General Info

File name

Roblox Account Checker v3.exe

Full analysis
https://app.any.run/tasks/fd19f720-5721-4032-b351-48c64bb44606
Verdict
Malicious activity
Analysis date
6/12/2019, 01:17:00
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

autoit

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5

671f2d6aafc95d8e48a4716cbd83248e

SHA1

a2f2f6dab17ef71591b8ae9b2cb3d385a86cfa6f

SHA256

9528242c5d247d4fe59fb5daa8226e32ccfaa3cdfc6b673804186a5545f5652a

SSDEEP

12288:jYV6MorX7qzuC3QHO9FQVHPF51jgc2H3haiW2DLmaDsaJnCK8RgcuN2tZGyxC+8+:gBXu9HGaVH2XMiWkCaDsRKIuAGyxIUB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • Roblox Account Checker v1.0.0.exe (PID: 3816)
Uses RUNDLL32.EXE to load library
  • Roblox Account Checker v3.exe (PID: 2256)
Reads Internet Cache Settings
  • rundll32.exe (PID: 1664)
  • rundll32.exe (PID: 552)
  • Roblox Account Checker v1.0.0.exe (PID: 3816)
Creates files in the user directory
  • rundll32.exe (PID: 552)
Executable content was dropped or overwritten
  • Roblox Account Checker v3.exe (PID: 2256)
Creates files in the user directory
  • opera.exe (PID: 1648)
  • WINWORD.EXE (PID: 2104)
Application launched itself
  • iexplore.exe (PID: 3064)
  • chrome.exe (PID: 3180)
Manual execution by user
  • iexplore.exe (PID: 3064)
  • wmplayer.exe (PID: 940)
  • explorer.exe (PID: 3792)
  • chrome.exe (PID: 3180)
  • WINWORD.EXE (PID: 2104)
  • opera.exe (PID: 1648)
Reads Microsoft Office registry keys
  • WINWORD.EXE (PID: 2104)
Reads settings of System Certificates
  • chrome.exe (PID: 3180)
Reads Internet Cache Settings
  • iexplore.exe (PID: 1140)
Reads internet explorer settings
  • iexplore.exe (PID: 1140)
Changes internet zones settings
  • iexplore.exe (PID: 3064)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win64 Executable (generic) (28.6%)
.exe
|   UPX compressed Win32 Executable (28%)
.exe
|   Win32 EXE Yoda's Crypter (27.5%)
.dll
|   Win32 Dynamic Link Library (generic) (6.8%)
.exe
|   Win32 Executable (generic) (4.6%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2019:05:06 19:06:23+02:00
PEType:
PE32
LinkerVersion:
12
CodeSize:
352256
InitializedDataSize:
847872
UninitializedDataSize:
1372160
EntryPoint:
0x1a59b0
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
1.0.0.0
ProductVersionNumber:
1.0.0.0
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Dynamic link library
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
FileDescription:
Roblox Checker
OriginalFileName:
Roblox Checker.exe
CompanyName:
Microsoft
FileVersion:
...
LegalCopyright:
Copyright © Microsoft 2017
ProductName:
Roblox Checker
ProductVersion:
...
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
06-May-2019 17:06:23
Detected languages
English - United Kingdom
English - United States
FileDescription:
Roblox Checker
OriginalFilename:
Roblox Checker.exe
CompanyName:
Microsoft
FileVersion:
...
LegalCopyright:
Copyright © Microsoft 2017
ProductName:
Roblox Checker
ProductVersion:
...
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000110
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
3
Time date stamp:
06-May-2019 17:06:23
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
UPX0 0x00001000 0x0014F000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
UPX1 0x00150000 0x00056000 0x00055C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.93584
.rsrc 0x001A6000 0x000CF000 0x000CE600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 6.29451
Resources
1

2

3

4

7

8

9

10

11

12

99

162

164

166

169

313

BOOTVIDG

UEVAGENTPOLICYGENERATORR

QIXTNEYVGCJCCKBWJIEQ

SCRIPT

Imports
    KERNEL32.DLL

    ADVAPI32.dll

    COMCTL32.dll

    COMDLG32.dll

    GDI32.dll

    IPHLPAPI.DLL

    MPR.dll

    ole32.dll

    OLEAUT32.dll

    PSAPI.DLL

    SHELL32.dll

    USER32.dll

    USERENV.dll

    UxTheme.dll

    VERSION.dll

    WININET.dll

    WINMM.dll

    WSOCK32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
59
Monitored processes
25
Malicious processes
0
Suspicious processes
1

Behavior graph

+
drop and start start roblox account checker v3.exe roblox account checker v1.0.0.exe no specs rundll32.exe no specs explorer.exe no specs winword.exe no specs rundll32.exe no specs wmplayer.exe no specs chrome.exe setup_wm.exe chrome.exe no specs opera.exe chrome.exe no specs chrome.exe no specs iexplore.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs iexplore.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2256
CMD
"C:\Users\admin\AppData\Local\Temp\Roblox Account Checker v3.exe"
Path
C:\Users\admin\AppData\Local\Temp\Roblox Account Checker v3.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft
Description
Roblox Checker
Version
...
Modules
Image
c:\users\admin\appdata\local\temp\roblox account checker v3.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\version.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\roblox account checker v1.0.0.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll

PID
3816
CMD
"C:\Users\admin\AppData\Local\Temp\Roblox Account Checker v1.0.0.exe"
Path
C:\Users\admin\AppData\Local\Temp\Roblox Account Checker v1.0.0.exe
Indicators
No indicators
Parent process
Roblox Account Checker v3.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft
Description
Roblox Checker
Version
1.0.0.0
Modules
Image
c:\users\admin\appdata\local\temp\roblox account checker v1.0.0.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runt73a1fc9d#\647f9e8a4465888d8348c3f66611c463\system.runtime.remoting.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\profapi.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mssvp.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll

PID
552
CMD
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
Roblox Account Checker v3.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll

PID
3792
CMD
"C:\Windows\explorer.exe"
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\actxprxy.dll

PID
2104
CMD
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Documents\dcprogramming.rtf"
Path
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Word
Version
14.0.6024.1000
Modules
Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
c:\windows\system32\spool\drivers\w32x86\3\sendtoonenoteui.dll
c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
c:\windows\system32\fontsub.dll
c:\windows\system32\prntvpt.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\microsoft office\office14\msproof7.dll
c:\program files\microsoft office\office14\proof\1033\msgr3en.dll
c:\windows\system32\sxs.dll
c:\program files\microsoft office\office14\proof\mssp7en.dll
c:\program files\microsoft office\office14\mscss7en.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\program files\microsoft office\office14\css7data0009.dll
c:\program files\microsoft office\office14\mscss7cm_en.dub
c:\program files\microsoft office\office14\mscss7wre_en.dub
c:\program files\common files\microsoft shared\office14\1033\alrtintl.dll
c:\program files\microsoft office\office14\gkword.dll
c:\windows\system32\oleacc.dll
c:\program files\common files\system\ado\msadox.dll
c:\windows\system32\netutils.dll

PID
1664
CMD
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
Roblox Account Checker v3.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll

PID
940
CMD
"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1
Path
C:\Program Files\Windows Media Player\wmplayer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Media Player
Version
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\windows media player\wmplayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\program files\windows media player\setup_wm.exe

PID
3180
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll

PID
3284
CMD
"C:\Program Files\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1
Path
C:\Program Files\Windows Media Player\setup_wm.exe
Indicators
Parent process
wmplayer.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Media Configuration Utility
Version
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\windows media player\setup_wm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\pdh.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\system32\mf.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wmploc.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\quartz.dll
c:\windows\system32\winmm.dll
c:\windows\system32\devenum.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msxml6.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll

PID
3432
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x5e6b0f18,0x5e6b0f28,0x5e6b0f34
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
1648
CMD
"C:\Program Files\Opera\opera.exe"
Path
C:\Program Files\Opera\opera.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Opera Software
Description
Opera Internet Browser
Version
1748
Modules
Image
c:\program files\opera\opera.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\opera\opera.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\devenum.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\quartz.dll
c:\program files\adobe\acrobat reader dc\reader\browser\nppdf32.dll
c:\windows\system32\macromed\flash\npswf32_26_0_0_131.dll
c:\program files\java\jre1.8.0_92\bin\dtplugin\npdeployjava1.dll
c:\program files\java\jre1.8.0_92\bin\plugin2\npjp2.dll
c:\progra~1\micros~1\office14\npauthz.dll
c:\progra~1\micros~1\office14\npspwrap.dll
c:\program files\google\update\1.3.33.23\npgoogleupdate3.dll
c:\program files\videolan\vlc\npvlc.dll
c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll

PID
3048
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3692 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_watcher.dll

PID
3396
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=936,4225126929265290624,9239622935232923455,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4163057894409501010 --mojo-platform-channel-handle=952 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\73.0.3683.75\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libegl.dll

PID
3064
CMD
"C:\Program Files\Internet Explorer\iexplore.exe"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll

