General Info

URL

http://www.wujingwei.com/yis24.com/NH0/

Full analysis
https://app.any.run/tasks/1002b2d6-30fe-4721-9da7-7ae55bc6ab3b
Verdict
Malicious activity
Analysis date
3/14/2019, 14:35:47
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
emotet
banker
opendir
trojan
feodo
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Connects to CnC server
  • wabmetagen.exe (PID: 1088)
Application was dropped or rewritten from another process
  • wabmetagen.exe (PID: 1088)
  • wabmetagen.exe (PID: 900)
  • L7VjF.exe (PID: 1348)
  • L7VjF.exe (PID: 3184)
Emotet process was detected
  • wabmetagen.exe (PID: 900)
Changes the autorun value in the registry
  • wabmetagen.exe (PID: 1088)
EMOTET was detected
  • wabmetagen.exe (PID: 1088)
Downloads executable files from the Internet
  • chrome.exe (PID: 2996)
Starts itself from another location
  • L7VjF.exe (PID: 1348)
Executable content was dropped or overwritten
  • L7VjF.exe (PID: 1348)
  • chrome.exe (PID: 2996)
Application launched itself
  • wabmetagen.exe (PID: 900)
  • L7VjF.exe (PID: 3184)
Cleans NTFS data-stream (Zone Identifier)
  • L7VjF.exe (PID: 1348)
Reads Internet Cache Settings
  • chrome.exe (PID: 2996)
Application launched itself
  • chrome.exe (PID: 2996)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
43
Monitored processes
14
Malicious processes
5
Suspicious processes
0

Behavior graph

+
drop and start start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs l7vjf.exe no specs l7vjf.exe chrome.exe no specs #EMOTET wabmetagen.exe no specs #EMOTET wabmetagen.exe chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2996
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.wujingwei.com/yis24.com/NH0/
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\users\admin\downloads\l7vjf.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wshqos.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\mf.dll

PID
3744
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f5000b0,0x6f5000c0,0x6f5000cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2988
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3000 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
2160
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=964,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=D24AAD625AB16B6FA0E38663173B429A --mojo-platform-channel-handle=1032 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2648
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=964,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --service-pipe-token=CD0217BAD264DA8D76ECA4608A9A894F --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=CD0217BAD264DA8D76ECA4608A9A894F --renderer-client-id=4 --mojo-platform-channel-handle=1900 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3204
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=964,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --service-pipe-token=4FF06B6EAE765D4E6A9019CAB33F4FBE --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4FF06B6EAE765D4E6A9019CAB33F4FBE --renderer-client-id=3 --mojo-platform-channel-handle=2132 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2456
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=964,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=141ACB5A75AC8087FDB299DB0E9D8695 --mojo-platform-channel-handle=3512 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3956
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=964,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=8EC1B66A00C4D9B2266E2373E2722F1B --mojo-platform-channel-handle=768 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
3184
CMD
"C:\Users\admin\Downloads\L7VjF.exe"
Path
C:\Users\admin\Downloads\L7VjF.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® HTML Help Executable
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\users\admin\downloads\l7vjf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
1348
CMD
"C:\Users\admin\Downloads\L7VjF.exe"
Path
C:\Users\admin\Downloads\L7VjF.exe
Indicators
Parent process
L7VjF.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® HTML Help Executable
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\users\admin\downloads\l7vjf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\wabme
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll

PID
2644
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=964,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=CFA54807F2F4BDEBC95EE5EAFC2E0827 --mojo-platform-channel-handle=516 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
900
CMD
"C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe"
Path
C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe
Indicators
Parent process
L7VjF.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® HTML Help Executable
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\users\admin\appdata\local\wabmetagen\wabmetagen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
1088
CMD
"C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe"
Path
C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe
Indicators
Parent process
wabmetagen.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft® HTML Help Executable
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\users\admin\appdata\local\wabmetagen\wabmetagen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll

PID
3768
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=964,242606157672125368,8062065844879851193,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=16C3A58A0F69C2E7C09363539A070E75 --mojo-platform-channel-handle=3916 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
956
Read events
871
Write events
83
