General Info

URL

http://static.adguard.com/windows/setup.exe

Full analysis
https://app.any.run/tasks/418ed45a-92b4-42c1-9569-c6f6d5635c09
Verdict
Malicious activity
Analysis date
6/12/2019, 10:41:45
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • rundll32.exe (PID: 3216)
  • rundll32.exe (PID: 2916)
  • setup.exe (PID: 3740)
Application was dropped or rewritten from another process
  • setup.exe (PID: 3500)
  • setup.exe (PID: 3740)
Changes the autorun value in the registry
  • setup.exe (PID: 3500)
Changes settings of System certificates
  • msiexec.exe (PID: 2324)
Downloads executable files from the Internet
  • chrome.exe (PID: 3440)
Executed as Windows Service
  • WmiApSrv.exe (PID: 2596)
Executable content was dropped or overwritten
  • rundll32.exe (PID: 3216)
  • setup.exe (PID: 3500)
  • rundll32.exe (PID: 2916)
  • msiexec.exe (PID: 2324)
  • setup.exe (PID: 3740)
  • chrome.exe (PID: 3440)
Creates a software uninstall entry
  • setup.exe (PID: 3500)
Adds / modifies Windows certificates
  • msiexec.exe (PID: 2324)
Creates files in the program directory
  • setup.exe (PID: 3500)
Uses RUNDLL32.EXE to load library
  • MsiExec.exe (PID: 1964)
Application launched itself
  • msiexec.exe (PID: 2324)
  • chrome.exe (PID: 3440)
Loads dropped or rewritten executable
  • MsiExec.exe (PID: 1964)
Reads Internet Cache Settings
  • chrome.exe (PID: 3440)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
52
Monitored processes
17
Malicious processes
7
Suspicious processes
0

Behavior graph

+
drop and start start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs setup.exe setup.exe msiexec.exe msiexec.exe no specs rundll32.exe wmiapsrv.exe no specs rundll32.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3440
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://static.adguard.com/windows/setup.exe
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\users\admin\downloads\setup.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
3536
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6cd70f18,0x6cd70f28,0x6cd70f34
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2960
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1076 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_watcher.dll

PID
3148
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=932,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=13757712096839986545 --mojo-platform-channel-handle=956 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\73.0.3683.75\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libegl.dll

PID
3248
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=932,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --service-pipe-token=15465679882248905216 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15465679882248905216 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1824
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=932,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --service-pipe-token=15310828693030850774 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15310828693030850774 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3636
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=932,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --service-pipe-token=15681485701852209054 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15681485701852209054 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2948
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=932,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=16678170335080647316 --mojo-platform-channel-handle=3668 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
852
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=932,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=8454401471555301171 --mojo-platform-channel-handle=928 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
2316
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=932,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2520664199915095932 --mojo-platform-channel-handle=928 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3740
CMD
"C:\Users\admin\Downloads\setup.exe"
Path
C:\Users\admin\Downloads\setup.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Adguard Software Ltd
Description
AdGuard
Version
7.0.2693.6661
Modules
Image
c:\users\admin\downloads\setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\feclient.dll
c:\users\admin\appdata\local\temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\mbahost.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\users\admin\appdata\local\temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\bootstrappercore.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\users\admin\appdata\local\temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\adguard.burn.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runteb92aa12#\c56771a9cfb87e660d60453e232abe27\system.runtime.serialization.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\smdiagnostics\4a2a848ea1fea1a74d5aa2f1c21c5ce8\smdiagnostics.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.servd1dec626#\52e9ac689c75dd011f0f7e827551e985\system.servicemodel.internals.ni.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\416ba33cb980d07643e82c4c45bd5786\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\da36abbea6ef456f432434d4d8d835c1\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\6d09f865a22e2f903b74476769e1b76a\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\windowscodecs.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatiod51afaa5#\01bed42723486eb478a5b3e2557173db\presentationframework.classic.ni.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio49d6fefe#\33d15f16d20849f7c46d19b7bc7f4273\presentationframework-systemxml.ni.dll
c:\windows\system32\mscms.dll
c:\windows\system32\windowscodecsext.dll
c:\windows\system32\icm32.dll
c:\windows\system32\msctfui.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\uiautomationtypes\7e77d1835b49fa80598b5c47eaedccfc\uiautomationtypes.ni.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shdocvw.dll