PID
3212
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,4225126929265290624,9239622935232923455,131072 --enable-features=PasswordImport --service-pipe-token=2220975374350438105 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2220975374350438105 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1108
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,4225126929265290624,9239622935232923455,131072 --enable-features=PasswordImport --service-pipe-token=3713037342611936205 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3713037342611936205 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2508
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,4225126929265290624,9239622935232923455,131072 --enable-features=PasswordImport --service-pipe-token=9246558397659425586 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9246558397659425586 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1140
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3064 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll

PID
2652
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,4225126929265290624,9239622935232923455,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=10767857167688619595 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10767857167688619595 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=964 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3408
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=936,4225126929265290624,9239622935232923455,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=3651097867655088248 --mojo-platform-channel-handle=2664 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
4032
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=936,4225126929265290624,9239622935232923455,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=16421734717615132844 --mojo-platform-channel-handle=3940 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
4040
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=936,4225126929265290624,9239622935232923455,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=4994224604634086140 --mojo-platform-channel-handle=4104 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2292
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=936,4225126929265290624,9239622935232923455,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=1293539906183902212 --mojo-platform-channel-handle=4088 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2344
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=936,4225126929265290624,9239622935232923455,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5910897936936647812 --mojo-platform-channel-handle=4176 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3164
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=936,4225126929265290624,9239622935232923455,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=17660648639919052206 --mojo-platform-channel-handle=4188 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
2602
Read events
2144
Write events
452
Delete events
6

