General Info

URL

http://www.shoedc.com/

Full analysis
https://app.any.run/tasks/ad85f9e3-483a-4881-882e-d54b78c927ad
Verdict
Malicious activity
Analysis date
8/13/2019, 15:00:47
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Application launched itself
  • chrome.exe (PID: 3016)
Reads settings of System Certificates
  • chrome.exe (PID: 2648)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
47
Monitored processes
13
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3016
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.shoedc.com/"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wpc.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\samlib.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\wbem\wmiperfinst.dll
c:\windows\system32\pdh.dll
c:\windows\system32\audioses.dll

PID
272
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f2da9d0,0x6f2da9e0,0x6f2da9ec
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2824
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=916 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_watcher.dll

PID
3836
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1012,15589442424101688304,16989521149741040610,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=5240960095028577687 --mojo-platform-channel-handle=1024 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libegl.dll

PID
2648
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,15589442424101688304,16989521149741040610,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=18224584241052606926 --mojo-platform-channel-handle=1484 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\dbghelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ntmarta.dll

PID
3788
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,15589442424101688304,16989521149741040610,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9989212653286998059 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3720
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,15589442424101688304,16989521149741040610,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16154401444657770143 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
4072
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,15589442424101688304,16989521149741040610,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12943582183344788142 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2768
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,15589442424101688304,16989521149741040610,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6845809696035116274 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
536
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,15589442424101688304,16989521149741040610,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14757849652461544505 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3084
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1012,15589442424101688304,16989521149741040610,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=7108839103838590286 --mojo-platform-channel-handle=3568 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
3020
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,15589442424101688304,16989521149741040610,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=9956057361829909188 --mojo-platform-channel-handle=1300 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
2916
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,15589442424101688304,16989521149741040610,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=4536047079344494476 --mojo-platform-channel-handle=488 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
569
Read events
530
Write events
38
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3016
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
3016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
3016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3016
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13210174864232750
3016
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2824
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3016-13210174863373375
259
2648
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
3020
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US

