216.105.38.13:443 American Internet Services, LLC. US malicious
2988 chrome.exe 172.217.22.67:443 Google Inc. US whitelisted
2988 chrome.exe 172.217.21.237:443 Google Inc. US whitelisted
2988 chrome.exe 104.20.116.11:443 Cloudflare Inc US shared
2988 chrome.exe 172.217.22.10:443 Google Inc. US whitelisted
2988 chrome.exe 216.58.207.67:443 Google Inc. US whitelisted
2988 chrome.exe 37.252.172.27:443 AppNexus, Inc –– unknown
2988 chrome.exe 35.203.66.107:443 Google Inc. US whitelisted
2988 chrome.exe 152.195.15.114:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2988 chrome.exe 72.251.249.9:443 Voxel Dot Net, Inc. NL unknown
2988 chrome.exe 213.19.162.21:443 The Rubicon Project, Inc. GB unknown
2988 chrome.exe 74.214.194.134:443 PulsePoint B.V. NL unknown
2988 chrome.exe 216.105.38.9:443 American Internet Services, LLC. US unknown
2988 chrome.exe 107.22.211.52:443 Amazon.com, Inc. US unknown
2988 chrome.exe 151.101.2.2:443 Fastly US shared
2988 chrome.exe 216.58.210.14:443 Google Inc. US whitelisted
2988 chrome.exe 13.35.253.62:443 US unknown
2988 chrome.exe 52.31.106.135:443 Amazon.com, Inc. IE unknown
2988 chrome.exe 104.18.10.39:80 Cloudflare Inc US unknown
2988 chrome.exe 13.35.254.34:80 US unknown
2988 chrome.exe 13.107.4.50:80 Microsoft Corporation US whitelisted
2988 chrome.exe 184.31.92.226:443 Akamai International B.V. NL unknown
2988 chrome.exe 172.217.22.4:443 Google Inc. US whitelisted
2988 chrome.exe 23.43.115.95:443 Akamai International B.V. NL whitelisted
2988 chrome.exe 2.18.234.132:443 Akamai International B.V. –– whitelisted
2988 chrome.exe 34.206.117.113:443 Amazon.com, Inc. US unknown
2988 chrome.exe 23.60.196.160:443 Akamai Technologies, Inc. NL whitelisted
2988 chrome.exe 107.23.87.2:443 Amazon.com, Inc. US unknown
2988 chrome.exe 34.248.169.61:443 Amazon.com, Inc. IE unknown
2988 chrome.exe 3.120.224.89:443 US unknown
2988 chrome.exe 107.178.240.89:443 Google Inc. US whitelisted
2988 chrome.exe 172.217.22.46:443 Google Inc. US whitelisted
2988 chrome.exe 216.58.205.226:443 Google Inc. US whitelisted
2988 chrome.exe 2.18.233.201:443 Akamai International B.V. –– whitelisted
2988 chrome.exe 192.0.73.2:443 Automattic, Inc US whitelisted
2988 chrome.exe 216.58.208.34:443 Google Inc. US whitelisted
2988 chrome.exe 35.201.85.158:443 Google Inc. US whitelisted
2988 chrome.exe 192.0.77.2:443 Automattic, Inc US unknown
2988 chrome.exe 18.195.160.35:443 Amazon.com, Inc. DE unknown
2988 chrome.exe 54.72.100.22:443 Amazon.com, Inc. IE unknown
2988 chrome.exe 172.217.21.194:443 Google Inc. US whitelisted
2988 chrome.exe 151.101.2.49:443 Fastly US suspicious
2988 chrome.exe 34.248.238.74:443 Amazon.com, Inc. IE unknown
2988 chrome.exe 52.43.244.95:443 Amazon.com, Inc. US unknown
2988 chrome.exe 192.132.33.27:443 Bidtellect Inc. US unknown
2988 chrome.exe 18.153.11.16:443 US unknown
2988 chrome.exe 204.13.202.71:80 Savvis US unknown
2988 chrome.exe 216.58.206.2:443 Google Inc. US whitelisted
2988 chrome.exe 172.217.18.99:443 Google Inc. US whitelisted
2988 chrome.exe 52.30.113.91:443 Amazon.com, Inc. IE unknown
2988 chrome.exe 54.229.221.102:443 Amazon.com, Inc. IE unknown