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2988
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2996-13197044168290375
259
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2996
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2996
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2996
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2996
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2996
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2996
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13197044169931000
2996
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307030004000E000D00250001005F0300000000
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
1A55C7176BDAD401
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
2996
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
77C01760378108A87437C3C0367F1B6E3E0FA6199E895F2648DB3802D5B3EB4B
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
982F99B99E32DDCFCC144E290F8D768869A11AF494911C7C9C0593C84917B735
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
C3A089B38E06006C59C8912E96DB7991CB5AB339B9C2A460FAACCD5FDB5B97C3
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
03604F7863A6A9232C3DD1481AD55A2E1A7437217E1EBD03E8EC67C824E3811F
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
0875757ED970A1362CA79CC36516546B144F728BA2B2EB68C290E99E801FB809
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
F12A4A541FBA90BA61FB28B8FC6CF33D6BDE75AA5616535EDBA2C54819E8221A
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
37A858BD3327FACA61D625B462EC605ED64E520E108B94F4C3325B757DB435C4
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
17F7787CEDB9B66B8D78F7E985DCA6E31DBA26B1F7D92176EDBEDAFB5838AEBC
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
9A0044B183822416E036FA2670FC5F085B3D015E358899EB0B24B5D6E5EEB39D
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
0EF69A6ED90E32D64837156F6BED16AD213DFF7C9811D7B7F47A4FA4C091DAC1
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
131ABB7F4935A3B118D0E3240DBEBB7974E33F43217887246DC2A069AF48ED7D
2996
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
B8A7BA51A7378F1E51CF1B15ADE39395DA94448ABC61F8A20DBFEA230AC33029
3956
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
1088
wabmetagen.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wabmetagen_RASAPI32
EnableFileTracing
0
1088
wabmetagen.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wabmetagen_RASAPI32
EnableConsoleTracing
0
1088
wabmetagen.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wabmetagen_RASAPI32
FileTracingMask
4294901760
1088
wabmetagen.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wabmetagen_RASAPI32
ConsoleTracingMask
4294901760
1088
wabmetagen.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wabmetagen_RASAPI32
MaxFileSize
1048576
1088
wabmetagen.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wabmetagen_RASAPI32
FileDirectory
%windir%\tracing
1088
wabmetagen.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wabmetagen_RASMANCS
EnableFileTracing
0
1088
wabmetagen.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wabmetagen_RASMANCS
EnableConsoleTracing
0
1088
wabmetagen.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wabmetagen_RASMANCS
FileTracingMask
4294901760
1088
wabmetagen.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wabmetagen_RASMANCS
ConsoleTracingMask
4294901760
1088
wabmetagen.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wabmetagen_RASMANCS
MaxFileSize
1048576
1088
wabmetagen.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wabmetagen_RASMANCS
FileDirectory
%windir%\tracing
1088
wabmetagen.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1088
wabmetagen.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1088
wabmetagen.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
wabmetagen
"C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe"

Files activity

Executable files
4
Suspicious files
37
Text files
131
Unknown types
3

Dropped files

PID
Process
Filename
Type
1348
L7VjF.exe
C:\Users\admin\AppData\Local\wabmetagen\wabmetagen.exe
executable
MD5: 58481c76f3e50057c0c3db0b008f514a
SHA256: 55bedf3382a8107ac52b9385650ee5710eb0ba284c39a2ec4f1a59fa4827d911
2996
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 854132.crdownload
executable
MD5: 58481c76f3e50057c0c3db0b008f514a
SHA256: 55bedf3382a8107ac52b9385650ee5710eb0ba284c39a2ec4f1a59fa4827d911
2996
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 854132.crdownload
executable
MD5: 8e7ce927fa4613c213df9a18d873b5fa
SHA256: e74d1f006cf54acde71127728c1a12bb5005aa7b5cadcc52bf699a9cc9a4722f
2996
chrome.exe
C:\Users\admin\Downloads\L7VjF.exe
executable
MD5: 58481c76f3e50057c0c3db0b008f514a
SHA256: 55bedf3382a8107ac52b9385650ee5710eb0ba284c39a2ec4f1a59fa4827d911
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
woff
MD5: 7c4cbe928205c888831ba76548563ca3
SHA256: 71c12656535e99119c2a952c10554cd6f47c6923d2d96155a7833276e68992af
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store_new
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store
binary
MD5: 0f09498dbbd2a78aa34d3d74f5bba927
SHA256: 4354f5b75ad8a05fb9fce0318c5810eee954c81f091f9a90188a991c35ffed49
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store
binary
MD5: 16e294070e1b5d8e1a9098ab7efebbd5
SHA256: ff88aecaa4eeb55e76cb9b90356d499abdd3eeb6c7aa32f89f4c95510132850d
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store
binary
MD5: c24ea551fabc0efc7515f69e73bf528d
SHA256: 752c2ae06d69bd9969bbc768cb67678d66615c16326f2f4e8551af55c9b23b27
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store
binary
MD5: bd2a05bc63a946ea99e1de94c59059c0