Files activity

Executable files
0
Suspicious files
29
Text files
63
Unknown types
0

Dropped files

PID
Process
Filename
Type
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF3862e0.TMP
text
MD5: 5e2a2b0c6c56479c93889edd4e6fe630
SHA256: 86cb8d3d945c97291e8c940e043c3721fa87ae5e4a773c58d3cca06a2f7a2cdb
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d17924672a504fd2_0
binary
MD5: 788771ea4add38f7cc49bf9f2ad18f20
SHA256: fd6fdb672f9ed14b1c1deb5e7333179123261d29bdbc2f101dbc72bfcc050dcd
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\51205392-b3b8-4b89-9f81-d9cdb229b55c.tmp
––
MD5:  ––
SHA256:  ––
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 4e6be62a67b2b911d5680ea00e73847d
SHA256: befb3a427bdfb770c5ecc4598d2aa90daadfc733dd97635bb69dffdfaf10d699
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF383bd0.TMP
text
MD5: 4e6be62a67b2b911d5680ea00e73847d
SHA256: befb3a427bdfb770c5ecc4598d2aa90daadfc733dd97635bb69dffdfaf10d699
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d9889e38-0212-4871-984f-5812c4a5f470.tmp
––
MD5:  ––
SHA256:  ––
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
binary
MD5: 4eda401d904dd47e258180a336d55c85
SHA256: 22027add312f176b36c71f306d84ff7af7d632e693e5597e49167ea4eabf5f07
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RF381b67.TMP
binary
MD5: 4eda401d904dd47e258180a336d55c85
SHA256: 22027add312f176b36c71f306d84ff7af7d632e693e5597e49167ea4eabf5f07
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 401339a2ae86697f6c08a90a8e84e463
SHA256: 4e027e5cde36ad98563bf11dc9be06a1046d0f7a96e722155b4a8b59abda3a14
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF38031c.TMP
text
MD5: 401339a2ae86697f6c08a90a8e84e463
SHA256: 4e027e5cde36ad98563bf11dc9be06a1046d0f7a96e722155b4a8b59abda3a14
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\bab20e0d-92f4-4b69-aa45-9873d80a098a.tmp
––
MD5:  ––
SHA256:  ––
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
image
MD5: 2021a9efd39405e1a3d3eccaf46f1e3f
SHA256: 9247399aba52aed40ead7c03e774d281537f316ea1dfc3b61c0bfb43558e0ab8
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
image
MD5: eb00421a8162adbe14b5ee48acf692be
SHA256: e939f9ba40b02a251a7e49434d93e1d1fc45d3395caf67163363793b94abe34d
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
image
MD5: 7153cb4ecbe62eb03486bba6b9a52899
SHA256: 7e00523d14b34b4529d855bf254a749e25320fe69bbb2aaf836df97592efe559
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 954c6058a3e1ba2820bd85ad88e57ffd
SHA256: 80f6cc203a97a0f3fe51cf63ab3d0cca33a9f21c162af93ca66b1862058c087c
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF37cdf3.TMP
text
MD5: 954c6058a3e1ba2820bd85ad88e57ffd
SHA256: 80f6cc203a97a0f3fe51cf63ab3d0cca33a9f21c162af93ca66b1862058c087c
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\dc295ead-43e5-4ffd-bf45-1fba1492979a.tmp
––
MD5:  ––
SHA256:  ––
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b71e8cf3c1136ec9_0
binary
MD5: e39c6c18a25cea9d4b0ecf1bf345b038
SHA256: a2df263a1d0a2646d9e3283948f1c008c4bbeefe240b93457ba2c085bf679354
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
image
MD5: 997a281bee4be73536ea28d42af7b30c
SHA256: bcf4c2eee84b5f2bee124e6a225058c265db526e808e89769ff4c3e14a05fd3f
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8bba3d643a81d433_0
binary
MD5: 4b930ac4fda2e66b9b6d24e326799541
SHA256: e81827cf5912400ad450cd2f28fd8d151c83566c9cb009650f3d6105cf588a19
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\13dd76fa00c68a24_0
binary
MD5: 3696c52ca97d04a0c7d737ce664f5696
SHA256: a8510798bfd3e21ad531e8847ad38baeb0f49629d2c9b2605d95563f1db3fbbd
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2b1dde2afbf08d58_0
binary
MD5: 5595bef95a6f905e6fd754a835517ef5
SHA256: 81ed256f5f346d0bf8ea78f265ba13fd9193fd1998a012e889bd40e1bff3ccb4
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF37c642.TMP
text
MD5: 1bd5b3a22b82c1f19bbcc3441b5f57c7
SHA256: fe8a4306777c06f4ee0d4c4678d3a488d23686de23af3d7ebf9da1d6fdcf3226
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 1bd5b3a22b82c1f19bbcc3441b5f57c7
SHA256: fe8a4306777c06f4ee0d4c4678d3a488d23686de23af3d7ebf9da1d6fdcf3226
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\226a6a80-5f2c-4627-92ca-a860e24419e7.tmp
––
MD5:  ––
SHA256:  ––
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 6e2cbe0ac0c0b17fe2a02285ad542f9e
SHA256: 3f1963b5b8f712fe1fe1693aa1f880f82af04b3c34c7b591609892e8fe46b7ce
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF37c5a6.TMP
text
MD5: 6e2cbe0ac0c0b17fe2a02285ad542f9e
SHA256: 3f1963b5b8f712fe1fe1693aa1f880f82af04b3c34c7b591609892e8fe46b7ce
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\95282d67-37e4-4242-9f79-28f5cc58f11c.tmp
––
MD5:  ––
SHA256:  ––