2988 chrome.exe 172.217.22.1:443 Google Inc. US whitelisted
2988 chrome.exe 54.164.15.83:443 Amazon.com, Inc. US unknown
2988 chrome.exe 156.154.200.36:443 NeuStar, Inc. US unknown
2988 chrome.exe 147.75.102.200:443 Packet Host, Inc. US unknown
2988 chrome.exe 185.33.223.100:443 AppNexus, Inc –– unknown
2988 chrome.exe 34.224.247.57:443 Amazon.com, Inc. US unknown
2988 chrome.exe 151.101.2.110:443 Fastly US unknown
2988 chrome.exe 195.181.175.9:443 Datacamp Limited DE unknown
2988 chrome.exe 185.63.144.5:443 LinkedIn Corporation IE unknown
2988 chrome.exe 172.217.22.66:443 Google Inc. US whitelisted
2988 chrome.exe 199.166.0.24:443 Integral Ad Science, Inc. US unknown
2988 chrome.exe 185.29.135.233:443 MediaMath Inc GB unknown
2988 chrome.exe 46.228.164.13:443 Turn Europe (UK) Ltd. GB unknown
2988 chrome.exe 188.125.66.34:443 Yahoo! UK Services Limited IE shared
2988 chrome.exe 192.138.218.96:443 Connexity, Inc. US unknown
2988 chrome.exe 63.251.210.243:443 Internap Network Services Corporation US unknown
2988 chrome.exe 52.7.2.46:443 Amazon.com, Inc. US unknown
2988 chrome.exe 52.48.72.33:443 Amazon.com, Inc. IE unknown
2988 chrome.exe 37.157.2.238:443 Adform A/S DK unknown
2988 chrome.exe 172.217.17.34:443 Google Inc. US whitelisted
2988 chrome.exe 74.125.206.155:443 Google Inc. US whitelisted
2988 chrome.exe 212.48.120.130:443 Artfiles New Media GmbH DE unknown
2988 chrome.exe 108.174.10.10:443 LinkedIn Corporation US unknown
2988 chrome.exe 34.253.126.105:443 Amazon.com, Inc. IE unknown
2988 chrome.exe 162.247.242.18:443 New Relic US whitelisted
2988 chrome.exe 2.18.232.7:443 Akamai International B.V. –– whitelisted
2988 chrome.exe 104.244.36.20:443 Integral Ad Science, Inc. US unknown
2988 chrome.exe 172.217.22.102:443 Google Inc. US whitelisted
2988 chrome.exe 217.12.15.54:443 Yahoo! UK Services Limited GB shared
2988 chrome.exe 172.217.18.98:443 Google Inc. US whitelisted
2988 chrome.exe 3.120.63.71:443 US unknown
2988 chrome.exe 84.200.5.215:443 Accelerated IT Services GmbH DE unknown
2988 chrome.exe 104.193.83.157:443 IgnitionOne, Inc. US unknown
2988 chrome.exe 52.211.216.211:443 Amazon.com, Inc. IE unknown
2988 chrome.exe 2.19.33.59:443 Akamai International B.V. –– whitelisted
2988 chrome.exe 213.155.156.183:443 Telia Company AB –– unknown
2988 chrome.exe 136.243.75.31:443 Hetzner Online GmbH DE unknown
2988 chrome.exe 138.201.8.30:443 Hetzner Online GmbH DE unknown
2988 chrome.exe 82.220.38.147:443 BSE Software GmbH CH unknown
2988 chrome.exe 46.228.164.11:443 Turn Europe (UK) Ltd. GB unknown
2988 chrome.exe 5.148.168.135:443 Nine Internet Solutions AG CH unknown
2988 chrome.exe 169.50.137.185:443 SoftLayer Technologies Inc. US unknown
2988 chrome.exe 66.155.71.150:443 Peer 1 Network (USA) Inc. CA unknown
2988 chrome.exe 18.214.34.2:443 US unknown
2988 chrome.exe 66.117.28.68:443 Adobe Systems Inc. US whitelisted
2988 chrome.exe 54.93.128.166:443 Amazon.com, Inc. DE unknown
2988 chrome.exe 185.64.189.115:443 PubMatic, Inc. GB unknown
2988 chrome.exe 217.182.200.29:443 OVH SAS PL unknown
2988 chrome.exe 172.217.21.238:443 Google Inc. US whitelisted