SHA256: 46a9238c3152029a3371ba7b757cac42b7feb9bfbf9f196b1fdd990261065978
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store_new
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store_new
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store
binary
MD5: a39c0c9db04873c7be25740654afca60
SHA256: ccad466a366c53951159db111a7e32195b4e993d361d2e928b26431b39227219
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store_new
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store_new
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store
binary
MD5: 588de7a1ac8094385a7e097dfb1b461b
SHA256: 1696072d4725a6d395cab726a12cbcbec44a0f00b00c5caaf7e82ab074a35c46
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store_new
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store
binary
MD5: da00f5f8a1e4bdb532342a9f0ab950a3
SHA256: 48efa99cdf638eb242b760569e6dbf15c0d0c78d6fa1e4e64ea15543d6bbca5a
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store_new
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store
binary
MD5: 43424ec9a25f29f141319f796f26ce91
SHA256: 2906a981195b60d9d011e0447981e7f9082c2b2089517e81f42b380f5c9248d8
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store_new
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003d
woff
MD5: b683029bafe0305ac2234038a03e1541
SHA256: 18e6b5ff511b90edf098e62ac45ed9d6673a3eee10165d0de4164d4d02a3a77f
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003c
image
MD5: 16fe73b732afb026a4984908ab879e7e
SHA256: 5370daabf8d7384bc0ad0e070489891feff50851e520a9866b2242bee9b91411
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b
image
MD5: 695d6e5a1514533cb8c1ff5ce7e3d45b
SHA256: fd19e00d05107d2f0326f2b031cddf2c0b28b797007f7e580ca6841a514cc304
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: d3b1d3c9bde0e076b3071f42f1cefcd7
SHA256: 2ace29aec7c60be68ff85a93c069e88ab5968355d71a60f3e08f968592992efe
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF1bc3d9.TMP
text
MD5: d3b1d3c9bde0e076b3071f42f1cefcd7
SHA256: 2ace29aec7c60be68ff85a93c069e88ab5968355d71a60f3e08f968592992efe
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4b570edc-0695-4ed1-aad6-79a62a7cc89a.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 186798409dbe1d88eb80c155f54aae7d
SHA256: f005060190d886c488ea1a24e10cb6acf08f495c7fac9f69947d56dad0b701f8
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1b9315.TMP
text
MD5: 186798409dbe1d88eb80c155f54aae7d
SHA256: f005060190d886c488ea1a24e10cb6acf08f495c7fac9f69947d56dad0b701f8
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\b9b2d10c-3030-4a73-8c56-02fa6d525ce2.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: f8754c025c2cbce39eccd48786ec55e3
SHA256: 66f079d4a85d674cd9c264945aa7311f09b42287cc7a8bdcd02d5fa141933d1d
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1b8922.TMP
text
MD5: f8754c025c2cbce39eccd48786ec55e3
SHA256: 66f079d4a85d674cd9c264945aa7311f09b42287cc7a8bdcd02d5fa141933d1d
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\27b34a01-df91-4be5-a97f-10a33460cb88.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003a
compressed
MD5: da6ef508cdd28923be676fc153c6ac3e
SHA256: 935764b9397e58552cbbaee6458fa3a451f0b8cfc8a633bfbf124beab2312b63
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000039
compressed
MD5: 52e2b84578787767c3c49a3b193b94a4
SHA256: d9a40b219cc9307378ddb0cd864a73518bb83a249abdf3ef0edbeb8c3eca79df
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000038
binary
MD5: 89c648455e46a4fc0a9cce10545444f1
SHA256: 30fb937ddc4d56a5c01af862565a8226fba0bec24b1743f5fbf60bb8068949a3
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000037
binary
MD5: b459d604f8129e1577b8b4b3ffadd0cc
SHA256: 6f5d67faade60a7f05a74db3ba9dfb394359a24f7f1c139576b5786dc67c5849
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000036
binary
MD5: 16c7cfff951c18a3ae28f06d3c6e31ea
SHA256: b23fc720f69b806d4f22a46fab4e25b9cdb8f29d712638a5b224b87df54031b1
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000035
binary
MD5: 7257e114e8fc662e4e6d724cdb3ba9e1
SHA256: d82b2576a48fd6b24140abeda4f57abe44b6552430bbe1ecd0ea3da5748e5b78
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 6174c13be031a1765201a0733fdafe7e
SHA256: bdb7347cfb465fbe88ebb29a73ef5cec9f09bcbdc22c01989d76a561399a7d34
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1b5948.TMP
text
MD5: 6174c13be031a1765201a0733fdafe7e
SHA256: bdb7347cfb465fbe88ebb29a73ef5cec9f09bcbdc22c01989d76a561399a7d34
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\7c8256aa-42a5-4f74-8540-05d1c3b785dc.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF1b3a65.TMP
text
MD5: ffc186bc745639453726fdf1decb612f
SHA256: c4c575eaadcd0a83fff781a5ce881811167dcb176b3a9922b0ea4ba4f43ac925
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: ffc186bc745639453726fdf1decb612f
SHA256: c4c575eaadcd0a83fff781a5ce881811167dcb176b3a9922b0ea4ba4f43ac925
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1c31af21-3137-402c-926c-8b2752d82c47.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: fa2c62abf922a6c38171493a04941fdc
SHA256: 5db2a4026c394d156a7ec93847680b51714f2e9ec4ae5ee2aa9a99a7e4a8ae16
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1b2ff6.TMP
text
MD5: fa2c62abf922a6c38171493a04941fdc
SHA256: 5db2a4026c394d156a7ec93847680b51714f2e9ec4ae5ee2aa9a99a7e4a8ae16
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\742798c5-269f-41b1-85b9-2e689ae897fe.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000034
compressed
MD5: b3116c7233d82bf52687a693f64a5cca
SHA256: ac979551fdef4010d5d9cdecbd01a4f81d0413ff278e2d2587d746aa35683e14
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002f
image