PID
3500
CMD
"C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.be\setup.exe" -q -burn.elevated BurnPipe.{48A28706-26A9-4DC6-8269-23BDC3228367} {E27203B4-C957-4FE3-BC32-AFB47CD88260} 3740
Path
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.be\setup.exe
Indicators
Parent process
setup.exe
User
admin
Integrity Level
HIGH
Version:
Company
Adguard Software Ltd
Description
AdGuard
Version
7.0.2693.6661
Modules
Image
c:\users\admin\appdata\local\temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.be\setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\wups.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\feclient.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll

PID
2324
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
1964
CMD
C:\Windows\system32\MsiExec.exe -Embedding 2433812E05D918DFA55ECF9F29A3DCE9
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msibc3f.tmp
c:\windows\system32\cabinet.dll
c:\windows\system32\rundll32.exe
c:\windows\installer\msic9ec.tmp

PID
2916
CMD
rundll32.exe "C:\Windows\Installer\MSIBC3F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1293531 1 Adguard.CustomActions!Adguard.CustomActions.CustomActions.OnFirstInstall
Path
C:\Windows\system32\rundll32.exe
Indicators
Parent process
MsiExec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\installer\msibc3f.tmp
c:\windows\system32\msi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\installer\msibc3f.tmp-\microsoft.deployment.windowsinstaller.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\installer\msibc3f.tmp-\adguard.customactions.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\netfxperf.dll
c:\windows\microsoft.net\framework\v4.0.30319\perfcounter.dll
c:\windows\system32\pdh.dll
c:\windows\microsoft.net\framework\v4.0.30319\corperfmonext.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\aspnet_counters.dll
c:\windows\microsoft.net\framework\v4.0.30319\aspnet_perf.dll
c:\windows\system32\bitsperf.dll
c:\windows\system32\esentprf.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msdtcuiu.dll
c:\windows\system32\atl.dll
c:\windows\system32\msdtcprx.dll
c:\windows\system32\mtxclu.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\resutils.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\msscntrs.dll
c:\progra~1\micros~1\office14\olmapi32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\perfdisk.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\perfnet.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\perfos.dll
c:\windows\system32\perfproc.dll
c:\windows\system32\sysmain.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\rasctrs.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapiperf.dll
c:\windows\system32\perfctrs.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\perfts.dll
c:\windows\system32\winsta.dll
c:\windows\system32\utildll.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\usbperf.dll
c:\windows\system32\wbem\wmiaprpl.dll
c:\windows\system32\loadperf.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\tquery.dll

PID
2596
CMD
C:\Windows\system32\wbem\WmiApSrv.exe
Path
C:\Windows\system32\wbem\WmiApSrv.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
WMI Performance Reverse Adapter
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmiapsrv.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\loadperf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll

PID
3216
CMD
rundll32.exe "C:\Windows\Installer\MSIC9EC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1296890 13 Adguard.CustomActions!Adguard.CustomActions.CustomActions.PermanentActions
Path
C:\Windows\system32\rundll32.exe
Indicators
Parent process
MsiExec.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\installer\msic9ec.tmp
c:\windows\system32\msi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\installer\msic9ec.tmp-\microsoft.deployment.windowsinstaller.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\installer\msic9ec.tmp-\adguard.customactions.dll