2988 chrome.exe 151.101.0.166:443 Fastly US unknown
2988 chrome.exe 154.59.122.74:443 Cogent Communications US unknown
2988 chrome.exe 87.121.121.2:443 NetIX Communications Ltd. BG suspicious
2988 chrome.exe 172.217.22.78:443 Google Inc. US whitelisted
2988 chrome.exe 54.228.238.12:443 Amazon.com, Inc. IE unknown
2988 chrome.exe 18.184.119.244:443 US unknown
–– –– 107.23.87.2:443 Amazon.com, Inc. US unknown
–– –– 74.214.194.83:443 PulsePoint B.V. NL unknown
–– –– 104.18.100.194:443 Cloudflare Inc US unknown
–– –– 45.76.91.25:443 Choopa, LLC DE unknown
–– –– 146.20.132.148:443 Rackspace Ltd. US unknown
–– –– 185.64.189.110:443 PubMatic, Inc. GB unknown
–– –– 18.185.206.161:443 US unknown
–– –– 18.195.135.198:443 Amazon.com, Inc. DE unknown
–– –– 8.41.222.152:443 RhythmOne, LLC US unknown
–– –– 52.57.169.70:443 Amazon.com, Inc. DE unknown
–– –– 184.31.93.109:443 Akamai International B.V. NL whitelisted
–– –– 38.106.10.128:443 Cogent Communications US unknown
–– –– 64.158.223.140:443 Conversant, Inc. NL unknown
–– –– 151.101.0.166:443 Fastly US unknown
–– –– 52.29.30.87:443 Amazon.com, Inc. DE unknown
–– –– 18.196.234.37:443 Amazon.com, Inc. DE unknown
–– –– 52.48.207.156:443 Amazon.com, Inc. IE unknown
–– –– 147.75.102.200:443 Packet Host, Inc. US unknown
–– –– 18.153.11.16:443 US unknown
–– –– 104.109.68.123:443 Akamai International B.V. NL unknown
–– –– 198.134.116.50:443 Webair Internet Development Company Inc. US unknown
–– –– 54.243.245.131:443 Amazon.com, Inc. US unknown
–– –– 67.231.251.189:443 Turnkey Internet Inc. US unknown
–– –– 35.227.197.177:443 US unknown
–– –– 216.109.152.213:443 DataPipe, Inc. US unknown
–– –– 204.86.118.18:443 FORTRUST US unknown
–– –– 52.54.208.93:443 Amazon.com, Inc. US unknown
–– –– 35.165.169.175:443 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
sourceforge.net 216.105.38.13
whitelisted
www.gstatic.com 172.217.22.67
whitelisted
clientservices.googleapis.com 216.58.208.35
whitelisted
accounts.google.com 172.217.21.237
shared
a.fsdn.com 104.20.116.11
104.20.117.11
unknown
fonts.googleapis.com 172.217.22.10
whitelisted
fonts.gstatic.com 216.58.207.67
whitelisted
ib.adnxs.com 37.252.172.27
37.252.172.53
37.252.172.40
37.252.172.70
37.252.172.12
37.252.172.80
37.252.172.39
37.252.172.42
whitelisted
dmx.districtm.io 35.203.66.107
unknown
fastlane.rubiconproject.com 213.19.162.21
213.19.162.41
213.19.162.71
213.19.162.31
213.19.162.61
213.19.162.51
whitelisted
adserver-us.adtech.advertising.com 152.195.15.114
whitelisted
ap.lijit.com 72.251.249.9
72.251.249.13
whitelisted
bid.contextweb.com 74.214.194.134
74.214.194.133
unknown
ml314.com 52.31.106.135
54.171.224.12
34.246.247.78
34.249.56.252
whitelisted
www.google-analytics.com 216.58.210.14
whitelisted
analytics.slashdotmedia.com 216.105.38.9
unknown
cdn.taboola.com 151.101.2.2
151.101.66.2
151.101.130.2
151.101.194.2
whitelisted
tag.crsspxl.com 107.22.211.52
54.235.102.45
unknown
www.stack-sonar.com 13.35.253.62
13.35.253.25
13.35.253.122
13.35.253.23
suspicious
cacerts.digicert.com 104.18.10.39
104.18.11.39
whitelisted
x.ss2.us 13.35.254.34