Modification events

PID
Process
Operation
Key
Name
Value
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0200000001000000000000000700000006000000030000000500000004000000FFFFFFFF
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
TV_FolderType
{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
TV_TopViewID
{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\50\ComDlg
TV_TopViewVersion
0
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
Mode
4
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
LogicalViewMode
1
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
FFlags
1092616257
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
IconSize
16
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A0000001001000030F125B7EF471A10A5F102608C9EEBAC0E0000007800000030F125B7EF471A10A5F102608C9EEBAC040000007800000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
Sort
000000000000000000000000000000000200000030F125B7EF471A10A5F102608C9EEBAC0A0000000100000030F125B7EF471A10A5F102608C9EEBAC0E000000FFFFFFFF
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
FFlags
1
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules\GlobalSettings\ProperTreeModuleInner
ProperTreeModuleInner
9C000000980000003153505305D5CDD59C2E1B10939708002B2CF9AE3B0000002A000000004E0061007600500061006E0065005F004300460044005F0046006900720073007400520075006E0000000B000000000000004100000030000000004E0061007600500061006E0065005F00530068006F0077004C00690062007200610072007900500061006E00650000000B000000FFFF00000000000000000000
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
ExpandedState
06000000160014001F8080A63C324DC29940B94D446DD2D7249E0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F4225481E03947BC34DB131E946B44C8DD50000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F43983FFBB4EAC18D42A78AD1F5659CBA930000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D0000000000000000002000000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F580D1A2CF021BE504388B07367FC96EF3C0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B00000000000000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2
1
740000001A00EEBBFE23000010007DB10D7BD29C934A973346CC89022E7C00002A0000000000EFBE000000200000000000000000000000000000000000000000000000000100000020002A0000001900EFBE7E47B3FBE4C93B4BA2BAD3F5D3CD46F98207BA827A5B6945B5D7EC83085F08CC20000000
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2
MRUListEx
0100000000000000FFFFFFFF
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1
0
48040000180481191410EE032000000000600000000000000000000000000000000000000000000000000001000029000000315350533C0AF1E4E6495D408288A23BD4EEAA6C0D00000064000000000100000000000000280100003153505340E83E1E2BBC6C4782372ACD1A839B2211000000140000000003000000010000002500000003000000001F100000010000000700000066006F006C00640065007200000000007500000011000000001F000000310000007B00310036003800350044003400410042002D0041003500310042002D0034004100460031002D0041003400450035002D004300450045003800370030003000320034003300310044007D002E004D006500720067006500200041006E007900000000006100000008000000001F0000002700000043003A005C00550073006500720073005C00610064006D0069006E005C0044006F00630075006D0065006E00740073005C004F00750074006C006F006F006B002000460069006C00650073000000000000000000940000003153505330F125B7EF471A10A5F102608C9EEBAC2900000004000000001F0000000C000000460069006C006500200066006F006C0064006500720000000D0000000C0000000001000000150000000E0000000040000000009678FC53DED4012D0000000A000000001F0000000E0000004F00750074006C006F006F006B002000460069006C00650073000000000000002801000031535053A66A63283D95D211B5D600C04FD918D0A90000002000000000111000009600000014001F44471A0359723FA74489C55595FE6B30EE200000001A00EEBBFE2300001000D09AD3FD8F23AF46ADB46C85480369C700006000310000000000734E4A6810004F55544C4F4F7E310000480008000400EFBE1B4D1860734E4A682A0000004F2A00000000030000000000000000000000000000004F00750074006C006F006F006B002000460069006C00650073000000180000000000110000001900000000130000007F018070250000000B000000001F0000000A0000004400690072006500630074006F007200790000002D00000018000000001F0000000E0000004F00750074006C006F006F006B002000460069006C00650073000000000000002D00000031535053901C6949177E1A10A91C08002B2ECDA91100000003000000000300000000000000000000002D00000031535053C0E85BCF6C23D34ABACECD608A2748D71100000064000000000B000000FFFF0000000000003100000031535053B1166D44AD8D7048A748402EA43D788C15000000640000000015000000566AA6E426B3F222000000002900000031535053F4767D7A30B6D74B95FF37CC51A975C90D000000020000000001000000000000002900000031535053FCB3B4B9512B424AB5D8324146AFCF250D000000080000000001000000000000000000000000002A0000000000EFBE40A7983F9C83F74A8C365BADFB33D5FD8207BA827A5B6945B5D7EC83085F08CC1E040000
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1
MRUListEx
00000000FFFFFFFF
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0
NodeSlot
96
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0
MRUListEx
FFFFFFFF
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\96\ComDlg
TV_FolderType
{3F98A740-839C-4AF7-8C36-5BADFB33D5FD}
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\96\ComDlg
TV_TopViewID
{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\96\ComDlg
TV_TopViewVersion
0
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1
1
680400003804811914100E042000000000600000000000000000000000000000000000000000000000000001000029000000315350533C0AF1E4E6495D408288A23BD4EEAA6C0D00000064000000000100000000000000300100003153505340E83E1E2BBC6C4782372ACD1A839B2211000000140000000003000000010000002500000003000000001F100000010000000700000066006F006C00640065007200000000007500000011000000001F000000310000007B00310036003800350044003400410042002D0041003500310042002D0034004100460031002D0041003400450035002D004300450045003800370030003000320034003300310044007D002E004D006500720067006500200041006E007900000000006900000008000000001F0000002B00000043003A005C00550073006500720073005C00610064006D0069006E005C0044006F00630075006D0065006E00740073005C004F006E0065004E006F007400650020004E006F007400650062006F006F006B00730000000000000000009C0000003153505330F125B7EF471A10A5F102608C9EEBAC2900000004000000001F0000000C000000460069006C006500200066006F006C0064006500720000000D0000000C0000000001000000150000000E000000004000000000A2E886FD3DD401350000000A000000001F000000120000004F006E0065004E006F007400650020004E006F007400650062006F006F006B0073000000000000003801000031535053A66A63283D95D211B5D600C04FD918D0B10000002000000000111000009E00000014001F44471A0359723FA74489C55595FE6B30EE200000001A00EEBBFE2300001000D09AD3FD8F23AF46ADB46C85480369C7000068003100000000001B4D0A6010004F4E454E4F547E310000500008000400EFBE1B4D0A601B4D0A602A000000990E00000000020000000000000000000000000000004F006E0065004E006F007400650020004E006F007400650062006F006F006B0073000000180000000000110000001900000000130000007F018070250000000B000000001F0000000A0000004400690072006500630074006F007200790000003500000018000000001F000000120000004F006E0065004E006F007400650020004E006F007400650062006F006F006B0073000000000000002D00000031535053901C6949177E1A10A91C08002B2ECDA91100000003000000000300000000000000000000002D00000031535053C0E85BCF6C23D34ABACECD608A2748D71100000064000000000B000000FFFF0000000000003100000031535053B1166D44AD8D7048A748402EA43D788C15000000640000000015000000B6D61CEB2A68D0ED000000002900000031535053F4767D7A30B6D74B95FF37CC51A975C90D000000020000000001000000000000002900000031535053FCB3B4B9512B424AB5D8324146AFCF250D000000080000000001000000000000000000000000002A0000000000EFBE40A7983F9C83F74A8C365BADFB33D5FD8207BA827A5B6945B5D7EC83085F08CC3E040000
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1
MRUListEx
0100000000000000FFFFFFFF
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\1
NodeSlot
97
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\1
MRUListEx
FFFFFFFF
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\97\ComDlg
TV_FolderType
{3F98A740-839C-4AF7-8C36-5BADFB33D5FD}
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\97\ComDlg
TV_TopViewID
{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\97\ComDlg
TV_TopViewVersion
0
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1
2
680400003804811914100E042000000000600000000000000000000000000000000000000000000000000001000029000000315350533C0AF1E4E6495D408288A23BD4EEAA6C0D00000064000000000100000000000000300100003153505340E83E1E2BBC6C4782372ACD1A839B2211000000140000000003000000010000002500000003000000001F100000010000000700000066006F006C00640065007200000000007500000011000000001F000000310000007B00310036003800350044003400410042002D0041003500310042002D0034004100460031002D0041003400450035002D004300450045003800370030003000320034003300310044007D002E004D006500720067006500200041006E007900000000006900000008000000001F0000002B00000043003A005C00550073006500720073005C00610064006D0069006E005C0044006F00630075006D0065006E00740073005C004F006E0065004E006F007400650020004E006F007400650062006F006F006B00730000000000000000009C0000003153505330F125B7EF471A10A5F102608C9EEBAC2900000004000000001F0000000C000000460069006C006500200066006F006C0064006500720000000D0000000C0000000001000000150000000E000000004000000000A2E886FD3DD401350000000A000000001F000000120000004F006E0065004E006F007400650020004E006F007400650062006F006F006B0073000000000000003801000031535053A66A63283D95D211B5D600C04FD918D0B10000002000000000111000009E00000014001F44471A0359723FA74489C55595FE6B30EE200000001A00EEBBFE2300001000D09AD3FD8F23AF46ADB46C85480369C7000068003100000000001B4D0A6010004F4E454E4F547E310000500008000400EFBE1B4D0A601B4D0A602A000000990E00000000020000000000000000000000000000004F006E0065004E006F007400650020004E006F007400650062006F006F006B0073000000180000000000110000001900000000130000007F018070250000000B000000001F0000000A0000004400690072006500630074006F007200790000003500000018000000001F000000120000004F006E0065004E006F007400650020004E006F007400650062006F006F006B0073000000000000002D00000031535053901C6949177E1A10A91C08002B2ECDA91100000003000000000300000000000000000000002D00000031535053C0E85BCF6C23D34ABACECD608A2748D71100000064000000000B000000FFFF0000000000003100000031535053B1166D44AD8D7048A748402EA43D788C15000000640000000015000000B6D61CEB2A68D0ED000000002900000031535053F4767D7A30B6D74B95FF37CC51A975C90D000000020000000001000000000000002900000031535053FCB3B4B9512B424AB5D8324146AFCF250D000000080000000001000000000000000000000000002A0000001900EFBE40A7983F9C83F74A8C365BADFB33D5FD8207BA827A5B6945B5D7EC83085F08CC3E040000
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1
MRUListEx
020000000100000000000000FFFFFFFF
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\2
0
D9040000A904811914107F042000000000600000000000000000000000000000000000000000000000000001000029000000315350533C0AF1E4E6495D408288A23BD4EEAA6C0D00000064000000000100000000000000400100003153505340E83E1E2BBC6C4782372ACD1A839B2211000000140000000003000000010000002500000003000000001F100000010000000700000066006F006C00640065007200000000007500000011000000001F000000310000007B00310036003800350044003400410042002D0041003500310042002D0034004100460031002D0041003400450035002D004300450045003800370030003000320034003300310044007D002E004D006500720067006500200041006E007900000000007900000008000000001F0000003400000043003A005C00550073006500720073005C00610064006D0069006E005C0044006F00630075006D0065006E00740073005C004F006E0065004E006F007400650020004E006F007400650062006F006F006B0073005C0050006500720073006F006E0061006C000000000000008C0000003153505330F125B7EF471A10A5F102608C9EEBAC2900000004000000001F0000000C000000460069006C006500200066006F006C0064006500720000000D0000000C0000000001000000150000000E000000004000000000CF1988FD3DD401250000000A000000001F0000000900000050006500720073006F006E0061006C0000000000000000007C01000031535053A66A63283D95D211B5D600C04FD918D005010000200000000011100000F400000014001F44471A0359723FA74489C55595FE6B30EE200000001A00EEBBFE2300001000D09AD3FD8F23AF46ADB46C85480369C7000068003100000000001B4D0A6010004F4E454E4F547E310000500008000400EFBE1B4D0A601B4D0A602A000000990E00000000020000000000000000000000000000004F006E0065004E006F007400650020004E006F007400650062006F006F006B0073000000180056003100000000001B4D0B601000506572736F6E616C00003E0008000400EFBE1B4D0A601B4D0B602A0000009A0E000000000200000000000000000000000000000050006500720073006F006E0061006C00000018000000110000001900000000130000007F018070250000000B000000001F0000000A0000004400690072006500630074006F007200790000002500000018000000001F0000000900000050006500720073006F006E0061006C0000000000000000002D00000031535053AADB6F004F861C4DA8E8E62772E454FE110000000B000000000300000001000000000000002D00000031535053901C6949177E1A10A91C08002B2ECDA91100000003000000000300000000000000000000002D00000031535053C0E85BCF6C23D34ABACECD608A2748D71100000064000000000B000000FFFF0000000000003100000031535053B1166D44AD8D7048A748402EA43D788C150000006400000000150000005C972DF6C7BA847F000000002900000031535053F4767D7A30B6D74B95FF37CC51A975C90D000000020000000001000000000000002900000031535053FCB3B4B9512B424AB5D8324146AFCF250D000000080000000001000000000000000000000000002A0000000000EFBE40A7983F9C83F74A8C365BADFB33D5FD8207BA827A5B6945B5D7EC83085F08CCAF040000
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\2
MRUListEx
00000000FFFFFFFF
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\2\0
NodeSlot
98
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\2\0
MRUListEx
FFFFFFFF
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\98\ComDlg
TV_FolderType
{3F98A740-839C-4AF7-8C36-5BADFB33D5FD}
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\98\ComDlg
TV_TopViewID
{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\98\ComDlg
TV_TopViewVersion
0
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
52006F0062006C006F00780020004100630063006F0075006E007400200043006800650063006B00650072002000760031002E0030002E0030002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073010000BE000000F30300009E020000000000000000000000000000000000000100000000000000
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
52006F0062006C006F00780020004100630063006F0075006E007400200043006800650063006B00650072002000760031002E0030002E0030002E006500780065000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070010000BC0000008F030000F80100000000000000000000000000000000000073010000BE000000F30300009E020000000000000000000000000000000000000100000000000000
3816
