General Info

URL

https://tecoenergy.maspcl2.medgate.com/gx2/safetyfindingassignee/login.rails?args=!%3AmTGu4ABBK9%2Bnqx9uhKpBAA7BbKMclL7Z2zE%2B4CwR%2BoY%3D

Full analysis
https://app.any.run/tasks/24ecb7a3-6a92-400e-aa56-9a6bb84c9ea3
Verdict
No threats detected
Analysis date
3/27/2019, 13:00:02
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads settings of System Certificates
  • chrome.exe (PID: 3708)
Application launched itself
  • chrome.exe (PID: 2664)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
40
Monitored processes
10
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2664
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://tecoenergy.maspcl2.medgate.com/gx2/safetyfindingassignee/login.rails?args=!%3AmTGu4ABBK9%2Bnqx9uhKpBAA7BbKMclL7Z2zE%2B4CwR%2BoY%3D
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wkscli.dll
c:\systemroot\system32\ntdll.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\credui.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\winsta.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\webio.dll
c:\windows\system32\wpc.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\dui70.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\samlib.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\duser.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll

PID
2000
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6fc80f18,0x6fc80f28,0x6fc80f34
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msctf.dll

PID
3300
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2680 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winmm.dll
c:\systemroot\system32\ntdll.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_watcher.dll

PID
3520
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=972,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=8016973629193070172 --mojo-platform-channel-handle=964 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\atl.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\sqmapi.dll
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dxgi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msctf.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\avrt.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mf.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\evr.dll
c:\windows\system32\slc.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\73.0.3683.75\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libegl.dll

PID
3708
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=972,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=13333574489058329730 --mojo-platform-channel-handle=1528 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\systemroot\system32\ntdll.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\dnsapi.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshtcpip.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\credssp.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\devrtl.dll

PID
2464
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=972,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --service-pipe-token=11889503075321757921 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11889503075321757921 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\systemroot\system32\ntdll.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\urlmon.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\webio.dll
c:\windows\system32\wininet.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptbase.dll

PID
3292
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=972,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --service-pipe-token=18302979589496425780 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18302979589496425780 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\profapi.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dwmapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\webio.dll
c:\windows\system32\wininet.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dhcpcsvc.dll

PID
3600
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=972,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --service-pipe-token=12133985021958363888 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12133985021958363888 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\profapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sspicli.dll

PID
2440
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=972,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=8054334595531755956 --mojo-platform-channel-handle=3016 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
2324
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=972,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=14858378899261355294 --mojo-platform-channel-handle=2720 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\systemroot\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\userenv.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\devobj.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msctf.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\webio.dll
c:\windows\system32\secur32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwmapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wer.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\sfc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\synceng.dll
c:\windows\system32\msi.dll

Registry activity

Total events
534
Read events
0
Write events
48
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2664
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2664
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2664
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2664
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13198165218653750
2664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2664
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2664
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
2664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
2664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2664
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3300
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2664-13198165217685000
259
3708
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2324
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2324
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
2324
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
2324
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-4
Mail recipient
2324
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient