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
image
MD5: 459c346e897fe73d729d38eb11917db6
SHA256: 695a931f2eb8f1e24ec9739a55485fbab02da05ee97147d4577a702907f5c2e7
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ec415566ef4cb2e9_0
binary
MD5: df84055363adcf1f5459a848460c3ae9
SHA256: 6c2abfdf1d2f2b5ce952134173ef0f744842636e6deac8927c985447ed7f701b
2648
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: f8732a268c19015a82e9cdef6fe48fb5
SHA256: c75b58abd51f11e53eb008e127da979acb08ca5fe5b0155109c02c702addc9ae
2648
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarB31F.tmp
––
MD5:  ––
SHA256:  ––
2648
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabB31E.tmp
––
MD5:  ––
SHA256:  ––
2648
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarB2AF.tmp
––
MD5:  ––
SHA256:  ––
2648
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabB2AE.tmp
––
MD5:  ––
SHA256:  ––
2648
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 58a3badc25e15583224e2b922f370a4f
SHA256: 7e0630e9c468031329cad1a21bfb37c12153bda0f4d6298ee1b8682dd0c35f8a
2648
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarAE29.tmp
––
MD5:  ––
SHA256:  ––
2648
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabAE28.tmp
––
MD5:  ––
SHA256:  ––
2648
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarAE17.tmp
––
MD5:  ––
SHA256:  ––
2648
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabAE16.tmp
––
MD5:  ––
SHA256:  ––
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
image
MD5: b6136991cc639ee60ed2082a7d36e56c
SHA256: bfe4bba5f1236dbb8e4b2c7c7dece32b467e9df26b4896a7b7600173770d8bfe
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
image
MD5: 33ac0ec1a028a3918d8433307168261b
SHA256: ef1f092d412e98536a77fa87536999fd8fbb9d9417849eb0913b8d848d3a6908
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
image
MD5: 9f8a78f5d243b88c83f6caa9ea8047f8
SHA256: 509ac16133cc2924af22ac58409d6c8c1ee7f3149e80d28ac88f23b9ccb8aa57
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
image
MD5: 5a42a9d37a277584563f7037cc0d1866
SHA256: 895cccc8e6732a8fece5aa85420fce862c6a10bde16a7418208e1e8e3bd97e78
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 5e2a2b0c6c56479c93889edd4e6fe630
SHA256: 86cb8d3d945c97291e8c940e043c3721fa87ae5e4a773c58d3cca06a2f7a2cdb
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
compressed
MD5: 05cdcd77dfc686873ae5f58482653014
SHA256: 656fe9df1f55fefe7c91b12e70968b7924a32be90aae73b66c067726116f88df
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
compressed
MD5: 5620bb2af18e10a921fbf7067ec9f92e
SHA256: 8ed8433f30c51285c4bcb605f8e7d3ab6b11bd2fa6e05f50b1285995bf3b2397
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\212316aee3bb1a43_0
binary
MD5: 969cb56ff2d5a16cba23073ca45a384c
SHA256: 1affc3bcdbcb16dfb06eca6b4ad29692cd1700caf2148ef05bc38d2eecef5e6b
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b654e953039d9ffc_0
binary
MD5: cc6c46960ac8aadd0ecc16306b95c894
SHA256: 2fc2351fdf9e0eaf44d1c9195f431161340064f3a64cc81daf7143f6e71724e2
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
image
MD5: 891c7f59c271a65c48bc75c4b563f063
SHA256: a3ea61d11818feba067a297d76fb056fee1946936d75bdd53cc7ddb847e6c971
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
image
MD5: 9d1d3e93e7f1421cabb1f8ee7a92de62
SHA256: 375cc1ea59b753b974c4c9771642dbb613267943b5b03c58110422ef200dab19
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
image
MD5: c28bd3399ecaf24e61fb706d13b08058
SHA256: 92a91bb4749a6b2188cb562141cdecac919acdb182bfe75d07a18f35341ec3a0
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
compressed
MD5: 91dde202cfaaa17dd638f97e6bc47e65
SHA256: d42054123133cc400afbf288b9549150ca7477898c4526a2172fe7322adfee3f
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8c66985a43347043_0
binary
MD5: 812f56ca76716bf060930eb69b14e76c
SHA256: b959e255ded44bf477e09671da95d5961980c63edeb8fb1ba16b8d09394ac505
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2fb541f472314c14_0
binary
MD5: 7a1d74c47f84678973f4d7bd9ce9c129
SHA256: 398ef3ca756673c96ed0c757f8699bd25eb6ce33b4d73af9cf055bdac48212ad
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 92eb31d830454841999ecdb4a714d301
SHA256: 63f01870e03b0329f3ae859435ef5610661a45085390af36275ae7d6808c8ffb
2648
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
compressed
MD5: 1869467f5241c4a4af2b50dd0268bc80
SHA256: bc9808416c618c6c9a704f2299feec9ac2461fd55f138325f4a8fe71fb853572
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 97aa7678fb9d338d08c371711b54a104
SHA256: 4657635b66fa68ae1550b7bff4e54016f8874b4df43a004c9a7244c8465c6ca8
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF37a414.TMP
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF37a3d5.TMP
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