Roblox Account Checker v1.0.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
MRUListEx
0100000000000000FFFFFFFF
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
>p7
3E70370038080000010000000000000000000000
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1321992223
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1321992336
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1321992337
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
38080000FF95B2E8AB20D50100000000
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
%r7
257237003808000004000000000000008C00000001000000840000003E0043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C002E0064006F0074006D00000000000000
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
/s7
2F7337003808000006000000010000006600000002000000560000000400000063003A005C00750073006500720073005C00610064006D0069006E005C0064006F00630075006D0065006E00740073005C0064006300700072006F006700720061006D006D0069006E0067002E00720074006600000000000000
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
{B9AC6149-1CF1-470D-9054-60A4DFF847AF}
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
25
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Item 1
[F00000000][T01D520ABE96ED930][O00000000]*C:\Users\admin\Documents\
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Max Display
25
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 1
[F00000000][T01D520ABE96ED930][O00000000]*C:\Users\admin\Documents\dcprogramming.rtf
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\13EC1A
13EC1A
04000000380800002A00000043003A005C00550073006500720073005C00610064006D0069006E005C0044006F00630075006D0065006E00740073005C0064006300700072006F006700720061006D006D0069006E0067002E007200740066001100000064006300700072006F006700720061006D006D0069006E0067002E00720074006600000000000100000000000000005C5CAE1CBFD3011AEC13001AEC130000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
2104
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1321992233
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1321992234
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1321992233
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1321992234
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1321992254
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1321992255
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1321992235
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1321992236
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
019C826E445A4649A5B00BF08FCC4EEE
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1321992235
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1321992236
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1321992256
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1321992257
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1321992258
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1321992259
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1321992260
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1321992261
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Symbol
05050102010706020507
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Arial
020B0604020202020204
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Toolbars\Settings
Microsoft Word
0101000000000000000006000000
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400000000000F01FEC\Usage
ProductNonBootFilesIntl_1033
1321992202
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400000000000F01FEC\Usage
ProductNonBootFilesIntl_1033
1321992203
2104
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\13EC1A
2104
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery
2104
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Data
Settings
C00010033001000034010000040000001E0000001E0000001E0000001E0000001E0000001E000000220000001E0000001E0000001E000000060000000600000006000000060000000600000000000000060000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000C00000002000000020000000200000002000000000000000000000000000000480000000600000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000DC000000E25024A1100A00633090060007000A002D001600000016000000C0030000F501000004060300000000000000000000000000040087010C000600C80009000180FFFF000006000000040000000C0100000502000000000000A004020000001200000000603090000064000000000000FF0000FF000000000000FF01000000010000005C08E0100000000000010000E40400001D000100000000000000020050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D000000000000000000000000D4944600D49446010000002F91010000080A000600000003333296040000000A050C0C0302040600000300000101010606060000000000000000000000000000000000000063631900000001000000000000000000000000000000030000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000002100190000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006301190000008C0A00000000E01000004B0000004B0000002000640000006301190000008C0A00000000B01300004B0000004B000000640000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000009002000002000001010101010101000101010101010001010100010001000101010101010101000100020003010301030103000301020003010301030103010000230101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101120101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010301010101010101010101010101FFFFCFFFFFFF00008602FFFF00008602FFFF00000C00FFFF00000100FFFF00000100FFFF0000010061000000610064006D0069006E000000000000000000000087FFFF0300003E00020200000600090034000000000090009000000000000F000000FFFFFF000000000000001400140000000000000002637800C80000000000140000000000900090008000FFFF00000800FFFF00000800FFFF0B00040001002000018014000B0043006F007500720069006500720020004E0065007700018014000B0043006F007500720069006500720020004E0065007700018014000B0043006F007500720069006500720020004E00650077000180140001002000018014000B0043006F007500720069006500720020004E00650077000180140009004D005300200047006F0074006800690063000180150007004D0069006E0067004C0069005500018018000600530069006D00530075006E0001801500050044006F00740075006D00018014000100200001801C0001000000010000800100008014010000
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
BackgroundOpen
0
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1321992338
2104
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1321992339
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTF
110
2104
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTA
110
940
wmplayer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
940
wmplayer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3180
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3180
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3180
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
3180
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
3180
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
3180
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13204768687999953
3180
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
3180
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
D5D5F3FA0A6AE54B37F2144464A26730193AC384105DA8E4B06BAF696000F6F4
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
BF1592A59BA489D3BF69A7DFD4C3E0DB2EF9B44F9A34DC29F76C40F708E1B5C9
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
B0ED5B113C0413495C7BD9F16A8988EBBF804793CD37C4EAB87B82AD2EC7EB5E
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
8E72A186914B859223276B6CBA128E353AFC58B9099B9A8ED442C648E3FD706C
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
B5B6C384E140B5AE6393279ADD0F49D3C3D7449A2AEB70BEF0E7324EC724E61A
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
8248674C056B63644EFD61B2DFEDCF8B85DC179B8599361FC97BB50AFD3D412D
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
00175B8120231631976CA8B862A3416996C9373BA3D289F0619DDA992973DDFA
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
0E265BFED6F1C7D5F0A9BD790C50BB30E78E959631D51EEBB8BB0DE73E65763C
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
EFA63CBF982B82CF44E63E567FF3BB95FE3F51570D9A0CED8846E77B13199169
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
B8B00D4A0F8621240ED80147565A03BF625E817B71950CB9EEF841AED43E590A
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
74B8EAE35329C0AFB582C1E593D4C445641EB8AC8AFA37F8F1807C7501F35892
3180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
8637E388CF818D6A0F3CEA3C248D24B72723D83C4B5F55BAB66956B18165B1F1
3284
setup_wm.exe
write
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Setup\UserOptions
DesktopShortcut
no
3284
setup_wm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_wm_RASAPI32
EnableFileTracing
0
3284
setup_wm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_wm_RASAPI32
EnableConsoleTracing
0
3284
setup_wm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_wm_RASAPI32
FileTracingMask
4294901760
3284
setup_wm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_wm_RASAPI32
ConsoleTracingMask
4294901760
3284
setup_wm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_wm_RASAPI32
MaxFileSize
1048576
3284
setup_wm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_wm_RASAPI32
FileDirectory
%windir%\tracing
3284
setup_wm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_wm_RASMANCS
EnableFileTracing
0
3284
setup_wm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_wm_RASMANCS
EnableConsoleTracing
0
3284
setup_wm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_wm_RASMANCS
FileTracingMask
4294901760
3284
setup_wm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_wm_RASMANCS
ConsoleTracingMask
4294901760
3284
setup_wm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_wm_RASMANCS
MaxFileSize
1048576
3284
setup_wm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_wm_RASMANCS
FileDirectory
%windir%\tracing
3284
setup_wm.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3284
setup_wm.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000073000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3284
setup_wm.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3284
setup_wm.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3284
setup_wm.exe
write
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Services\Bing
FriendlyName
Bing
3284
setup_wm.exe
write
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Services\Bing
ColorPlayer
#0063B0
3284
setup_wm.exe
write
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Services\Bing
ImageLargeURL
http://images.windowsmedia.com/svcswitch/mg4_wmp12_30x30_2.png
3284
setup_wm.exe
write
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Services\Bing
ImageMenuURL
http://images.windowsmedia.com/svcswitch/media_guide_16x16.png
3284
setup_wm.exe
write
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Services\Bing
Task1ButtonText
B g
3284
setup_wm.exe
write
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Services\Bing
Task1ButtonTip
Bing
3284
setup_wm.exe
write
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Services\Bing
Type
1
1648
opera.exe
write
HKEY_CURRENT_USER\Software\Opera Software
Last CommandLine v2
C:\Program Files\Opera\opera.exe
1648
opera.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3048
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3180-13204768686671828
259
3048
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3180-13204768686671828
0
2256
Roblox Account Checker v3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
GlobalUserOffline
0
2256
Roblox Account Checker v3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Roblox Account Checker v3_RASAPI32
EnableFileTracing
0
2256
Roblox Account Checker v3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Roblox Account Checker v3_RASAPI32
EnableConsoleTracing
0
2256
Roblox Account Checker v3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Roblox Account Checker v3_RASAPI32
FileTracingMask
4294901760
2256
Roblox Account Checker v3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Roblox Account Checker v3_RASAPI32
ConsoleTracingMask
4294901760
2256
Roblox Account Checker v3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Roblox Account Checker v3_RASAPI32
MaxFileSize
1048576
2256
Roblox Account Checker v3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Roblox Account Checker v3_RASAPI32
FileDirectory
%windir%\tracing
2256
Roblox Account Checker v3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Roblox Account Checker v3_RASMANCS
EnableFileTracing
0
2256
Roblox Account Checker v3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Roblox Account Checker v3_RASMANCS
EnableConsoleTracing
0
2256
Roblox Account Checker v3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Roblox Account Checker v3_RASMANCS
FileTracingMask
4294901760
2256
Roblox Account Checker v3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Roblox Account Checker v3_RASMANCS
ConsoleTracingMask
4294901760
2256
Roblox Account Checker v3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Roblox Account Checker v3_RASMANCS
MaxFileSize
1048576
2256
Roblox Account Checker v3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Roblox Account Checker v3_RASMANCS
FileDirectory
%windir%\tracing
2256
Roblox Account Checker v3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2256
Roblox Account Checker v3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2256
Roblox Account Checker v3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2256
Roblox Account Checker v3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2256
Roblox Account Checker v3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000074000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{2BD16F15-8C9F-11E9-A370-5254004A04AF}
0
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307060002000B001700120009002603
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307060002000B001700120009002F03
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307060002000B00170012000A00AE00
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
45
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307060002000B00170012000A00FC00
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
126
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307060002000B00170012000A005A01
3064
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
73