Registry activity

Total events
1592
Read events
1460
Write events
131
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3440
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3440
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3440
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
3440
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
3440
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
3440
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13204802520834125
3440
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307060003000C0008002A001000840000000000
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307060003000C0008002A001000860000000000
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
5FCA68E9FA20D501
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
3440
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
2960
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3440-13204802519834125
259
852
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
852
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
852
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
852
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-4
Mail recipient
852
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient
3740
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASAPI32
EnableFileTracing
0
3740
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASAPI32
EnableConsoleTracing
0
3740
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASAPI32
FileTracingMask
4294901760
3740
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASAPI32
ConsoleTracingMask
4294901760
3740
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASAPI32
MaxFileSize
1048576
3740
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASAPI32
FileDirectory
%windir%\tracing
3740
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASMANCS
EnableFileTracing
0
3740
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASMANCS
EnableConsoleTracing
0
3740
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASMANCS
FileTracingMask
4294901760
3740
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASMANCS
ConsoleTracingMask
4294901760
3740
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASMANCS
MaxFileSize
1048576
3740
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASMANCS
FileDirectory
%windir%\tracing
3740
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
setup.exe
3740
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3740
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
BundleCachePath
C:\ProgramData\Package Cache\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\setup.exe
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
BundleUpgradeCode
{8CA581B3-9BF1-2942-8D86-3B7A5DCDF5FE}
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
BundleAddonCode
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
BundleDetectCode
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
BundlePatchCode
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
BundleVersion
7.0.2693.6661
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
BundleProviderKey
{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
BundleTag
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
EngineVersion
3.9.1208.0
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
DisplayIcon
C:\ProgramData\Package Cache\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\setup.exe,0
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
DisplayName
AdGuard
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
DisplayVersion
7.0.2693.6661
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
Publisher
Adguard Software Ltd
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
HelpLink
http://kb.adguard.com/
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
URLInfoAbout
http://www.adguard.com
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
ModifyPath
"C:\ProgramData\Package Cache\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\setup.exe" /modify
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
NoElevateOnModify
1
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
QuietUninstallString
"C:\ProgramData\Package Cache\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\setup.exe" /uninstall /quiet
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
UninstallString
"C:\ProgramData\Package Cache\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\setup.exe" /uninstall
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
EstimatedSize
165820
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
Version
7.0.2693.6661
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
DisplayName
AdGuard
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
Resume
1
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
"C:\ProgramData\Package Cache\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\setup.exe" /burn.runonce
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}
BundleResumeCommandLine
/burn.log.append "C:\Users\admin\AppData\Local\Temp\AdGuard_20190612094343.log"
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}
{685F6AB3-7C61-42D1-AE5B-3864E48D1035}
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}
Version
7.0.2693.6661
3500
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}
DisplayName
AdGuard
2324
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2324
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2324
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2324
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Owner
14090000671CE9F4FA20D501
2324
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
BD836E18C99E57888688B166E5E6E74EA2F09E14EABBFEC06B2D84287B133A23
2324
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Sequence
1
2916
rundll32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0\Linkage
Export
.NET Memory Cache 4.0
2916
rundll32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0\Linkage
Export
MSDTC Bridge 3.0.0.0
2916
rundll32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0\Linkage
Export
MSDTC Bridge 4.0.0.0
2916
rundll32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0\Linkage
Export
ServiceModelEndpoint 3.0.0.0
2916
rundll32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0\Linkage
Export
ServiceModelOperation 3.0.0.0
2916
rundll32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0\Linkage
Export
ServiceModelService 3.0.0.0
2916
rundll32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0\Linkage
Export
SMSvcHost 3.0.0.0
2916
rundll32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0\Linkage
Export
SMSvcHost 4.0.0.0
2916
rundll32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0\Linkage
Export
Windows Workflow Foundation 3.0.0.0
2916
rundll32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0\Linkage
Export
Windows Workflow Foundation 4.0.0.0