text
MD5: f266972810e3865605adbbcc3bcdebe1
SHA256: 6564b3898e7d9d84226b13e96ce4e28b4c11ab2d883386bf41fa0d813d4b9d0a
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
binary
MD5: 891a884b9fa2bff4519f5f56d2a25d62
SHA256: e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
––
MD5:  ––
SHA256:  ––
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old
text
MD5: 722d616be0caaf9ed585c9aea7f3742c
SHA256: f86c514fa380332be463670b3b334c8feedc2f6cb9b4118ea367729b056de0fb
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old
text
MD5: 911b244e4a362b56f2478647d2d61a40
SHA256: 3a5aec1ea537d8841e604d0aa4cd5f9241c805a3d4eb4e372cfb7eeb3678a361
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF379fed.TMP
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 0acecca4cf9ade756da7cc9dcdf02d50
SHA256: 18f910775132b4fee014ea0fab836d857f367e76232fab4ae6a86a92e4c3ebee
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF379fbf.TMP
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF379f9f.TMP
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
––
MD5:  ––
SHA256:  ––
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\107b3784-a75b-4891-aeb4-a49b61e75ca9.tmp
––
MD5:  ––
SHA256:  ––
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: a519780ed0a2f4336db4f5651d79c369
SHA256: da5b71bd0075b55757bf757bf5f4d4a1dcbcf0762cda5b31b28680963e068c75
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 0686d6159557e1162d04c44240103333
SHA256: 3303d5eed881951b0bb52cf1c6bfa758770034d0120c197f9f7a3520b92a86fb
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF379f90.TMP
text
MD5: a519780ed0a2f4336db4f5651d79c369
SHA256: da5b71bd0075b55757bf757bf5f4d4a1dcbcf0762cda5b31b28680963e068c75
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 213ae3da120d7862d60b5763b6c9d466
SHA256: 5736534d6ee654c1bf1a8e79e73330af58f622e8657285330d2c7189a55604f4
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF379f51.TMP
text
MD5: 213ae3da120d7862d60b5763b6c9d466
SHA256: 5736534d6ee654c1bf1a8e79e73330af58f622e8657285330d2c7189a55604f4
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: c4d6cbb269c626168a5d6d0d8cce6c30
SHA256: b62cdbb758278a0c2e50593357390119441d8de09428eb29027f3dfd1332e348
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF379f51.TMP
text
MD5: c4d6cbb269c626168a5d6d0d8cce6c30
SHA256: b62cdbb758278a0c2e50593357390119441d8de09428eb29027f3dfd1332e348
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF379f51.TMP
text
MD5: dc32343f45b01764b6267ad36548102a
SHA256: a250f5ad57d4bd58aae92810d50278e3be2dbf869f126a3a3519691bcdfc2075
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: dc32343f45b01764b6267ad36548102a
SHA256: a250f5ad57d4bd58aae92810d50278e3be2dbf869f126a3a3519691bcdfc2075
3016
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: 1a89a1bebe6c843c4ff582e7ed33ca1f
SHA256: 65099ca087b66aa8ca420ab121daad713e1db5a61c5a574d9b1c0df24f012520
272
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
37
TCP/UDP connections
29
DNS requests
22
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/ US
html
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/css/style.css US
text
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/css/style_body.css US
text
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/css/stylesheet.css US
text
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/css/stylesheet_css_buttons.css US
text
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/template_default/jscript/jscript_jquery.min.js US
text
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/images/logo.gif US
image
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/images/search.gif US
image
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/images/banner1.jpg US
image
unknown
2648 chrome.exe GET 200 220.242.140.187:80 http://js.users.51.la/19271495.js CN
html
malicious
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/images/adishoes/Adidas-Outdoor-022.jpg US
image
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/images/adishoes/Adidas-Outdoor-021.jpg US
image
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/images/adishoes/Adidas-Outdoor-020.jpg US
image
unknown
2648 chrome.exe GET 200 88.221.164.163:80 http://s7.addthis.com/js/300/addthis_widget.js unknown
text
whitelisted
2648 chrome.exe GET 200 114.55.62.236:80 http://www.365webcall.com/IMMe1.aspx?settings=mw7Nm66mIw7I7Nz3APw0X6z3AIPXXXz3A66mmNP&LL=1 CN
text
unknown
2648 chrome.exe GET 200 183.131.207.66:80 http://ia.51.la/go1?id=19271495&rt=1565701266752&rl=1280*720&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=Wholesale%2520Price%2520Nike%2520Air%2520Max%25202&ing=1&ekc=&sid=1565701266752&tt=Shoe%2520DC%2520-%2520Nike%2520Air%2520Max%25202017%252CNike%2520Air%2520Jordan%252CNike%2520Air%2520Force%2520Company&kw=cheap%2520nike%2520air%2520max%252Cnike%2520air%2520max%25202017%252Cnike%2520air%2520max%25202018%252Cdiscount%2520nike%2520huarache&cu=http%253A%252F%252Fwww.shoedc.com%252F&pu= CN