Files activity

Executable files
1
Suspicious files
69
Text files
112
Unknown types
24

Dropped files

PID
Process
Filename
Type
2256
Roblox Account Checker v3.exe
C:\Users\admin\AppData\Local\Temp\Roblox Account Checker v1.0.0.exe
executable
MD5: 30d0dd36b91c624c77945b311f824953
SHA256: dab49538bff2296dee52453bbcf3813afa694f7eb0f88350afebf583e3a50b84
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\da\messages.json
text
MD5: d8c15d9d13065e1541d2daa844edf672
SHA256: eca9d3926de6f1de2e14ac57453fbcffed822375354a8231a1f1cf800022f0ff
2104
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{005AA09D-EC30-4ABA-B189-10B0BD002945}.tmp
––
MD5:  ––
SHA256:  ––
2104
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
text
MD5: f3b25701fe362ec84616a93a45ce9998
SHA256: b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
binary
MD5: bc1310bc853793d8a1703a1fb0ce692b
SHA256: 77db57af4f1801dc3c11b2ed8ad4213bb563455d16426705fa5880dd988fbca3
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\dcache4.url
binary
MD5: 269abfcdb8eb1886306172aad82c919b
SHA256: 6e5005153bf4250978bd0f260f94b47abfa8b8676b36d7e8b8b1703c36c47f59
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\opr33E8.tmp
––
MD5:  ––
SHA256:  ––
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\opr33D7.tmp
––
MD5:  ––
SHA256:  ––
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
binary
MD5: f8f1abb5a51912ef13a3f4e944f5ee01
SHA256: 6275ead00a733e30583c20dc9233553407fa8a0fb9b42a9a11008a5dfffa405c
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\dcache4.url
binary
MD5: 0d8ab98766fc28e8d45431b610c53d5a
SHA256: fef8dbf3bcb0e6be084677c511dea89301c4b71ee4e9146d6a9eac43f65a1a62
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\dcache4.url
binary
MD5: 07a526b36c5aaeb3cb2715a8fa12a07d
SHA256: d107a68c4d70ae257ed73fc318a5b9cb5d153bc858b9f9c73f3a4f6872f73b9e
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\opcache\dcache4.url
binary
MD5: 0d8ab98766fc28e8d45431b610c53d5a
SHA256: fef8dbf3bcb0e6be084677c511dea89301c4b71ee4e9146d6a9eac43f65a1a62
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr33D6.tmp
––
MD5:  ––
SHA256:  ––
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr33D5.tmp
––
MD5:  ––
SHA256:  ––
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\mail\omailbase.dat
abr
MD5: f52d18b1988d60b85f3df3b422e67906
SHA256: e8c7c39ae1a30e455ceea25c20267ef6d3035cc2dbbaa80c62650ae6610710f8
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
xml
MD5: fce6a093a5af54a47ed465295e9c373b
SHA256: 2d60c9a416da348a79027cd2a38cac11f2c208681ffad4d40e918d834ffc70f1
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\wb.vx
abr
MD5: 92e9c1cacdf89ee367f1defbe237750c
SHA256: de74d00b0be06c30ca17e1ff973617de8bf1571a24045b02fd505f614b6f3bee
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\w.axx
abr
MD5: 04a1fb3bc2cdb697eec281ee1042d2aa
SHA256: dd9efd68d8bdb8cdabdee048202e38644ef8a9f7028d3e15643a3eca56f10b2b
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
xml
MD5: 8f9bc25082526679d20832e134280689
SHA256: 0fede19a884e68af700217770d350b22bfe9cee4cf87ba9438d50f2341a85b2c
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\cache_groups.xml
xml
MD5: 0c3d13ca7a1b93960f71a49613f4aa5c
SHA256: eb9eaf372a1df1d4d3f389bb09f05b0cd8a1dbd838ae1247f34b36fa7566bb5a
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\md.dat
abr
MD5: 4ccacb766afadcd2ae4c65e5eceaaec6
SHA256: b1c5eb9953002e3716807485e54ff249f2b7f4884083447eff8f38de1694f9a5
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\adoc.bx
abr
MD5: ad973d69060c288cf7c70e9ada4b4b81
SHA256: 998c3980d784c306a7b833e7fb914c731d3935d4b94894ba809bd90b11d7f496
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\url.axx
abr
MD5: 04a1fb3bc2cdb697eec281ee1042d2aa
SHA256: dd9efd68d8bdb8cdabdee048202e38644ef8a9f7028d3e15643a3eca56f10b2b
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
text
MD5: 378946a66814bed3e90d8b14e9d94180
SHA256: e3fabf8e0007a8a229c143f8ea11af31a52ee9a51297a692d8c3cb5217f76d85
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
text
MD5: 2a8485e873496254ba3d4d0f105d108d
SHA256: ec73116c7b1fbedba55b0b2cfe4585df62888611dd39f568dd3092f826de418d
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr33B4.tmp
––
MD5:  ––
SHA256:  ––
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr33B5.tmp
––
MD5:  ––
SHA256:  ––
1648
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF1433a1.TMP
binary
MD5: 9be9ccc710d3048cfd9bfa594a41206a
SHA256: 85766104413f074c4d5a44fe7a2472002a0b99dc59d4224db4cd1e19072d2903
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
text
MD5: 3f5281b948860e52fe0e440fa12be986
SHA256: dd343f8defafcf2e27b3ef50edb66a7821a4b219a0d326e1373355c02e5289af
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr33A3.tmp
––
MD5:  ––
SHA256:  ––
1648
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7XC10NJIWL3TIGXNOF6D.temp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF142fc9.TMP
text
MD5: 7e63881d26e674496f126f8517460270
SHA256: c25c6f1f4ac784f9f65f183e3d669b43fe52c97cfe5ee4a988cc528f80a166b2
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: c37c48a342399b66ead3bf695ebba1fb
SHA256: 6226cd1c5bd514580eedff800003d5915985bbac4e63a304fb1d01ec2ff58828
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 7e63881d26e674496f126f8517460270
SHA256: c25c6f1f4ac784f9f65f183e3d669b43fe52c97cfe5ee4a988cc528f80a166b2
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4263f91e-f917-48b6-8da0-fd9f6be51040.tmp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 1feceaa49c0d56d0e81e4b4b05c4a27b
SHA256: bde998b9762b5c7aaf72e73c45f41768a92c3d6020d501182511808537ea2fa2
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF142f1d.TMP
text
MD5: eb5d9894ad6afb69afd0b753fb662908
SHA256: 44708b59a42d45054633d35239103b9b37fb46ee2ebcc78a82bce6c9d7124a76
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF142f1d.TMP
text
MD5: 1feceaa49c0d56d0e81e4b4b05c4a27b
SHA256: bde998b9762b5c7aaf72e73c45f41768a92c3d6020d501182511808537ea2fa2
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: 4dce35aeeae5dc3434df0d6da6f465f8
SHA256: 44d54e4d9f4f2f312f95f9897e73fe6083220b75dd2bf201f075744158f2c2ba
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF142efe.TMP
text
MD5: df5b11746a900b381b5480abac149b59
SHA256: 13771055c2bb55f2bb1678333936e29fe316374b7133320637d488989f1fc2e0
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: df5b11746a900b381b5480abac149b59
SHA256: 13771055c2bb55f2bb1678333936e29fe316374b7133320637d488989f1fc2e0
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: f3c995a05cc7229ead4b9bd44e55518d
SHA256: c373f585637654f3e24c908076dc670b97ee73767e38f65978a38d7e16264816
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF142eee.TMP
text
MD5: f3c995a05cc7229ead4b9bd44e55518d
SHA256: c373f585637654f3e24c908076dc670b97ee73767e38f65978a38d7e16264816
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\b6a9c7e5-6b14-4344-af92-952326e7ab6b.tmp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bdbd94ea-0cec-4e3e-844f-f8cd5c78ea9b.tmp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
sqlite
MD5: 8cd014194b27e82f78493089c0dab580
SHA256: d1c41dac4594c9ff8885073d368c262455078564ad019545cbda649287c760d7
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF142ecf.TMP
text
MD5: eb5d9894ad6afb69afd0b753fb662908
SHA256: 44708b59a42d45054633d35239103b9b37fb46ee2ebcc78a82bce6c9d7124a76
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RF142eee.TMP
binary
MD5: 5ad8e7f122ee9036007ac5fe44633ed6
SHA256: 167519338b0c1789aa6978e752d0d4fcb2b15b80b9be47447e063ae79951323c
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d2b8dd45-c91d-4075-a894-4bbac3f8b65c.tmp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\28a71271-8e3e-49b0-928f-8bfb754bea10.tmp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
binary
MD5: 5ad8e7f122ee9036007ac5fe44633ed6
SHA256: 167519338b0c1789aa6978e752d0d4fcb2b15b80b9be47447e063ae79951323c
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
binary
MD5: bacfd428d631b19562ff4b0edd371bdc
SHA256: 468e173f3af23a0deb73910a2dff72ae4c5c4f856abc1f5b52791253dfc98961
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: 88a43758369f7726e0b119675ce2c4db
SHA256: 5b5c7a81db33b59864bf460e09e80e4449564c5f1d94c061037b351e0e928939
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
binary
MD5: dadb8623c420323242310d9e803bb948
SHA256: dcf8d07dd888826e4eba6c51965b29dfde47f06a89a597ebaff5fe4d910d438b
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: eb5d9894ad6afb69afd0b753fb662908
SHA256: 44708b59a42d45054633d35239103b9b37fb46ee2ebcc78a82bce6c9d7124a76
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: bcf01796cff9a10dd0d55c200b7a8a19
SHA256: a53e82a81c57e6205789f24e94564bf9672a10b9de22bf2e692db0f8c2c638cb
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: 8ee88a91b290727b50fff99548609518
SHA256: ed77fa0bf2e7398a3c045c47a46cfd75ea62eef917a0011d8c56ed0ef088212c
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: 20787ec6c564a89f672bea11580eebcd
SHA256: bce87e3eae3337f4414de9d6aeda888ae2ed792cd536d44db04ea749c1d35384
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
text
MD5: 15272bc8324a9cea6ea75f2d389f15f2
SHA256: b0f1dce6612a106dcda9ed0dbe301f8f95fd2f4848d413decaac3a191d42f2b3
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: 7876a8de43ef7e9661ca62f32ac6e07e
SHA256: b1977a71850e3932f8189009eb15d08493a05eeb3bd62fb0d87004140b43d4b5
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
text
MD5: d66f3ee359076fb2657fe62cfe56761f
SHA256: 3fb8550b4ace59eb1ccd42854fc8134e5ab170abdceeeaa8bd30ebe933c6d148
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: 9800312e9384581d93637d306dfbeeb7
SHA256: aec8583e9cd9c1b9b5a5cce738a27e0c82c819c3ef5b874857210f1b86d43dec
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: af01611d46e82a1128f7b2785627f99c
SHA256: 77482304efb734f5978657aaad9cfd8f4dc66106d9e4563f7fa4dafec1355275
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: 0e938a85d100e4fa1614cee4622987db
SHA256: bfd9495ccf3868f06a9147e24171676dbf585b5f26dc81140032c09d6c8baa2f
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: dfac269216ed598c8b22c15cdefa7b4a
SHA256: 4e40ca6f12c6095a67ffeba062217bf29a27512d4812be3b5716815045b76fc7