MD5: 241ff5009c4d3560ffee14ebbe38c062
SHA256: 929d2fc547173617f56c2dc2f2361bf69809371c9ee5c3039eba45d99e10f9e3
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002d
image
MD5: e01c268c1cbb0476aeee42ee606a10c0
SHA256: 8b7be3c980910716d0f92283aac97fa5ddad278e0eb884f153f2bb2ba9a034f6
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000032
image
MD5: 3b637916fa59f0c2462305672fe52838
SHA256: d661f537d168e79802611cdd45bfa119c3e8b4854c9947af8a8606faacf971bd
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b
image
MD5: 87154a6e731ca5ebcd8c143d96ae463b
SHA256: 0cdeb2fc2d22051d52a019a4d79e397c012a21b117b042dba292cf189d7c42dc
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002c
image
MD5: 70c8a7cf8bb6add39c73043893ef1690
SHA256: 0d14af630f79467821a40000a61399360b1a2e654fe076ee907a340de95b49c1
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000033
image
MD5: a4a3bf2bd1673422ff6cfdc91b99922b
SHA256: 3af719cbbabe2da681600248103368b02151f6cb8020155bb9beabe5e1c40b0d
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000031
image
MD5: 44eaea04ff6bbb58fb32afc5912cdd79
SHA256: 62060f4b5c56e26d04fe2d35ef640f45e12a0026bd0274f6a7ec70294b31d291
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000030
image
MD5: 39a4bae8aa842ffde8ba6f2e8f00e6dd
SHA256: c15899aa6d5d24dd477bba4c9e624d855158e491e8d2ac0be0696e4693112881
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002e
image
MD5: 3a19e7b8d965c163b075d6bf24fd063f
SHA256: 2ccc791affa710365c33ba58765622f94dfaf1c0f4b1135345e8a2b9b6b26016
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a
image
MD5: d3f6ad3fca0a526fd041407ccb620b08
SHA256: e36df23b653c2f8181cfb9988a911d16c4b38af5d8b28a1f3a4b6f7392e4bee9
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1adc09.TMP
text
MD5: 1f7a368728c2d699ea3a91ad834aeb62
SHA256: f342421326ce01369aeeaeaddd7eb41cdc5ec5d030bed84334e720d4128f0200
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 1f7a368728c2d699ea3a91ad834aeb62
SHA256: f342421326ce01369aeeaeaddd7eb41cdc5ec5d030bed84334e720d4128f0200
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\928782f8-eea4-4d37-abe0-3194638efa12.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029
image
MD5: b7f46b73229a0e3dc22d49f9c5caa09f
SHA256: 9779f0ead999413f498dd0182aae1fd29f3eacb505e1c57b0f5033203730ca18
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028
image
MD5: 6d0b74900cf48748d9749ca0d0b6e6e6
SHA256: 7366fb9464478439c1e5ee953cf556901dba6e21a708a141f07d812467f8f56d
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 43cccd740f226306825dcae476c9a4f3
SHA256: 9c4ac299ddb5381b043401c69bc01a7b77418710bfd96d8acafa6924cd61cdd0
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1ad310.TMP
text
MD5: 43cccd740f226306825dcae476c9a4f3
SHA256: 9c4ac299ddb5381b043401c69bc01a7b77418710bfd96d8acafa6924cd61cdd0
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 3ddd5769d23ef7b21d46344ee2e4b2ea
SHA256: d56fc8dbc68287df26ee3088de4fa72a5c089b8a245699f45a6706b10a33f443
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF1ad310.TMP
text
MD5: 3ddd5769d23ef7b21d46344ee2e4b2ea
SHA256: d56fc8dbc68287df26ee3088de4fa72a5c089b8a245699f45a6706b10a33f443
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\0385d397-409f-4440-88d8-1d8d8929e81a.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9df8cced-b33f-4717-9c42-761c363462a9.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027
image
MD5: c4e0fd3f644db9ca2159e82be0a3c4a5
SHA256: 5128acfdfdf23ee9994ccd282e0c7091e5e4579803f72118bd5c2ee22a2b4304
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000026
image
MD5: 8818a59f5267c5c834ca3bdc40d07e8b
SHA256: c21e70c01c9805b369d6b7dc0bc2331bea1dee4c21b8071858ba570f8e43f8f0
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
image
MD5: e54b6ec0e7590b2625553d1b7399dd8e
SHA256: 961ee410a63b9f4482e5b8e3beeb25ec776b350173ac23991441ecbe22ba801c
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025
image
MD5: 102acdeb23441d79ad87cbee23a1c702
SHA256: f839df11c938bb4fb7687b5b2d7493a204319c75348b6ae2982e7428d3a74db4
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024
image
MD5: b34ed28e2c113b3fb8f4bf4e4bb07cf5
SHA256: 9c7b89f183a040be7798490fc98e3fe36121b05e9d802901e1f047c7d0bc7b1b
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023
image
MD5: 747eb562754b701b881a37015150b802
SHA256: 8a269829482e6ce093ccefce519dcd9f1dcce55c46a365de3a20a7330d7665d0
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
image
MD5: 7de238e980022c9b97231f84e8ddd951
SHA256: 46584aacdb88d1bdad8861ae43e4ec44f2fc6f7337e52d0b26005a447dcce226
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021
image
MD5: a5877a07b507c64c0741431be72ac7f5
SHA256: fce76427c7540ad4543d415c369bd40de4aafa602ba07e82585318bc0204d2d6
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
image
MD5: a999401ee3a5f91af9759b95fed46334
SHA256: a2f64dbd566192b35bba3e56bec8d04f2e002fbcba8852826139dc3e9f13f8d2
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
image
MD5: 0cccea1e00ba4665609e6a2bef8e98ff
SHA256: 23e7dd3b434fb3da88a5a789729067de1be4be7dd50bfb41b3c06b3f56eb3e7a
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
image
MD5: 3122af9b7d6bd3e06daeba4068a41deb
SHA256: b11abb84c6663e5f7dbc46ec7b1bbee0644d08a5afe05e23c28dc899d38cc05e
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
image
MD5: 63e7c74aef7f882d7e8caf967f9863d8
SHA256: 5d235762549711c3fc5b7ffc60cb2396acd2cd04fd72996ce621585ab44251a4
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
image
MD5: 9aceb703de601b31998c33b38899dcb0
SHA256: a9a21285c994f5f7f57f8dd11e652d98295ec1fa52c49a99173a014582af6763
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
image
MD5: b5de440b027231c1e23be641d2bcb482