Files activity

Executable files
0
Suspicious files
25
Text files
51
Unknown types
1

Dropped files

PID
Process
Filename
Type
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\af61918b-99b2-4f23-a4be-68257554dd85.tmp
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab6DEE.tmp
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\9283f0d5-d490-4d60-9170-f73b61698b2b.tmp
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2a504f5c-332c-4019-a8a9-6ea618866398.tmp
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5d86f17d-870b-4acd-8f16-42abfa0b9d64.tmp
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bb62969a-0f06-46d3-9022-e7e95198b87c.tmp
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d2b38271-cc4c-4c26-8df8-c6ef732f8f30.tmp
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: ceb4a28c31d5a01ab40f1a07da09bb2a
SHA256: bb1f3613a6328ac0f2b089ccca30b619e258709e8f60dd80ccdbda7c2516865a
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF10cdb2.TMP
text
MD5: 84efe264ad4582b9dcea98fd7b218609
SHA256: d7b619272704ab13254df1978c9d42b6ef8943dc7a517b0c78fdbabfd551a389
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: c9d85f9ebcc75970a50bacf3dfa198b0
SHA256: 2337b48647a52729e181adc856b60bf194eaffda3bbc51359ae58390e5335411
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 7f70be327ea7d05f43859fe04340d352
SHA256: 90ea258f1e0afda5a67aeb71a01fc1bf8831a17c6f9c6c7078e8b097a17eb1a2
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RF10e08e.TMP
binary
MD5: bdef8935be74f11c17d7f73f6aedd95b
SHA256: c8fcbbaf131077f3afd1e344dd2c41194f8c7ce0c533cd1c783c62bc11b4b89e
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF10a3b4.TMP
text
MD5: 7f70be327ea7d05f43859fe04340d352
SHA256: 90ea258f1e0afda5a67aeb71a01fc1bf8831a17c6f9c6c7078e8b097a17eb1a2
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF112cf9.TMP
text
MD5: ceb4a28c31d5a01ab40f1a07da09bb2a
SHA256: bb1f3613a6328ac0f2b089ccca30b619e258709e8f60dd80ccdbda7c2516865a
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: fb4ee88b8c23bbc0ca917d4fb4459794
SHA256: a80f9fb05d26084e3a80418bd549f0bdc98f875c51f3a184f0ca977762b9cc86
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1105f8.TMP
text
MD5: fb4ee88b8c23bbc0ca917d4fb4459794
SHA256: a80f9fb05d26084e3a80418bd549f0bdc98f875c51f3a184f0ca977762b9cc86
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
binary
MD5: bdef8935be74f11c17d7f73f6aedd95b
SHA256: c8fcbbaf131077f3afd1e344dd2c41194f8c7ce0c533cd1c783c62bc11b4b89e
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF10c0d1.TMP
text
MD5: c9d85f9ebcc75970a50bacf3dfa198b0
SHA256: 2337b48647a52729e181adc856b60bf194eaffda3bbc51359ae58390e5335411
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\849aabf1-0e74-4ab0-aa15-552640812dbf.tmp
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF10956c.TMP
text
MD5: 15f409befe3378c83861d4327da486d2
SHA256: b82c77741e77cb798a034472b8b1d4d427a79bc4b76795eaf612a1c456039c42
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\41fad7ab961eeef6_0
binary
MD5: 4978e044f939990d40bd28e858db3a2d
SHA256: 0dea79ee1a5cdb2cda824470cdadf573b38c47e9250344655b511668bcd887c3
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
compressed
MD5: 3ad59aadd39f778733f9489d961e158a
SHA256: 475974cfccdf19e5ca37c240591483c5f9458dc8c4a1a370179fab51e3fb89c7
3708
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
der
MD5: 5c04dd09c7e7686ac0397e50759d0c2b
SHA256: 89b37c4a8a96a1bd7435668adace5b2e2517361718f78faef467194edf1bea15
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2392f57e173778ec_0
binary
MD5: 468d1efe21086c1aeadd31f0cb12aedc
SHA256: 03bf769b56128de178a945ef2a2dd92ee5da427056ac5b61985b4ab10ea3c9e9
3708
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
binary
MD5: 5a6c422bbac8c2c77067bc2eef7a3c51
SHA256: 4be4e2bb3097a2a9555f66721c8d7c4145acf4569bafe6bb8a1ad486ac9d81a4
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF10904b.TMP
text
MD5: da6c39caf05ab7f1f668b19b5a607fd1
SHA256: 4c51a22a753533d9cbc711ded0770a2cabdb77ea1677b3930fe4d0b535f7985c
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF108fed.TMP
text
MD5: 12499e0c645cc77c77bed54978cf7306
SHA256: 1229394ceef4f9b26d31e1cedfb34e3e3ef7e9afcb981f2422fde440b6d791be
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\35289927ff26bf77_0
binary
MD5: 06d7a27095190605a922dcf8f497397d
SHA256: 80489f0f8983083b16fc0fe20287f60500d5422ceca35c3d9a2f0de8708eaca0
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\73174702b610f1bb_0
binary
MD5: 5bf30800b9c30718a5a74566f4ba545f
SHA256: f3d73890a7f327160d760ac7f20bc9ffcceeb94ce5bdb13534ed0f15037571a0
3708
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar770B.tmp
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab770A.tmp
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000001.dbtmp
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\24a100d29ae0eed8_0
binary
MD5: d9199c1879c5f922c728cc100ea54569
SHA256: 4bcd6844ef4aac3b87508b1d3c5daba27b5b70362686d4680e6e5180b4efbb07
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8f5434906d87419a_0
binary
MD5: 5329b70e5b3e9438963e630fc814dde9
SHA256: 76c6b2700424c95235dc72e5588682b4616cdc6313f2ebfec69f3117887fadcf
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
text
MD5: 0e28b611d3eacd51c0ec5c8a57287bf0
SHA256: 6c3a1229e7ee1768b774a7050fbbbf57577139e63945997de4386d1c216613f8
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
text
MD5: 7db2db6cb24ad0ab99004b7347425d35
SHA256: 87e6aa4fc5f57d6fa98903daff7768966321445e384da83d057c45eec73d5cb9
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
text
MD5: f2d64ca8cf99010b0180b678d24c6bbe
SHA256: 68b293fbbea054d8da8e88226d52183ab36ccaac3a6666c885aea65a35045ced
3708
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar6E20.tmp
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab6E1F.tmp
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar6DEF.tmp
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\544a202b-035b-4247-b30e-ff62f60897c7.tmp
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
text
MD5: 52345dd5de685a136211a818385e1102
SHA256: 8d5d8144ac57cd4036c24cde8cdc67c7375ecfd37a833f62c0cc65c2c028a512
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a66ddb6ddb4bec4c_0
binary
MD5: 14f01a491c5b8fa53d716d06b869e058
SHA256: 918c792234fa3142dbfde5cdc6d777b1cd2ac53a7702bbcb5b3bd67f254c20d2
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
text
MD5: efe44d7068426b4c487f0cad2ad0ec5e
SHA256: 528048731d65d9276bee085ff8d2d91bb75708fdd8b088c4314469a8ec82ffa0
3708
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 02c1120f28378fd32b58cec3bb9458c2
SHA256: f3c77083fe5d71225ceea0337e819ed7049e2a5692e6c662c5a0eaa97db3dff9
3708
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 7bd2db62983287efca8e9b65b7065156
SHA256: 154bb1c52e573cec0195947df08a5c71156a4904204efba5a1922f98bd0592d3
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
text
MD5: f59e3f4c0087b4d8ddc27bdd9c9ab92b
SHA256: 247184981eb6f698a94e431a83d68c6b0df623cce57b6e29dc5a6c11e23aa195
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
text
MD5: 32589f955f986aed1e355eced94f6a16
SHA256: 7e3b7d02cdc989baeca35842c48aa07568931d129b525682a4c89420269f55bd
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
text
MD5: 7ce7168d3c70bb04babbf4ce2d0c02da
SHA256: 73111ebc22c38e7e753c58ebd9eb90e631460118fca1b00d1d1e81755e762c6d
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF106eb9.TMP
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
––
MD5:  ––
SHA256:  ––
3708
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF106e6b.TMP
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a736f6b4-4a34-4361-bbdc-ab43e203ff8b.tmp
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF106a06.TMP
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 768258eee3510091c97ade3bca3dc828
SHA256: 1f00cceba22a3fa7d0fffdebb99b95f0dfe19d2cda162abc09fc0d8a6e8ff21d
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF1069c8.TMP
text
MD5: c5a804a5780cfc948a8db73979de968b
SHA256: 2c6f183b3e9dfa1bdf791091ad09cdcb079307d23864dbc07c81f280aa7d9227
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: c5a804a5780cfc948a8db73979de968b
SHA256: 2c6f183b3e9dfa1bdf791091ad09cdcb079307d23864dbc07c81f280aa7d9227
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: 007e2c8f160468cc5a8b6c225f0ac40c
SHA256: 7f09cf7ac785c12f0062eb23854505c4ed396c6522eca7109b43ad5cc1a5f74b
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: 70f27bb5ff84782e8065f81ee64e6008
SHA256: fd5dd0c6f1056c6ee6c2d29bd31653abb589e7d528957942e65b3972b7ecb4e9
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF1069a9.TMP
text
MD5: 768258eee3510091c97ade3bca3dc828
SHA256: 1f00cceba22a3fa7d0fffdebb99b95f0dfe19d2cda162abc09fc0d8a6e8ff21d
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
2000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: 9543068b6751e1f3e11f91d72ee78d95
SHA256: d060ad21ae6e04cb58668caa52adfca573e018102cc07554d2ed3eae11ab7785
2664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: f679598350690f14a2479935d826682b
SHA256: 4e7e1987eaf5ec751eb16b9f7cbae1c55873f1afe8e2b52416ed454f4efbf239