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: e396081347d86c667e3eab2ea8561c36
SHA256: 8fede7f3ff6b5af01a010e157846655aaafdb0f80920a1d82c70581f440e3b11
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
sqlite
MD5: d5a38ff34170edfcd7b25fb782d54861
SHA256: 405ac0ee04ba36a174f79e9005e16b46d1691ad9cf05a5d951c8c18d5ce66db5
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
binary
MD5: b246aa26aa910e7bce213a8b7ef886e6
SHA256: 51b6875fbfe47b618c3759789bd0013d79edbee77e5e457e0740972f30a5a4e1
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000018
binary
MD5: dc50999a09b1e2f6e9350855136b865e
SHA256: f759b718dac41a2b27aca56179793c7063060dd8dc1bc051948866503c275b6f
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\7969e2a0-16a2-4260-b39e-f3b0138bb21f.tmp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF142ebf.TMP
text
MD5: eb5d9894ad6afb69afd0b753fb662908
SHA256: 44708b59a42d45054633d35239103b9b37fb46ee2ebcc78a82bce6c9d7124a76
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites
sqlite
MD5: ce3615469d3c267d58692854cdfd2fe1
SHA256: 5d1274b58203d224625ef41c7d560835a9bd45415c60a87b0b2d1b3ca06ca794
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 89c00a8e4f5230432acea5e752ed1170
SHA256: 23550ad3798aff7c3fa2b3b06f807ff63af264f257945a8525ccaa6c07ac4bfe
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\04b4e192-4c69-44ec-9a55-5f3b43fa4613.tmp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: 86c0748a128182a41bbe6e271ab575d2
SHA256: bf3aa361a6dfcb24e6ccde8181782162729e0dc3d218e79caac214644db01551
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_metadata\verified_contents.json
text
MD5: 534a938bd2865df61df7c277140c05a9
SHA256: eb9bacb79d5eb7691848263c2464968ac76dc77215523b0cffef0dac948633ae
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\128.png
image
MD5: 8296a7a1ea469243e4dda6ae55fc5b30
SHA256: 02ac2ed96acbb00f229601e84764ceab9b2c1154dcfa25950d183d10c51999d3
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\el\messages.json
text
MD5: 45c782c0fca40046613e0c51f4cfacf3
SHA256: 95f06dcba5ffa7f3ec74b269f905f375a5521643667fb73e91dd8b499004fe4a
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\lt\messages.json
text
MD5: 02492104806ee4df0a89130618c96e05
SHA256: 6d83b6ff26e68160cb4b4724d82e01db2d802e457fb9b3497501279e0b8238bf
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\ro\messages.json
text
MD5: bf1072ac936cf9b335ad0cfac3276609
SHA256: 680c39f0e4f0499cef9c9917effb1ab7bc7da8bc1d8f08edda5f6fc21750f81e
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\th\messages.json
text
MD5: 7a24305a4cf66f3c2a3d12bce383349d
SHA256: e2aa0fdf812eaa7bd628321c1d7cc7888f50f656e95abd2d3b17b87a712f552e
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\sk\messages.json
text
MD5: 47b91f2c224e37a09d30cc936778de32
SHA256: c3975a4d38fb7edead8460669cffc61d0738714493893b4f6811c434cd61c6ca
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\sr\messages.json
text
MD5: 406db94ec9fb5ee20b5aa56a1e4a98a2
SHA256: eed84adf0ff933374dd424011d430abdb477c52bf0811b62f63eb878d419e7b5
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\es\messages.json
text
MD5: 6f960526591f2f94a376b8079edcb58f
SHA256: a241493399e4ffebf7c4565f8387e834730d72042195c9c0fb85cacaa8c5d4f7
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\zh_CN\messages.json
text
MD5: 912ad4d48776dbf4290e20f9e4f3f89e
SHA256: f338bd65429209556298300be5fe8f62918c9364076d0776275629f97bb6b303
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\fil\messages.json
text
MD5: c370215a431dc35bf44570308208de67
SHA256: 199a79de31af523a57150cdb620f4330e6bcb5f7e8eb7638ac5ece8c2427dc86
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\de\messages.json
text
MD5: 3ab602d33412335f3981f112c863377e
SHA256: 304fac7cb522aca81f317c3e389ab3844e502e5c9873286dc5146e9790015de5
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\fi\messages.json
text
MD5: d05b494bf837091cb790b4a024ff0200
SHA256: dfc2fb06dab475528440793415f68b28f5b3b42d14101b917cff20330469dd58
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\tr\messages.json
text
MD5: 2b8502417bbbd88dee280b6a13c9ec64
SHA256: d57b375b61090945c1e8953becbba6e310c83ab5039bac592cd40e93fc5bf4f7
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\se\messages.json
text
MD5: cb5f465a3a4043f68009154d1fa90b4a
SHA256: 27f9a6956d30d3c451c1a7cd7851342969267b6f7a472a57b1f049c91f47fc46
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\pl\messages.json
text
MD5: 0b0f161e99fddbfa3d0d98a4c1dc56c8
SHA256: 34358bb4c64ac2c27425b43405ef7e4a08c05d09cc2aee95f67cf8500e9e8c4c
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\hi\messages.json
text
MD5: 4673a5046916a5d8103edbbc411dda14
SHA256: 91bbc18ce7b9c0637e5c305a5a4296f8ac863bc2813f7aa3ae29a8536484d970
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\sl\messages.json
text
MD5: 2718a4bbc8392c285c34cb27ce09e6e4
SHA256: 06e69d423bfbb1940054382656a49ddc489595628971d66097182b63d262a25d
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\hu\messages.json
text
MD5: 7e77f71c323da7bc5414638f28e66537
SHA256: f3a73c0e53acd563c0cd7d26b9c07a533a48f1bb5fe38b48ae9ea585a2b41198
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\ko\messages.json
text
MD5: d1524e9d53ff7f08bd285b7833eaf818
SHA256: bb3783e52d717f98bce982a345a575a522ba5cb2d2bdc790bfec146555042298
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\pt_BR\messages.json
text
MD5: f4f4da7bd104db7df598ab3bd146a496
SHA256: cc9ec3feb6c9a8f688f5d6a4149b77df37c8b27fefd3d4ba8b6cce23dc8f25d9
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\en\messages.json
text
MD5: 0ff1702ea9732efebc25ae116930124c
SHA256: 5506f2e9761b0dde37a4d533af6543010a8aecca49c6c0b0ba754f7404a25c71
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\ja\messages.json
text
MD5: 4501e0c1a6e87bf745c158dd4e9b096a
SHA256: 366fe8db128cdbc917e7bcd46b50202ab762e683d293acb47646758d815f0bc0
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\ru\messages.json
text
MD5: f308c9ad4374a218a6c870e92dd8c98d
SHA256: e80fdf6f34a9dcf8f477b1a30d0080d4228c70e9a77c2112376a7031ffbf1eb8
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\cs\messages.json
text
MD5: 117ec3a475c8ba6c38f21144e2719e6c
SHA256: fbf51559ed82a17803307071abc743fc30b84ac8d24de290b0710824fa4892e8
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\ca\messages.json
text
MD5: f728a70a1d18e2be250faa9f19df5cf6
SHA256: 34f24a89e825112a2dca275d785cc9f307f048b713d6422930ea931a90942f0c
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\zh_TW\messages.json
text
MD5: d69b8d338662c1eda19490d806a565f8
SHA256: 8f4e882d11bceae96c79796d0e260bc7649afb5c255e630e772e5f4e13ef5f12
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\vi\messages.json
text
MD5: 323bad9d384ed39e1423852a70c0520e
SHA256: de2764bbaa8ea21a35f67ab0fb89f9c918118e19d8f86a220724118b73c516d5
2104
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{62BC8A9F-A8B6-4ABD-AFB3-4FCA2CA434B8}.tmp
––
MD5:  ––
SHA256:  ––
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\nl\messages.json
text
MD5: ca8c34aebd5c86e8c2c2e451f9d35170
SHA256: b61db3da7e6aa6378cc20127837bc04bb4eb00398d0f27bcbe85cbee8e5d4ae0
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\it\messages.json
text
MD5: 967861f9a37a55f6dfc314b6326ccf5b
SHA256: 4d1edce4d044414895eaf5d9602116e375ceac1316cd8639e889e389ab805634
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\ar\messages.json
text
MD5: de6f263ae205da90f45e2f60a708fbde
SHA256: b7081dbcec8967889c775238f988c510c3f40fa9a30baf797876ade5dde9080d
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\id\messages.json
text
MD5: 46ac218abc308be2b05fb09f58a8984d
SHA256: 68ce7ce5b132c05c24c49878918008adad13504c5e1b44ebb8b204e896fdd3b3
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\bg\messages.json
text
MD5: 7fd8c905eb48cbfad9297f5095160732
SHA256: 1bdf7f4c73b820712111fcafee6cf24166b1391927d512d2491d372fd02415b5
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\fr\messages.json
text
MD5: 33e79d30770198584e3cf88bb97a1673
SHA256: db4d3a5e27c67819e5f21a0213a212355c1796973055d2fcc57c6396a39f9175
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\lv\messages.json
text
MD5: 3cd5c1555dc3c9a49650bee7c047fdc3
SHA256: 0338bd4a83154973b643ca7378a132743ebf9698b02e4ba7443185b566f0d4a2
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\no\messages.json
text
MD5: 464edfd55f1e419b8dc73cf8a8ab5b0c
SHA256: 0e0f12e5ec4c8e6f6289f1ab44e4bfe22bd74cdae45ca245688e7f225ad15767
3180
chrome.exe
C:\Users\admin\AppData\Local\Temp\2779052c-196b-4bba-90cc-adaba831d3c7.tmp
crx
MD5: c9f1737667f13e06aa8cfb26416cd7f9
SHA256: d9a59c97ed4b1dc1c15ce3136afc93fc45d7a2253f7e9e26100f35499f3e94bf
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\uk\messages.json
text
MD5: 6cd805384eb074cf9ca67a1486c5d8d6
SHA256: 2ee376a0b8a24cb26135f0af411a5910e39b0cbc344bdbd44e938b1e3a4fdfa7
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\pt_PT\messages.json
text
MD5: 9cad95a1ca72da92152145b75c7ebabe
SHA256: bd8a2a21636a701490950b61aba6d147876684c28fde2e27ce5b317b4c522de0
2344
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\_locales\hr\messages.json
text
MD5: 40276aa4669a99689f4ea37df48099ea
SHA256: 08fa5bc882b5a28b11f72b39486e5d09639e7d179302dd41496979d5d62d13ce
4040
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\CRX_INSTALL\manifest.json
text
MD5: 48d205d381c5d5a764627921efe728be
SHA256: 7f5265ca54dc58fdae92edc2162d2c2962561f4e62fa67cc1845d2241c7c344d
3180
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir3180_25183\e33a3688-e796-4e24-a69d-8fe9990738ba.tmp
crx
MD5: 5ce874cb1d89b9c7ee3c4e6a8739072b
SHA256: a4c67ec9af05a7dd10a1cec7ffb0e0042301cf4100099a5fb317ef2b0636712f
3180
chrome.exe
C:\Users\admin\AppData\Local\Temp\9ff90c45-cf91-401a-a8f4-a6d3bb6136b4.tmp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Temp\e33a3688-e796-4e24-a69d-8fe9990738ba.tmp
crx
MD5: 5ce874cb1d89b9c7ee3c4e6a8739072b
SHA256: a4c67ec9af05a7dd10a1cec7ffb0e0042301cf4100099a5fb317ef2b0636712f
3064
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF05B086D66B130CD3.TMP
––
MD5:  ––
SHA256:  ––
3064
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{2BD16F15-8C9F-11E9-A370-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