13.35.254.54
13.35.254.176
13.35.254.82
whitelisted
www.download.windowsupdate.com 13.107.4.50
whitelisted
www.google.com 172.217.22.4
whitelisted
ads.pro-market.net 184.31.92.226
unknown
sb.scorecardresearch.com 23.43.115.95
whitelisted
snap.licdn.com 2.18.234.132
whitelisted
tags.bluekai.com 23.60.196.160
whitelisted
api.stack-sonar.com 34.206.117.113
52.86.217.123
unknown
sync.crwdcntrl.net 34.248.169.61
52.16.68.29
34.255.244.192
34.253.166.222
34.251.85.190
52.18.205.56
34.249.93.95
52.19.199.239
whitelisted
idsync.rlcdn.com 107.23.87.2
54.236.93.75
18.213.181.62
54.85.229.0
54.82.233.148
54.84.255.39
54.86.114.201
54.88.163.215
whitelisted
pixel.mathtag.com 2.18.233.201
whitelisted
ps.eyeota.net 3.120.224.89
whitelisted
pbid.pro-market.net 107.178.240.89
unknown
clients1.google.com 172.217.22.46
whitelisted
www.googletagservices.com 216.58.205.226
whitelisted
trc.taboola.com 151.101.2.2
151.101.66.2
151.101.130.2
151.101.194.2
whitelisted
secure.gravatar.com 192.0.73.2
whitelisted
adservice.google.ch 216.58.208.34
whitelisted
adservice.google.com 216.58.205.226
whitelisted
server.exposebox.com 35.201.85.158
unknown
i2.wp.com 192.0.77.2
whitelisted
px.powerlinks.com 54.72.100.22
34.249.185.202
52.209.1.74
34.253.62.229
52.212.162.244
54.194.234.200
34.255.153.52
54.77.49.39
whitelisted
rtb.mfadsrvr.com 18.195.160.35
18.196.37.19
18.195.230.94
whitelisted
cm.g.doubleclick.net 172.217.21.194
whitelisted
match.taboola.com 151.101.2.49
151.101.66.49
151.101.130.49
151.101.194.49
whitelisted
www.storygize.net 52.43.244.95
54.213.99.120
34.211.85.62
54.191.72.134
52.32.160.43
54.71.95.4
unknown
match.adsrvr.org 34.248.238.74
52.17.231.199
34.246.249.223
176.34.134.126
54.76.88.219
34.251.201.192
54.72.175.179
34.240.175.172
whitelisted
bttrack.com 192.132.33.27
whitelisted
x.bidswitch.net 18.153.11.16
18.153.11.17
18.153.11.18
18.153.11.19
18.153.11.20
18.153.11.21
18.153.11.15
whitelisted
ssl.trustwave.com 204.13.202.71
whitelisted
securepubads.g.doubleclick.net 216.58.206.2
whitelisted
ssl.gstatic.com 172.217.18.99
whitelisted
dpm.demdex.net 52.30.113.91
52.211.104.45
52.213.106.142
52.210.34.59
52.213.58.51
52.215.56.157
52.31.44.252
52.19.121.121
whitelisted
magnetic.t.domdex.com 54.229.221.102
52.19.5.81
52.213.101.26
54.76.46.117
whitelisted
tpc.googlesyndication.com 172.217.22.1
whitelisted
i.liadm.com 54.164.15.83
52.4.109.241
54.173.168.33
52.86.201.172
54.152.56.202
54.152.156.164
34.194.119.149
52.4.198.99
whitelisted
loadm.exelator.com 147.75.102.200
suspicious
aa.agkn.com 156.154.200.36
156.154.202.36
156.154.136.36
63.251.88.56
whitelisted
api.intentiq.com 34.224.247.57
34.202.244.152
34.200.72.209
34.233.100.133
34.192.19.119
34.194.96.156
whitelisted
secure.adnxs.com 185.33.223.100
185.33.223.215
185.33.223.197
185.33.223.80
185.33.223.203
185.33.223.210
185.33.223.216
185.33.223.204
whitelisted
js-agent.newrelic.com 151.101.2.110
151.101.66.110
151.101.130.110
151.101.194.110
whitelisted
load77.exelator.com 195.181.175.9
suspicious
px.ads.linkedin.com 185.63.144.5
whitelisted
fw.adsafeprotected.com 199.166.0.24
whitelisted
googleads.g.doubleclick.net 172.217.22.66