SHA256: 8e6a87df8a7feecb2f1c5f2871c0a3fef0062b00ba98b8ab19edb0e567ff0201
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
image
MD5: ecae1b867659a95e9352627c77b750ee
SHA256: fcae55ce30c98a575ab45b1f48e8b3ed2f2152e4c2348181d1ae345d9b14ef91
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
image
MD5: 95a5a0f7aa66758d1febfc05fa2feae6
SHA256: 322401fe8e71a8970c947a56cd0b094899df5abcaefc3bb0e7d46257eec710d2
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
image
MD5: fa0c3d8773fd68d1c42198f0fe35e1ac
SHA256: 395521a8468b960e93d9d5b1dbdefdab4c8da60093bf42a392c46045f0a77f26
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
woff2
MD5: e6cf7c6ec7c2d6f670ae9d762604cb0b
SHA256: 7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
image
MD5: a05030ca3821044a7f578c0e9845180f
SHA256: 36a8d6593e62ed131141044578f7b9506df8052cd71ab83c3e4661627e37ad00
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
image
MD5: e0c0db2f1d4a7184c623e75de842b605
SHA256: 513240e901608396823f27bddfdb2c93789fde4ea83b3c1f4609eb75069ea3f2
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
image
MD5: 4e81cc0952167b856fb991849d532777
SHA256: 9d361b43bede4b4257a09881a73836e94c4d8468ef3875c40c38dd44fbe332b1
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
image
MD5: 07143ba3d6dfac18aff4430ad70e0f30
SHA256: fafb7a19b36fd8f0376bf1326a7db1955ceb49ecc462857a27724bc2dc3dc780
3744
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: 9543068b6751e1f3e11f91d72ee78d95
SHA256: d060ad21ae6e04cb58668caa52adfca573e018102cc07554d2ed3eae11ab7785
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
image
MD5: 7a52db6f7a0d1fa1b452f02fee575bd5
SHA256: b4365e5db6ba3bf5f7ffa7637d7a881916daa85d583e625c34fa90c49e14de1d
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
image
MD5: 4607336ea33b28667c26b3e0c9a6abe2
SHA256: 72d594fad9a0e508c0195c8dbf41dd03bb5dc811511fe4f9a859f733d23221b0
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
compressed
MD5: a6f1594681c5bcb7685c9c7f82232503
SHA256: b57302ec64b43df0f6bba52d0b51a0fe6404975c06987bce8b52a6a5dc35f0c4
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
compressed
MD5: 89d2a7c697a151d1962b90689799b34d
SHA256: c6ae0b08dbca107bdffab4412a2466a0158e5744213c44bbcb1dcd0f8c320a37
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: da6ef508cdd28923be676fc153c6ac3e
SHA256: 935764b9397e58552cbbaee6458fa3a451f0b8cfc8a633bfbf124beab2312b63
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
text
MD5: 59050c74a037691073e6122f684007d2
SHA256: 10fd0654654fc78f9153df8c2a92534bf2dc700331fe06464406f4e3116ce2e1
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
binary
MD5: 021b8d293c14358bb37b18ba45792aa5
SHA256: 5b149d68659ebeab90f1116b8704a32dc240fbf85171bd4a4f70d57a3d8d4bb8
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
text
MD5: 8ddcd8b46559486c5c65d91b1964f9b1
SHA256: 30953aa5d4726c71b4e633a258e82d3979243f4597973adfbe45f005d79bcc8b
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF1ab518.TMP
text
MD5: 8ddcd8b46559486c5c65d91b1964f9b1
SHA256: 30953aa5d4726c71b4e633a258e82d3979243f4597973adfbe45f005d79bcc8b
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
text
MD5: b36272766fafe4f495f275ab24d055a4
SHA256: c6ed4b87e6b46abc8f08c947e4c78f8d4416b35ab63980b8314794cc43d0c365
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF1ab4f9.TMP
text
MD5: b36272766fafe4f495f275ab24d055a4
SHA256: c6ed4b87e6b46abc8f08c947e4c78f8d4416b35ab63980b8314794cc43d0c365
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 8a499c9ce17a2e5aca40e19df3cab8ff
SHA256: 81a6fa3934c3b6c4d0cb4fed4b20196709d13dd1a4065389994c6efa30d3b28e
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF1a9e25.TMP
text
MD5: 8a499c9ce17a2e5aca40e19df3cab8ff
SHA256: 81a6fa3934c3b6c4d0cb4fed4b20196709d13dd1a4065389994c6efa30d3b28e
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\07ed41fb-b037-418f-b153-81db75fd67ec.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 78785dfcedf6cb9dd07a698f214b823d
SHA256: 5b94bcdc717e05704efda32f68f3cb08eedfd77ad9fa99270fb6d7601b409df2
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1a9d7a.TMP
text
MD5: 78785dfcedf6cb9dd07a698f214b823d
SHA256: 5b94bcdc717e05704efda32f68f3cb08eedfd77ad9fa99270fb6d7601b409df2
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\573c6bf2-c952-44a6-b622-4d0de9ab077d.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store
binary
MD5: 2c9b109327be6cfe045dda6320ad9e18
SHA256: f5312760804fbcf89b9fd4b02eeb878b41856ff1158ff3213c9843e6e7dafb71
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1a8677.TMP
text
MD5: 50ac5db7d5050fb928eeae5559c50675
SHA256: 75fa320ae7ed5b8cb40557ba67a4086f779e1dbaf5fd07d5cf84f3b8a23f86e3
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\b1ef8954-dadd-4592-89c6-9dfa37777775.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF1a782f.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF1a5e00.TMP
binary
MD5: 8b265c0d53b46ee8dc076686471c7222
SHA256: 84d4ac8a6f7c8301bd5db1c51f1d6f260eda5c64cf902c30ffd734d53f0de4c0
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 8b265c0d53b46ee8dc076686471c7222
SHA256: 84d4ac8a6f7c8301bd5db1c51f1d6f260eda5c64cf902c30ffd734d53f0de4c0
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5c77121d-aaf8-4a05-a686-4a330cb8c5bc.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: a160d7ab5922e606a846b3ac383581d7
SHA256: d6efb39eaaa5b2c0d1dd23800afad198d1c656e2a4bcdcec4f6af6c2c891b163
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF1a57d5.TMP
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a32ac8fa-9e5a-4937-86aa-1350e09e6284.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\02b87b28-a4cf-45ef-a302-cd9c4f009f90.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\Downloads\L7VjF.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store