1140
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 51cd193f8d9bb2a27f4e595ea420cad2
SHA256: 74d03d8ba6f3b75d381d072c86700fd3f5ad1293b124c87efff48a1315da104d
3064
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFDAABDAB2687845A5.TMP
––
MD5:  ––
SHA256:  ––
3064
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{2BD16F16-8C9F-11E9-A370-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3064
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF48B67F9E6F887FB2.TMP
––
MD5:  ––
SHA256:  ––
3064
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{2BD16F17-8C9F-11E9-A370-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\LOG
text
MD5: 4a3ad7ee645f4954bbf457bf75d16c8b
SHA256: 5757ddf7289a3d748f1596b4f743cb0cef60ed80ca4dc8f8f11e63b90268875a
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000003.log
binary
MD5: 10f1c692e6efc1458288c032d4a6acbf
SHA256: f1472c2fd6da71eca12fe5ce3cbd3c1496d4c535d31d6ed0bba315eac0bc753c
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8b8153f24f19a879_0
binary
MD5: b60c677dfe92539e5d5abcee298f17b9
SHA256: 19e13244da4f6cffd8483ff7aba1caddab7b7243d0acaf7b22ce923d53bf80b4
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e74eee5ea6e62a69_0
binary
MD5: bcbf9f51a7764e40c883b69a333b4bc8
SHA256: 49ebec536198e24b012767ff0867fd2d9d87b7d92869445078cd32a6a9a9dff2
1648
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms
binary
MD5: 9be9ccc710d3048cfd9bfa594a41206a
SHA256: 85766104413f074c4d5a44fe7a2472002a0b99dc59d4224db4cd1e19072d2903
1648
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF1420c5.TMP
binary
MD5: 9be9ccc710d3048cfd9bfa594a41206a
SHA256: 85766104413f074c4d5a44fe7a2472002a0b99dc59d4224db4cd1e19072d2903
1648
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7NUX2RWIPXVMNCNP5ADD.temp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
compressed
MD5: add1f5c40964fb4e8c25ad9463dd459b
SHA256: a1e3bcf94b40d4706a4f6e1f6ba6dc73cba2f9857a9be87f743bcb4e248d5a32
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
binary
MD5: fa24c5ed145c014ae90856a2b7b0f632
SHA256: 003a7794a7d4287c8b94ee1aad0acdd7df8aa285a8f507ae53340748092afaa5
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
binary
MD5: 7f5dcbf9f067f258078d5071195d5c51
SHA256: fec0be3946fe4780375cee50eb647bea4fb130af228e473fe442b39ff19d0492
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
binary
MD5: a62f3039d523314a3a497ef4fbb65ac3
SHA256: 784e16c9296a6183360242f17908d529b0a6b13b67fb6a58d7789a5c3edf5644
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp
––
MD5:  ––
SHA256:  ––
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
binary
MD5: 82f1a2b1176a5ecc457d32301e2ad833
SHA256: a783052804dd4c232be2ed3dc00c430cb67a20370890e235562ed2b27b5a602e
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
binary
MD5: 59761e989f564f76a3a4b778db7abcf1
SHA256: af879942d234d85c0ce75921dbdda50e2f6d135bd961f259106131751359052b
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
binary
MD5: fa7b6c9395261473c19f032d361cc5c0
SHA256: a3d11d599c946061591504a94c9ca524944a97d89d90fc1b1617e0143169ab28
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
xml
MD5: eb8236ac2df6446eda813c8a3a06fbe1
SHA256: 45042b6f440b54caad566c19a3056c30fe0a66574278da9c1aab95b0b4adc700
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr151E.tmp
––
MD5:  ––
SHA256:  ––
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
text
MD5: 5198618981e573be77920c5c84a37ecf
SHA256: 8fd9a8d7a173b895733f76610d3d3df3972dae2443065c73b3a2b60c8ffb4fd2
1648
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr14EE.tmp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8b8153f24f19a879_0
binary
MD5: 52b3c333e3a9c658fffded05fce0de5d
SHA256: 0c3653fdf99546bbf017ca98eb6e1ba5f949061fb68e4964172ea095a693e9b6
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
compressed
MD5: e831821b39fc745a8d344f93280ba11e
SHA256: 8df4ffe6dd0a53e66863f03ed67cdd3678550790ca39f201641848ea493641ab
3064
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3064
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3064
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ac18d8b0b8e93fb0_0
binary
MD5: 19d4d82a8632eba0a9de100eb36c184d
SHA256: 4173cd02bbb56327884516b942b39ee1fba1c112ca5a9704086c7b4716b1064a
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
compressed
MD5: 4123ee4419d49b85d367998098ad568e
SHA256: 88ca023164f94c394f9018f0ed49169adc71d0123e0e487398da050d1e0f11bc
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000001.dbtmp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
image
MD5: a9667ff1cbcc6ac54b8e7b42b9d2020c
SHA256: bbfa7b0ac47de7d8fee74b92a683f39279cb8bbe09e1c4063c348fd8818f56b9
3064
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
binary
MD5: 010bbcdbc8243b385f695475a4cad7f9
SHA256: 009231381a8e03c5a3ed6517ce57f1ade868e70b7fc5a129f2d9127593e48326
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000001.dbtmp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d04df595b4e8e6fb_0
binary
MD5: ca033127a9cb0a19a8c466355615fa95
SHA256: 78c4c052b14f096f3bb478de3375f9300e6e95f321f699d1a8ccb5b26a063b0c
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\MANIFEST-000001
binary
MD5: 3fd11ff447c1ee23538dc4d9724427a3
SHA256: 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\26e0798af95265e8_0
binary
MD5: 30178cb9569e4eca790351b39a9c3554
SHA256: 6c5e4b53914c841bb8c0a4f371956cca1cd6b0a51f3648981cf028d3c3ebfb69
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF140eb4.TMP
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF140e56.TMP
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
compressed
MD5: 3d3756d0b8051ae90afc027ad175f109
SHA256: 0fecfe723d6ca8f60e9f92e450f3e6fb588adf0b45ebcf72455af7d4cacfd186
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c44d9d1b1eaddfd6_0
binary
MD5: 9829189524e5e9118228ef33f93d003f
SHA256: cb15c77294e9c0b05075fdc8cfb46d5ab710ca4530fa1e5a5df3fd29253ada2d
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
flc
MD5: 4558555eabefad79d8ea0f49d0de720f
SHA256: 743e79f2a118a426b935c5c58a89404bde47baddd99e37c1fb8655f2bf0c9577
3284
setup_wm.exe
C:\Users\admin\AppData\Local\Temp\tmp13906.WMC\serviceinfo.xml
text
MD5: d58da90d6dc51f97cb84dfbffe2b2300
SHA256: 93acdb79543d9248ca3fca661f3ac287e6004e4b3dafd79d4c4070794ffbf2ad
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF140936.TMP
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
––
MD5:  ––
SHA256:  ––
1648
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\CACHEDIR.TAG
text
MD5: e717f92fa29ae97dbe4f6f5c04b7a3d9
SHA256: 5bbd5dcbf87fd8cd7544c522badf22a2951cf010ad9f25c40f9726f09ea2b552
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: c5a804a5780cfc948a8db73979de968b
SHA256: 2c6f183b3e9dfa1bdf791091ad09cdcb079307d23864dbc07c81f280aa7d9227
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5d951686-9a1f-4402-8e37-27b98e6ba7ca.tmp
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF1408a9.TMP
text
MD5: c5a804a5780cfc948a8db73979de968b
SHA256: 2c6f183b3e9dfa1bdf791091ad09cdcb079307d23864dbc07c81f280aa7d9227
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: 70f27bb5ff84782e8065f81ee64e6008
SHA256: fd5dd0c6f1056c6ee6c2d29bd31653abb589e7d528957942e65b3972b7ecb4e9
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 768258eee3510091c97ade3bca3dc828
SHA256: 1f00cceba22a3fa7d0fffdebb99b95f0dfe19d2cda162abc09fc0d8a6e8ff21d
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF14087a.TMP
text
MD5: 768258eee3510091c97ade3bca3dc828
SHA256: 1f00cceba22a3fa7d0fffdebb99b95f0dfe19d2cda162abc09fc0d8a6e8ff21d
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: 007e2c8f160468cc5a8b6c225f0ac40c
SHA256: 7f09cf7ac785c12f0062eb23854505c4ed396c6522eca7109b43ad5cc1a5f74b
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
3284
setup_wm.exe
C:\Users\admin\AppData\Local\Temp\tmp12421.WMC\allservices.xml
xml
MD5: df03e65b8e082f24dab09c57bc9c6241
SHA256: 155b9c588061c71832af329fafa5678835d9153b8fbb7592195ae953d0c455ba
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: f679598350690f14a2479935d826682b
SHA256: 4e7e1987eaf5ec751eb16b9f7cbae1c55873f1afe8e2b52416ed454f4efbf239
3180
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3432
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
2104
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\dcprogramming.rtf.LNK
lnk
MD5: f11e123b59a28ea384bc5a76c9e15fd3
SHA256: 63d638fc5fd81f066ec726b9d8d36b07af99ac377365907b47bea4f3ca557840
2104
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
text
MD5: 56e850b820d54e66a5167eaf434aa7d8
SHA256: 7ecb2acd8c235f435a812cc98b5e31ba167a0c40da8411e48b622c0911a15db1
2104
WINWORD.EXE
C:\Users\admin\Documents\~$programming.rtf
pgc
MD5: ed6e6aa546d0c432f5c02dd064f4819d
SHA256: ab933c9cd6df1f2f7aaa6ea1171dfba032c7b78f73c272f7e7dc8ab1ede50b3e
2104
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
pgc
MD5: 73c9d4be1d11b8a087e1665e26d9bc86
SHA256: 680e1624961af77a243c96b976cdf06e3a9bd256464339f00d8b1cbb251fd9e9
2104
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\CVRE88E.tmp.cvr
––
MD5:  ––
SHA256:  ––
552
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
552
rundll32.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
552
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: a3f0668ff8407c86bef1a92104b5c87a
SHA256: 09dcd2275608533f767f5120787e810a014a118911572ad2872348ec616b1c93
552
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RXWNJH6I\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
552
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OHWOEMB9\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
552
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5MQP42CN\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
552
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\17BQMQTS\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
552
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
552
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2104
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3C980048-5CC8-4716-BB04-1DFA0CB09C11}.tmp
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
9
TCP/UDP connections
24
DNS requests
21
Threats
3