whitelisted
sync.mathtag.com 185.29.135.233
185.29.135.42
185.29.132.21
185.29.135.181
whitelisted
d.turn.com 46.228.164.13
whitelisted
cms.analytics.yahoo.com 188.125.66.34
whitelisted
blip.bizrate.com 192.138.218.96
unknown
pxl.connexity.net 63.251.210.243
whitelisted
ce.lijit.com 72.251.249.9
72.251.249.13
whitelisted
thrtle.com 52.7.2.46
34.193.227.152
34.237.94.112
54.84.105.44
54.236.143.74
107.21.48.136
whitelisted
d.agkn.com 52.48.72.33
34.245.244.46
52.214.12.233
52.208.88.219
52.215.241.85
52.31.114.28
34.252.154.128
54.76.8.53
whitelisted
c1.adform.net 37.157.2.238
37.157.4.25
37.157.6.247
37.157.4.24
37.157.6.253
37.157.2.239
whitelisted
pagead2.googlesyndication.com 172.217.17.34
whitelisted
bid.g.doubleclick.net 74.125.206.155
74.125.206.156
74.125.206.154
74.125.206.157
whitelisted
rtd.tubemogul.com 151.101.2.49
151.101.66.49
151.101.130.49
151.101.194.49
suspicious
www.usemax.de 212.48.120.130
unknown
www.linkedin.com 108.174.10.10
whitelisted
rtd-tm.everesttech.net 151.101.2.49
151.101.66.49
151.101.130.49
151.101.194.49
whitelisted
partner.mediawallahscript.com 34.253.126.105
52.208.39.108
unknown
bam.nr-data.net 162.247.242.18
162.247.242.19
162.247.242.20
162.247.242.21
whitelisted
sync.teads.tv 2.18.232.7
whitelisted
dt.adsafeprotected.com 104.244.36.20
whitelisted
s0.2mdn.net 172.217.22.102
whitelisted
ads.yahoo.com 217.12.15.54
217.12.15.83
whitelisted
cms.quantserve.com 3.120.63.71
18.195.162.149
18.195.195.24
18.195.84.125
35.156.145.106
3.120.80.142
18.184.103.21
35.157.170.79
whitelisted
googleads4.g.doubleclick.net 172.217.18.98
whitelisted
cct.connects.ch 84.200.5.215
unknown
google2waycm.netmng.com 104.193.83.157
whitelisted
pm.w55c.net 52.211.216.211
63.35.14.165
34.246.226.37
52.211.126.75
52.17.193.113
52.51.36.50
52.48.36.191
34.247.150.55
whitelisted
tracking.m6r.eu 2.19.33.59
shared
d5p.de17a.com 213.155.156.183
213.155.156.166
213.155.156.184
213.155.156.168
213.155.156.164
213.155.156.181
213.155.156.167
213.155.156.185
213.155.156.169
213.155.156.182
213.155.156.180
213.155.156.165
whitelisted
px.adhigh.net 136.243.75.31
136.243.75.11
136.243.75.10
136.243.75.28
136.243.75.8
136.243.75.9
136.243.75.6
136.243.75.35
136.243.75.29
136.243.75.7
136.243.75.30
136.243.75.34
136.243.75.32
136.243.75.33
whitelisted
www.militaershop.ch 82.220.38.147
unknown
google-sync.rutarget.ru 138.201.8.30
whitelisted
ad.turn.com 46.228.164.11
whitelisted
www.adtracker.ch 5.148.168.135
unknown
um.simpli.fi 169.50.137.185
159.253.128.188
159.253.128.183
whitelisted
pixel-sync.sitescout.com 66.155.71.150
whitelisted
r.turn.com 46.228.164.11
unknown
id.rlcdn.com 18.214.34.2
18.213.181.62
34.192.130.172
34.196.120.233
34.193.122.41
34.192.19.184
34.195.208.119
34.193.122.206
whitelisted
pixel.everesttech.net 66.117.28.68
whitelisted
odr.mookie1.com 54.93.128.166
52.29.130.14
52.57.13.127
52.58.245.253
18.194.82.60
52.58.116.144
18.194.206.25
18.185.204.60
whitelisted
image6.pubmatic.com 185.64.189.115
whitelisted
googlecm.hit.gemius.pl 217.182.200.29
54.38.193.173
79.137.69.120
79.137.69.91
79.137.68.187
217.182.200.19
54.38.193.161