binary
MD5: 54a158d616f16757a3694c3b71153566
SHA256: 5d00d360e961c288a678b9be0548d6d75825369f3cea8c88514131a1e84cd9e5
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: cd5dc7d2b75c6892f65dab8f7fc606c4
SHA256: 8f497cfdf360d6a1c1aaea2dbb8de469146f5988ac408da43f6187f99d852849
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1a4fc7.TMP
text
MD5: cd5dc7d2b75c6892f65dab8f7fc606c4
SHA256: 8f497cfdf360d6a1c1aaea2dbb8de469146f5988ac408da43f6187f99d852849
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\66b74079-2b55-4fa2-8999-a37ee8c85fac.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 50ac5db7d5050fb928eeae5559c50675
SHA256: 75fa320ae7ed5b8cb40557ba67a4086f779e1dbaf5fd07d5cf84f3b8a23f86e3
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1a28d6.TMP
text
MD5: 50ac5db7d5050fb928eeae5559c50675
SHA256: 75fa320ae7ed5b8cb40557ba67a4086f779e1dbaf5fd07d5cf84f3b8a23f86e3
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\8065c31c-8ea0-4b2e-9198-f3e680e4638b.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF19f320.TMP
text
MD5: a195fd52dff562862c2e61a9b4a46b0c
SHA256: 32393317074fcdaad9ba7ac3e2205f9089980396be9b36735b210c98ecf703bc
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\bbfa7033-d1b6-4ef3-9ce4-5b09fefa68e8.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: d932a31a0fb91833edb0325c6b434b34
SHA256: 8049465356163740d6e4c0bb56b9dcaa90149631646fa6bb56d01de223bd1f8e
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF19b3e5.TMP
text
MD5: 158e937bc5813018b1209d6ddb1ae87c
SHA256: 6706cba7ea21cc92cf61810e0e79f064ecefe5eafefd716c460e60a39a184003
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 158e937bc5813018b1209d6ddb1ae87c
SHA256: 6706cba7ea21cc92cf61810e0e79f064ecefe5eafefd716c460e60a39a184003
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9001512c-deff-4e6e-895a-095c746ae6f7.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: b598c31277113692ffe90c18e56e172c
SHA256: 81d2e94549f4f5b3f687ced4102787db5b2cba952ff49d0bb09b6381f4deae95
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF19b339.TMP
text
MD5: b598c31277113692ffe90c18e56e172c
SHA256: 81d2e94549f4f5b3f687ced4102787db5b2cba952ff49d0bb09b6381f4deae95
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\7f1ba9e3-0b12-404e-86a0-91183882889f.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF19b2ac.TMP
text
MD5: a195fd52dff562862c2e61a9b4a46b0c
SHA256: 32393317074fcdaad9ba7ac3e2205f9089980396be9b36735b210c98ecf703bc
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: a195fd52dff562862c2e61a9b4a46b0c
SHA256: 32393317074fcdaad9ba7ac3e2205f9089980396be9b36735b210c98ecf703bc
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\96455af2-1cd1-4d9b-8d5f-bcf2c4f93b18.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar9A3C.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab9A3B.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar9A2A.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab9A29.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar99E9.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab99E8.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar99D8.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab99D7.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar99B7.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab99B6.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store_new
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store_new
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
binary
MD5: d95fcfcc70c79ce6b07d233a7b1fa2bc
SHA256: d1c6161b71be71c1e221f3180a9d902c6cd000be0ed50c8b05bf1a605c5c299d
2996
chrome.exe
C:\Users\admin\Downloads\ed5ff37b-5569-4286-a330-14d3ed439d6d.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF1996a8.TMP
binary
MD5: d95fcfcc70c79ce6b07d233a7b1fa2bc
SHA256: d1c6161b71be71c1e221f3180a9d902c6cd000be0ed50c8b05bf1a605c5c299d
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\58bf4591-c880-4eba-a7ad-bb0c22cf43d5.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF19961c.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF199291.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF199205.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: aae2ffaaa5d25a89a63e6d5c0c2758d0
SHA256: 0de851f323fd531f8aff6ea4cf377f8c1509c8d8a7cf324fd908abe497fc2574
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF1990fb.TMP
binary
MD5: aae2ffaaa5d25a89a63e6d5c0c2758d0
SHA256: 0de851f323fd531f8aff6ea4cf377f8c1509c8d8a7cf324fd908abe497fc2574
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\39d8439f-6832-4d9f-bcb0-b50d598ab004.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF198daf.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF198d23.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF198d04.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF198ca6.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1f26b8eb-87d5-4a32-b245-296b04b7c2a1.tmp
––
MD5:  ––
SHA256:  ––
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF198c96.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF198c77.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF198c77.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
2996
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store
binary
MD5: 8402062d6164aba8ff15c07497281754
SHA256: bd8bd37efa9e7ab81bfac4a45596f46a836833dd6b77adf90d0c9ff82a3478d2

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
96
TCP/UDP connections
48
DNS requests
24
Threats
4

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/yis24.com/NH0/ HK
executable