Files activity

Executable files
51
Suspicious files
13
Text files
81
Unknown types
1

Dropped files

PID
Process
Filename
Type
3440
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 779156.crdownload
executable
MD5: d872cf44e5a0a9fe8d1946b3439b5998
SHA256: 85e8acf8948908e7c7d9ec6d2f8e603db5b0f9315503b1264cc58368fdfc2783
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\sl\Adguard.Burn.resources.dll
executable
MD5: 6a0328ca4ee8f9226e2d035530abe296
SHA256: a61eee20a01676af14814413c9f3e9e1b49bc8beb3645a862048ba079d42f21f
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\es\Adguard.Burn.resources.dll
executable
MD5: a6b8a4c49c0887bd487826454870d1dd
SHA256: 50f4d39f10431bcc4a300cf5840bc4641b446b0903cbf7b46cfb8a80a9271210
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.be\setup.exe
executable
MD5: 42923578508a0654ba0ec7fefc997fa4
SHA256: 9c1dbd105a54d27d56da74d41940a4583b4b6463bd43358e094ea20871358307
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\Adguard.Burn.dll
executable
MD5: 84279ae301f759683fbaa3ba0dfbfa76
SHA256: a2c28ccf3340a7ba5f436124884099326592da0ed2231b67ecd9460d9372a6a3
3500
setup.exe
C:\ProgramData\Package Cache\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\setup.exe
executable
MD5: 42923578508a0654ba0ec7fefc997fa4
SHA256: 9c1dbd105a54d27d56da74d41940a4583b4b6463bd43358e094ea20871358307
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\pt\Adguard.Burn.resources.dll
executable
MD5: 5e5d99a3916bc32d61c0cb1aaeb4eb89
SHA256: de0b48bababfd680e1833253bb78bae7cbede3cdf5ff8f4b6bb8c7f8262b9a42
2324
msiexec.exe
C:\Windows\Installer\MSIBC3F.tmp
executable
MD5: e1ca6a48ed2f9beb218e535b7bf7e108
SHA256: 318b7dd19e1a7dcbd7739ac2644eab379361b01b04a2141d62fd2dc9ec69c860
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\de\Adguard.Burn.resources.dll
executable
MD5: 07e4e7e61cc2911ccad23f3b7f49bdcb
SHA256: 5c16cd8ae483e577d5ce6ee64b9022958fca51ad94a43fbe8bac53d87bde01b4
2916
rundll32.exe
C:\Windows\Installer\MSIBC3F.tmp-\Microsoft.Deployment.WindowsInstaller.dll
executable
MD5: 7d625fe73ab5f25390d5b663b0760bb8
SHA256: 20af4ea25c5bfb6cf5ae236d2f213402c6040ebca2e7ab5c0983267d34ca1673
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\id\Adguard.Burn.resources.dll
executable
MD5: 036bb7dca7aa4274cf0e07cc2e0a1792
SHA256: 308336ce0e140e4dddcb0d41cbc39f54a7fbea29e31bf99ce75593df4d9e0f98
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\ja\Adguard.Burn.resources.dll
executable
MD5: 469cccf33c1d62f4f202bd52b75a0cc1
SHA256: e7ababa985316cc2fd31ff005a05ffbbeea37b58262e700205439f057ecdfe2d
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\hu\Adguard.Burn.resources.dll
executable
MD5: ddd8c7b9234d9ae62c729b8fef12f29a
SHA256: bae4a6eeaf734c4008bb84f5f6b1cc4bab375f30f91abccb7d6a7488bf35c028
2916
rundll32.exe
C:\Windows\Installer\MSIBC3F.tmp-\Adguard.CustomActions.dll
executable
MD5: 37f650030b3b4cfdec807ac0243f000a
SHA256: ef1ac19194be09f1a7f621ec62e8831cee4e1c2aa081500d7939125c20005b3b
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\zh-TW\Adguard.Burn.resources.dll
executable
MD5: b6f44521e19d098069ad7e34a7e9ebef
SHA256: 973b4e7ff2c8b80093368d7fa0ede3497cdd0f46d49327b586dd0125dba17ab7
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\hr\Adguard.Burn.resources.dll
executable
MD5: fac8713c416baa888a4c8b30004df855
SHA256: 65df031edfb8230115b809f739183c5eabcff36662ba7a9bbee56760a90de545
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\nl\Adguard.Burn.resources.dll
executable
MD5: d48d0809b2bbbe549235aa7bff8602b6
SHA256: ff43088ae2df3bc9cb6ff179cb5e50792c7c901f8ee512280af0aaae3381d9be
2324
msiexec.exe
C:\Windows\Installer\MSIC9EC.tmp
executable