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
2
TCP/UDP connections
19
DNS requests
10
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3708 chrome.exe GET 200 205.185.216.10:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
shared
3708 chrome.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D US
der
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3708 chrome.exe 172.217.22.99:443 Google Inc. US whitelisted
3708 chrome.exe 172.217.22.45:443 Google Inc. US whitelisted
3708 chrome.exe 205.185.216.10:80 Highwinds Network Group, Inc. US whitelisted
3708 chrome.exe 172.217.16.170:443 Google Inc. US whitelisted
3708 chrome.exe 173.252.187.103:443 SunGard Availability Services LP US unknown
3708 chrome.exe 172.217.21.195:443 Google Inc. US whitelisted
3708 chrome.exe 172.217.18.99:443 Google Inc. US whitelisted
–– –– 172.217.18.99:443 Google Inc. US whitelisted
3708 chrome.exe 13.35.253.31:443 US malicious
3708 chrome.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3708 chrome.exe 172.217.18.110:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
clientservices.googleapis.com 172.217.22.99
shared
tecoenergy.maspcl2.medgate.com 173.252.187.103
unknown
accounts.google.com 172.217.22.45
shared
www.download.windowsupdate.com 205.185.216.10
205.185.216.10
205.185.216.42
205.185.216.10
shared
fonts.googleapis.com 172.217.16.170
whitelisted
fonts.gstatic.com 172.217.21.195
shared
ssl.gstatic.com 172.217.18.99
shared
cdn.pendo.io 13.35.253.31
13.35.253.126
13.35.253.22
13.35.253.99
whitelisted
clients1.google.com 172.217.18.110
whitelisted
ocsp.digicert.com 93.184.220.29
shared

Threats

No threats detected.

Debug output strings

No debug info.