––
––
suspicious
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/images/adishoes/Adidas-Outdoor-007.jpg US
image
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/images/adishoes/Adidas-Outdoor-009.jpg US
image
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/images/adishoes/Adidas-Outdoor-008.jpg US
image
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/images/hot.gif US
image
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/images/free.gif US
image
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/images/adishoes/Adidas-Outdoor-011.jpg US
image
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/images/adishoes/Adidas-Outdoor-010.jpg US
image
unknown
2648 chrome.exe GET –– 209.134.22.126:80 http://www.shoedc.com/images/adishoes/Adidas-Outdoor-019.jpg US
––
––
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/images/adishoes/Adidas-Outdoor-018.jpg US
image
unknown
2648 chrome.exe GET 200 92.122.213.201:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab unknown
compressed
whitelisted
2648 chrome.exe GET 200 92.122.213.201:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt unknown
der
whitelisted
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/buttons/english/button_subscribe.gif US
image
unknown
2648 chrome.exe GET 404 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/images/footer_black_li.jpg US
html
unknown
2648 chrome.exe GET 404 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/images/share_web_all.png US
html
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/images/facebook.jpg US
image
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/images/instagram.jpg US
image
unknown
2648 chrome.exe GET –– 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/images/pinterest.jpg US
––
––
unknown
2648 chrome.exe GET –– 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/images/twitter.jpg US
––
––
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/images/youtube.jpg US
image
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/images/footbg.jpg US
image
unknown
2648 chrome.exe GET 200 209.134.22.126:80 http://www.shoedc.com/includes/templates/classic/css/print_stylesheet.css US
text
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2648 chrome.exe 172.217.22.35:443 Google Inc. US whitelisted
2648 chrome.exe 209.134.22.126:80 Worldsite Networks US unknown
2648 chrome.exe 172.217.18.109:443 Google Inc. US unknown
2648 chrome.exe 220.242.140.187:80 CN suspicious
2648 chrome.exe 88.221.164.163:80 Akamai International B.V. –– unknown
2648 chrome.exe 114.55.62.236:80 Hangzhou Alibaba Advertising Co.,Ltd. CN unknown
2648 chrome.exe 183.131.207.66:80 DaLi CN suspicious
2648 chrome.exe 114.55.62.236:443 Hangzhou Alibaba Advertising Co.,Ltd. CN unknown
2648 chrome.exe 88.221.164.163:443 Akamai International B.V. –– unknown
2648 chrome.exe 23.210.248.44:443 Akamai International B.V. NL whitelisted
2648 chrome.exe 172.217.18.110:443 Google Inc. US whitelisted
2648 chrome.exe 92.122.213.201:80 Akamai International B.V. –– whitelisted
2648 chrome.exe 172.217.16.196:443 Google Inc. US whitelisted
2648 chrome.exe 216.58.207.67:443 Google Inc. US whitelisted
2648 chrome.exe 216.58.207.35:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
www.shoedc.com 209.134.22.126
unknown
accounts.google.com 172.217.18.109
shared
clientservices.googleapis.com 172.217.22.35
whitelisted
js.users.51.la 220.242.140.187
163.171.128.16
220.242.139.165
220.242.182.12
malicious
www.365webcall.com 114.55.62.236
unknown
s7.addthis.com 88.221.164.163
whitelisted
instagram.com 18.205.183.46
52.86.254.17
52.23.106.204
54.210.172.8
52.7.77.193
107.21.6.35
52.86.60.8
100.26.6.44
whitelisted
www.twitter.com 104.244.42.65
104.244.42.193
whitelisted
ia.51.la 183.131.207.66
suspicious
www.pinterest.com 23.210.248.189
whitelisted
www.facebook.com 31.13.92.36
whitelisted
www.youtube.com 172.217.18.110
172.217.16.206
216.58.210.14
172.217.22.110
172.217.16.142
216.58.208.46
172.217.16.174
172.217.23.142
172.217.18.174
172.217.22.14
172.217.21.238
216.58.205.238
172.217.21.206
whitelisted
www.51.la 183.131.207.66
suspicious
clients1.google.com 172.217.18.110
whitelisted
v1.addthis.com 23.210.248.44
unknown
www.addthis.com 23.210.248.44
whitelisted
www.download.windowsupdate.com 92.122.213.201
92.122.213.217
whitelisted
www.google.com 172.217.16.196
whitelisted
ssl.gstatic.com 216.58.207.67
whitelisted
www.gstatic.com 216.58.207.35
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.