MD5: e1ca6a48ed2f9beb218e535b7bf7e108
SHA256: 318b7dd19e1a7dcbd7739ac2644eab379361b01b04a2141d62fd2dc9ec69c860
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\ko\Adguard.Burn.resources.dll
executable
MD5: ec674c02ea354dc47e4139a3aa6f699b
SHA256: fdf172ebed1b2000339e4f6790815b391274465b4b1a03195518132221985fd6
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\ru\Adguard.Burn.resources.dll
executable
MD5: 2969b10b9d2b29148880af1536adbd7f
SHA256: ab9ac7b0c283eb2210bcb08a9bea900564b1fd429c851d38e853e02764225e5d
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\zh\Adguard.Burn.resources.dll
executable
MD5: f2dff6d0538cc758d18491fe55f18908
SHA256: 747d95703d6bee02ff8be8e743c9a877e4285006aa5bd1612ed1074f83436c58
3216
rundll32.exe
C:\Windows\Installer\MSIC9EC.tmp-\Microsoft.Deployment.WindowsInstaller.dll
executable
MD5: 7d625fe73ab5f25390d5b663b0760bb8
SHA256: 20af4ea25c5bfb6cf5ae236d2f213402c6040ebca2e7ab5c0983267d34ca1673
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\ar\Adguard.Burn.resources.dll
executable
MD5: ed0dd8a7d64796d130a3ce99bc633912
SHA256: 954666223b6bf70ef154ff04eb82752f0cc6c662c1c944572f97bd6fc556fd09
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\mbahost.dll
executable
MD5: 60df3ef3258f45a95b2f7948ac3ec09d
SHA256: 04ad03cd647626217f8e60887bfa2ea09901c3f0aaac5c5fcfb83c3830fb21de
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\vi\Adguard.Burn.resources.dll
executable
MD5: 2668323e20a5b2f5168dcadcd9f41976
SHA256: adff73cb9f516946b524ba705e042a301647116f48ce2a086b76784d888a90ba
3216
rundll32.exe
C:\Windows\Installer\MSIC9EC.tmp-\Adguard.CustomActions.dll
executable
MD5: 37f650030b3b4cfdec807ac0243f000a
SHA256: ef1ac19194be09f1a7f621ec62e8831cee4e1c2aa081500d7939125c20005b3b
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\be\Adguard.Burn.resources.dll
executable
MD5: d23ff093d1b06646b0403123be85d0da
SHA256: c8e2782fb685263eb7dfe9dab7c9aac046cb67b5cfe957ab4d905dd5398ab354
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\mbapreq.dll
executable
MD5: f58418bf2e1112fa8752866bca4377fe
SHA256: 4056d7860bf900ff898cf8071f50f18f161ce1132912571aee5c165243353683
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\pl\Adguard.Burn.resources.dll
executable
MD5: 30a909c1f34e225c3cc4189fece120ac
SHA256: a3d3effbeae237a254012fe413f22fa4cc4458b539a60a00783b8f6cc974c8db
2324
msiexec.exe
C:\Windows\Installer\MSID622.tmp
executable
MD5: e1ca6a48ed2f9beb218e535b7bf7e108
SHA256: 318b7dd19e1a7dcbd7739ac2644eab379361b01b04a2141d62fd2dc9ec69c860
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\da\Adguard.Burn.resources.dll
executable
MD5: ed43e9186f153731fee542cdcd8d53b9
SHA256: 8285c66e7a673b6b0ea219b0fb95ef0a1619aa05326e74092bf54ddfebb9b175
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\BootstrapperCore.dll
executable
MD5: 1b8381576459579f95fe7e59b4ce880a
SHA256: d29529b4dd79b9a099ee4afce78a647d0c065c9bf20d302cc181af9eccecde44
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\uk\Adguard.Burn.resources.dll
executable
MD5: 6456d0bb47023146ca893757652e9470
SHA256: 47a46c676b1809ebe197f07c7dabd017af84e3e7f4f0808fe4e0b274f9fac7a5
2324
msiexec.exe
C:\Windows\Installer\MSID8D4.tmp
executable
MD5: e1ca6a48ed2f9beb218e535b7bf7e108
SHA256: 318b7dd19e1a7dcbd7739ac2644eab379361b01b04a2141d62fd2dc9ec69c860
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\fa\Adguard.Burn.resources.dll
executable
MD5: d4417be893272c0c732146dfed17b0d4
SHA256: 3d1d4fa71083a97751e07d155fa3dd51f57b7adb6e20d4f8adc9026f32f53d0b
2324
msiexec.exe
C:\Program Files\Adguard\Adguard.Core.Tools.exe
executable
MD5: 91286ccb5d26f881fe7fb1f3b2e4c78c