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2256 Roblox Account Checker v3.exe GET –– 81.61.77.92:80 http://Mozilla.theworkpc.com/cc.exe ES
––
––
malicious
2256 Roblox Account Checker v3.exe GET –– 81.61.77.92:80 http://Mozilla.theworkpc.com/ll.exe ES
––
––
malicious
3284 setup_wm.exe GET 302 2.16.186.41:80 http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86 unknown
––
––
whitelisted
3284 setup_wm.exe GET 200 2.16.186.98:80 http://onlinestores.metaservices.microsoft.com/serviceswitching/AllServices.aspx?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86 unknown
xml
whitelisted
3284 setup_wm.exe GET 200 2.16.186.98:80 http://onlinestores.metaservices.microsoft.com/bing/bing.xml unknown
text
whitelisted
3064 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
1648 opera.exe GET 200 93.184.220.29:80 http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl US
der
whitelisted
3180 chrome.exe GET 302 216.58.210.14:80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx US
html
whitelisted
3180 chrome.exe GET 200 173.194.183.200:80 http://r3---sn-aigl6nl7.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=130.185.144.231&mm=28&mn=sn-aigl6nl7&ms=nvh&mt=1560294129&mv=u&pl=22&shardbypass=yes US
crx
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2256 Roblox Account Checker v3.exe 81.61.77.92:80 Vodafone Ono, S.A. ES malicious
3284 setup_wm.exe 2.16.186.41:80 Akamai International B.V. –– whitelisted
3284 setup_wm.exe 2.16.186.98:80 Akamai International B.V. –– whitelisted
3180 chrome.exe 172.217.23.173:443 Google Inc. US whitelisted
3180 chrome.exe 172.217.18.163:443 Google Inc. US whitelisted
3180 chrome.exe 172.217.21.227:443 Google Inc. US whitelisted
3180 chrome.exe 216.58.210.14:443 Google Inc. US whitelisted
3180 chrome.exe 172.217.18.99:443 Google Inc. US whitelisted
3180 chrome.exe 172.217.18.3:443 Google Inc. US whitelisted
3180 chrome.exe 172.217.18.110:443 Google Inc. US whitelisted
3064 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
1648 opera.exe 185.26.182.94:443 Opera Software AS –– malicious
1648 opera.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3180 chrome.exe 172.217.23.132:443 Google Inc. US whitelisted
3180 chrome.exe 216.58.205.227:443 Google Inc. US whitelisted
3180 chrome.exe 216.58.206.10:443 Google Inc. US whitelisted
3180 chrome.exe 172.217.23.163:443 Google Inc. US whitelisted
3180 chrome.exe 172.217.22.14:443 Google Inc. US whitelisted
3180 chrome.exe 172.217.22.1:443 Google Inc. US whitelisted
3180 chrome.exe 216.58.210.14:80 Google Inc. US whitelisted
3180 chrome.exe 173.194.183.200:80 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
mozilla.theworkpc.com 81.61.77.92
malicious
redir.metaservices.microsoft.com 2.16.186.41
2.16.186.11
whitelisted
onlinestores.metaservices.microsoft.com 2.16.186.98
2.16.186.90
whitelisted
clientservices.googleapis.com 172.217.18.163
whitelisted
www.google.com.ua 172.217.21.227
whitelisted
accounts.google.com 172.217.23.173
shared
clients1.google.com 216.58.210.14
whitelisted
ssl.gstatic.com 172.217.18.99
whitelisted
www.gstatic.com 172.217.18.3
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
apis.google.com 172.217.18.110
whitelisted
certs.opera.com 185.26.182.94
185.26.182.93
whitelisted
crl4.digicert.com 93.184.220.29
whitelisted
www.google.com 172.217.23.132
whitelisted
www.google.co.uk 216.58.205.227
whitelisted
fonts.googleapis.com 216.58.206.10
whitelisted
fonts.gstatic.com 172.217.23.163
whitelisted
clients2.google.com 172.217.22.14
whitelisted
clients2.googleusercontent.com 172.217.22.1
whitelisted
redirector.gvt1.com 216.58.210.14
whitelisted
r3---sn-aigl6nl7.gvt1.com 173.194.183.200
whitelisted

Threats

PID Process Class Message
2256 Roblox Account Checker v3.exe Potential Corporate Privacy Violation ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
2256 Roblox Account Checker v3.exe A Network Trojan was detected ET INFO AutoIt User Agent Downloading EXE
2256 Roblox Account Checker v3.exe Potentially Bad Traffic ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile

Debug output strings

No debug info.