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/ HK
html
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/themes/baja-%E5%A4%87%E4%BB%BD/js/jquery.min.js HK
html
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/themes/maskitto-light/css/font-awesome.min.css HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/themes/baja-%E5%A4%87%E4%BB%BD/js/lrtk.js HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/themes/baja-%E5%A4%87%E4%BB%BD/css/bootstrap.css HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/themes/baja-%E5%A4%87%E4%BB%BD/style.css HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/plugins/smartideo/static/smartideo.css?ver=2.5.2 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/plugins/wp-zan/static/css/wp-zan-0.0.10.css?ver=0.0.10 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/plugins/wp-zan/static/js/wp-zan-0.0.10.js?ver=0.0.10 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/plugins/lets-kill-ie6/lets-kill-ie6.js?ver=4.9.3 HK
html
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/plugins/smartideo/static/smartideo.js?ver=2.5.2 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-includes/js/wp-embed.min.js?ver=4.9.3 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/themes/baja-%E5%A4%87%E4%BB%BD/js/jquery.js HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/themes/baja-%E5%A4%87%E4%BB%BD/js/bootstrap.js HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/themes/baja-%E5%A4%87%E4%BB%BD/js/cat.js HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E6%88%91%E6%98%AF%E9%99%8C%E9%99%8C%E5%88%86%E4%B9%8B%E4%B8%80.gif HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2018/03/%E4%B8%9C%E6%88%90%E8%A5%BF%E5%B0%B1.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/MICO-logo.gif HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2018/03/mico.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2018/03/soloads.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/themes/baja-%E5%A4%87%E4%BB%BD/fonts/glyphicons-halflings-regular.woff HK
woff
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E6%8A%A4%E8%88%92%E5%AE%9D.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E8%B5%A4%E5%AD%90%E5%9F%8E.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2015/11/BNer-151111-solo-1.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/themes/maskitto-light/fonts/fontawesome-webfont.woff2?v=4.6.3 HK
woff2
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2015/11/BNer-151102-kele-1.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E7%A6%8F%E5%85%8B%E6%96%AF.gif HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/solo2.5.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/sololauncher.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/soloapplockpsd.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/sololocker.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E4%B8%8D%E6%97%B6%E4%B8%8D%E9%A3%9F.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2015/08/BNer-150418-JD-1.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2015/04/BNer-150107uibai-3.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E6%90%9C%E7%8B%90%E4%BA%91%E6%99%AF.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E9%A6%96%E9%83%BD%E6%9C%BA%E5%9C%BA.gif HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2014/11/BNer-131120-MN-1.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2014/11/BNer-131111-GG-2.jpg HK
image
suspicious
1088 wabmetagen.exe GET 200 187.233.152.78:443 http://187.233.152.78:443/ MX
binary
malicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2014/11/BNer-130909-ZQ13-2.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2014/11/BNer-121003-WY-4.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2014/11/BNer-120930-ZQ12-2.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E5%A4%A7%E5%8F%AF%E4%B9%90.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E6%98%8E%E6%98%9F%E5%BE%AE%E7%94%B5%E5%BD%B1%E7%89%87%E5%A4%B4.gif HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E5%87%8F%E6%B3%95%E7%94%9F%E6%B4%BB.gif HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E5%A5%A5%E8%BF%90%E5%BE%AE%E7%94%B5%E5%BD%B1.gif HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E6%88%91%E7%9A%84%E5%B1%B12.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E6%97%B6%E5%B0%9A%E4%BC%A0%E5%AA%92.gif HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E7%88%B1%E6%97%A5%E7%A7%9F2.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E7%88%B1%E6%97%A5%E7%A7%9F-%E5%AE%A3%E4%BC%A0%E7%89%87.gif HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E5%BD%B1%E8%A7%86%E9%A3%8E%E4%BA%91%E6%A6%9C2-3.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E7%AB%99%E9%85%B7%E7%BD%91.gif HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E5%B8%8C%E6%9C%9B%E8%8B%B1%E8%AF%AD3.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E9%AD%94%E9%AC%BC%E8%BE%A3%E9%9D%A2.gif HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-content/uploads/2017/12/%E6%AF%9B%E9%B1%BC%E7%89%8C3.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/wjw-blog/wp-includes/js/wp-emoji-release.min.js?ver=4.9.3 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/favicon.ico HK
image
suspicious
2996 chrome.exe GET 204 172.217.21.238:80 http://translate.google.com/gen204?nca=te_li&client=te_lib&logld=vTE_20181015_01 US
––
––
whitelisted
2996 chrome.exe GET 204 172.217.21.238:80 http://translate.google.com/gen204?sl=zh-CN&tl=en&textlen=14&sp=nmt&ttt=770&ttl=408&ttf=76&sr=1&nca=te_time&client=te_lib&logld=vTE_20181015_01 US
––
––
whitelisted
2996 chrome.exe GET –– 123.108.109.129:80 http://www.wujingwei.com/category/work/%E7%97%85%E6%AF%92%E8%90%A5%E9%94%80/ HK
––
––