217.182.200.41
54.38.193.101
217.182.201.168
217.182.200.20
54.38.193.172
unknown
fcmatch.google.com 172.217.21.238
whitelisted
fcmatch.youtube.com 172.217.22.46
whitelisted
bh.contextweb.com 151.101.0.166
151.101.64.166
151.101.128.166
151.101.192.166
unknown
acuityplatform.com 154.59.122.74
whitelisted
downloads.sourceforge.net 216.105.38.13
malicious
netix.dl.sourceforge.net 87.121.121.2
suspicious
sb-ssl.google.com 172.217.22.78
whitelisted
sync.sharethis.com 18.184.119.244
18.195.194.147
18.185.185.214
3.120.53.177
whitelisted
beacon.krxd.net 54.228.238.12
54.217.204.79
46.137.189.8
46.137.126.71
46.137.100.245
54.228.202.240
54.228.214.7
54.217.235.132
whitelisted
ams-tr.contextweb.com 74.214.194.83
unknown
pp-m.ns1p.net 45.76.91.25
unknown
p.adsymptotic.com 104.18.100.194
104.18.102.194
104.18.101.194
104.18.99.194
104.18.98.194
whitelisted
cs.lkqd.net 146.20.132.148
146.20.132.151
146.20.132.154
146.20.132.159
146.20.132.150
146.20.132.153
146.20.132.147
146.20.132.152
146.20.132.146
146.20.132.149
146.20.132.158
146.20.132.157
146.20.132.156
146.20.132.155
146.20.132.160
146.20.132.161
whitelisted
pixel.quantserve.com 18.185.206.161
18.185.191.3
18.195.84.125
18.195.162.149
18.195.154.247
18.195.195.24
18.194.241.115
18.194.20.165
whitelisted
image2.pubmatic.com 185.64.189.110
whitelisted
openx2-match.dotomi.com 64.158.223.140
whitelisted
i.w55c.net 18.195.135.198
18.185.170.232
18.196.199.155
18.196.44.198
18.196.45.133
35.158.49.82
52.29.111.2
52.58.250.149
whitelisted
px.owneriq.net 184.31.93.109
whitelisted
sync.1rx.io 8.41.222.152
whitelisted
pixel.advertising.com 52.57.169.70
52.28.223.105
52.28.225.2
18.184.227.16
52.28.26.190
52.59.18.200
whitelisted
simage2.pubmatic.com 185.64.189.110
whitelisted
connexity.net 38.106.10.128
whitelisted
eb2.3lift.com 52.29.30.87
52.57.63.85
35.158.208.93
35.156.120.45
52.57.92.140
52.28.36.252
52.59.56.137
52.58.151.191
whitelisted
match.sharethrough.com 18.196.234.37
52.58.215.106
35.157.200.218
18.196.248.157
whitelisted
match.zorosrv.com 151.101.2.49
151.101.66.49
151.101.130.49
151.101.194.49
suspicious
match.prod.bidr.io 52.48.207.156
52.213.193.252
52.213.63.19
52.213.182.186
52.213.182.66
52.214.119.15
52.212.115.169
whitelisted
ad.yieldlab.net 104.109.68.123
unknown
rtb.nativeads.com 198.134.116.50
unknown
cks.mynativeplatform.com 54.243.245.131
23.23.144.134
whitelisted
pixel.s3xified.com 67.231.251.189
whitelisted
pixel.tapad.com 35.227.197.177
whitelisted
track-west.mobileadtrading.com 216.109.152.213
216.109.152.212
216.109.152.214
unknown
ads.altitude-arena.com 204.86.118.18
204.86.118.17
66.35.58.87
unknown
dsp.videostat.com 35.165.169.175
52.26.37.166
52.32.30.230
unknown
ads.deliverimp.com 52.54.208.93
34.205.221.87
34.201.179.231
34.230.210.252
52.21.143.136
52.71.95.76
whitelisted

Threats

PID Process Class Message
2988 chrome.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions
2988 chrome.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions
2988 chrome.exe Generic Protocol Command Decode SURICATA STREAM reassembly overlap with different data

Debug output strings

No debug info.