suspicious
2996 chrome.exe GET –– 123.108.109.129:80 http://www.wujingwei.com/category/work/%E7%97%85%E6%AF%92%E8%90%A5%E9%94%80/ HK
––
––
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/category/work/%E7%97%85%E6%AF%92%E8%90%A5%E9%94%80/ HK
html
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/category/work/%E7%97%85%E6%AF%92%E8%90%A5%E9%94%80/ HK
html
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.com/category/work/%E5%B9%B3%E9%9D%A2/ HK
html
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/ HK
html
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-includes/css/dist/block-library/style.min.css?ver=5.0.4 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-content/themes/scopic2/style.css?ver=5.0.4 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-content/themes/scopic2/css/font-awesome.min.css?ver=5.0.4 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-content/themes/scopic2/css/magnific-popup.css?ver=5.0.4 HK
text
suspicious
2996 chrome.exe GET –– 123.108.109.129:80 http://www.wujingwei.cn/css/lrtk.css HK
––
––
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-includes/js/jquery/jquery.js?ver=1.12.4 HK
text
suspicious
2996 chrome.exe GET 200 172.217.22.10:80 http://fonts.googleapis.com/css?family=Open+Sans:400,400italic,600,600italic&subset=latin,latin-ext US
text
whitelisted
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-content/themes/scopic2/js/jquery.min.js HK
html
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-content/themes/scopic2/js/lrtk.js HK
text
suspicious
2996 chrome.exe GET 404 123.108.109.129:80 http://www.wujingwei.cn/js/jquery.min.js HK
html
suspicious
2996 chrome.exe GET 404 123.108.109.129:80 http://www.wujingwei.cn/js/lrtk.js HK
html
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-content/themes/scopic2/js/functions.js?ver=5.0.4 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-content/themes/scopic2/js/jquery.magnific-popup.min.js?ver=5.0.4 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-includes/js/wp-embed.min.js?ver=5.0.4 HK
text
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-includes/js/wp-emoji-release.min.js?ver=5.0.4 HK
text
suspicious
2996 chrome.exe GET 200 216.58.206.3:80 http://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0b.woff2 US
woff2
whitelisted
2996 chrome.exe GET 200 123.108.109.129:80 http://wujingwei.cn/blog/wp-content/themes/scopic2/images/jingwei.png HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://wujingwei.cn/wp-content/uploads/2015/07/psb12.jpg HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://wujingwei.cn/blog/wp-content/themes/scopic2/images/weibo.png HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://wujingwei.cn/wp-content/uploads/2019/01/zd.jpg HK
image
suspicious
2996 chrome.exe GET 404 123.108.109.129:80 http://www.wujingwei.cn/css/lrtk.css HK
html
suspicious
2996 chrome.exe GET –– 119.84.129.234:80 http://s11.cnzz.com/stat.php?id=1253597323&web_id=1253597323 CN
––
––
whitelisted
2996 chrome.exe GET 200 216.58.206.3:80 http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhp.woff2 US
woff2
whitelisted
2996 chrome.exe GET 404 123.108.109.129:80 http://www.wujingwei.cn/js/lrtk.js HK
html
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-content/themes/scopic2/font/fontawesome-webfont.woff?v=3.2.0 HK
woff
suspicious
2996 chrome.exe GET 200 216.58.206.3:80 http://fonts.gstatic.com/s/opensans/v15/mem6YaGs126MiZpBA-UFUK0Zdc0.woff2 US
woff2
whitelisted
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-content/uploads/2019/01/cropped-touxiang-32x32.png HK
image
suspicious
2996 chrome.exe GET 200 123.108.109.129:80 http://www.wujingwei.cn/wp-content/uploads/2019/01/cropped-touxiang-192x192.png HK
image
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2996 chrome.exe 216.58.210.3:443 Google Inc. US whitelisted
2996 chrome.exe 172.217.22.99:443 Google Inc. US whitelisted
2996 chrome.exe 172.217.16.141:443 Google Inc. US unknown
2996 chrome.exe 123.108.109.129:80 Cloudie Limited HK suspicious
2996 chrome.exe 216.58.205.238:443 Google Inc. US whitelisted
2996 chrome.exe 216.58.207.67:443 Google Inc. US whitelisted
2996 chrome.exe 216.58.206.4:443 Google Inc. US whitelisted
2996 chrome.exe 172.217.23.131:443 Google Inc. US whitelisted
2996 chrome.exe 172.217.22.42:443 Google Inc. US whitelisted
1088 wabmetagen.exe 187.233.152.78:443 Uninet S.A. de C.V. MX malicious
2996 chrome.exe 216.58.208.46:443 Google Inc. US whitelisted
2996 chrome.exe 172.217.21.238:80 Google Inc. US whitelisted
2996 chrome.exe 216.58.206.3:443 Google Inc. US whitelisted
2996 chrome.exe 172.217.16.142:443 Google Inc. US whitelisted
2996 chrome.exe 172.217.22.10:80 Google Inc. US whitelisted
2996 chrome.exe 216.58.206.3:80 Google Inc. US whitelisted
2996 chrome.exe 119.84.129.234:80 No.31,Jin-rong Street CN unknown
2996 chrome.exe 216.58.206.10:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
clientservices.googleapis.com 172.217.22.99
whitelisted
www.gstatic.com 216.58.210.3
whitelisted
www.wujingwei.com 123.108.109.129
suspicious
accounts.google.com 172.217.16.141
whitelisted
sb-ssl.google.com 216.58.205.238
whitelisted
ssl.gstatic.com 172.217.22.99
whitelisted
safebrowsing.google.com 216.58.205.238
whitelisted
www.google.de 216.58.207.67
whitelisted
www.google.com 216.58.206.4
whitelisted
www.google.no 172.217.23.131
whitelisted
s.w.org 192.0.77.48
whitelisted
weibo.com 114.134.80.162
whitelisted
www.wujingwei.cn 123.108.109.129
suspicious
translate.googleapis.com 172.217.22.42
whitelisted
clients1.google.com 216.58.208.46
whitelisted
translate.google.com 172.217.21.238
whitelisted
clients2.google.com 172.217.16.142
whitelisted