SHA256: 7fb013fc7d95674a35dcfa93ea70c3777ea6e367d81c34ed122672a6ee77a2e1
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\bg\Adguard.Burn.resources.dll
executable
MD5: 4d3054dbc2af1c81cc5bb95aefad0e06
SHA256: e50cffced47d6148d2bb77e93bbf6c6c64935863151d3c33900659501a70a4be
2324
msiexec.exe
C:\Program Files\Adguard\Adguard.Commons.dll
executable
MD5: 89a88a93aa979867e54328cca15c50c0
SHA256: d7fd049e03f3fd347ac69d0bd7a55fe03336e2be0565b4eeba69db2123d090db
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\cs\Adguard.Burn.resources.dll
executable
MD5: 906262f5de665bdba737f3604fe1a69d
SHA256: 646833996093e0c83c0c07de30337c94673a3f0fe182289e3e6d265958aaa9fd
3440
chrome.exe
C:\Users\admin\Downloads\setup.exe
executable
MD5: 78b490fe26517a642e586a30ee24ffa4
SHA256: 98753f017091312c895d53e549675c33b3ecf5bb1ff60e29a8eb424afe3065a5
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\fr\Adguard.Burn.resources.dll
executable
MD5: 898e006a8b7e84df56c7a519595b8472
SHA256: 9e9c2ae9942cd981c2d5d1fea6c507d7a57271cc1dbc9ec56e83b5ee0cc73932
2324
msiexec.exe
C:\Program Files\Adguard\Adguard.Core.Common.dll
executable
MD5: 61a1fd78fb18fd4c0fb8479b450618fd
SHA256: 7d190182c2aba4ff6e2121f4c7f58011e0e2264db91323c3c6ecb5e3f1b27b3b
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\it\Adguard.Burn.resources.dll
executable
MD5: c7393471adc8683250eb94cb4a2f7e05
SHA256: 87d14dbc64454096727bec49401d619eb94976bbbcd1fc2fa55018b0759542e8
3440
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 779156.crdownload
executable
MD5: 78b490fe26517a642e586a30ee24ffa4
SHA256: 98753f017091312c895d53e549675c33b3ecf5bb1ff60e29a8eb424afe3065a5
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\pt-PT\Adguard.Burn.resources.dll
executable
MD5: abf311de6017be518d1985016541aa14
SHA256: 118bf6f85dea9f325823690b591e39cdf944ed907ad434be29a830ccb214add1
2324
msiexec.exe
C:\Program Files\Adguard\Adguard.Core.dll
executable
MD5: 629f37f420b5c1eb448516dd0e72c659
SHA256: c851b76e25cbd06fd7ca2a6da104d7062535d5068f72dc02284893503432b0ee
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\hy\Adguard.Burn.resources.dll
executable
MD5: b0a576d92a669e3eaf36ae974198f814
SHA256: 5347a3ca732709049dd32a31b338e9c8c27b67630683fd27450fede3a732411a
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\he\Adguard.Burn.resources.dll
executable
MD5: 763b37bbeeb1fce398610decabfd0b31
SHA256: bab699a89c946632776e04d131fa32fb76ca19a5e57e1cf1d8b7d1996f3bd4d7
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\tr\Adguard.Burn.resources.dll
executable
MD5: 4939959f1e30e5585d80a14ee1d9dac2
SHA256: b43361ce83b89666ece816f2e2a3ef7f9c0a849a631ee8c9e75015c8412a5ff0
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\no\Adguard.Burn.resources.dll
executable
MD5: c2bc3eb8b7bfa446d435db59217957a7
SHA256: 6e2307469722439dd2e174730f43bfbfa515934d32fd767b28866e5200e38d24
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\sr\Adguard.Burn.resources.dll
executable
MD5: 0fb5a823a74baa6954f60f2f057bd81b
SHA256: 3de596c87749fb13b872e7564100b87186a9e18129aa67456489f617e3b3ff8e
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1028\mbapreq.wxl
xml
MD5: 62a014e7a1a170edfde6eb539588ca88
SHA256: 106555dd49231ffb9fab7e74043d3874448894782dc216c3fdd341abdd050146
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1029\mbapreq.wxl
xml
MD5: 919854d3a8415386d0da32df164bd5fc
SHA256: ae9f8e1a8856b18bacf51a7d9b949af6ae7bef4631479709b8aaac17dd0410b1
3216
rundll32.exe
C:\Windows\Installer\MSIC9EC.tmp-\CustomAction.config
xml
MD5: d044d23e8084c869cbdae714ba47b866
SHA256: f12f1b6613d92efcb62e63b99a0f5950c97fb3c0999201c736f86798f7a588fd
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1053\mbapreq.wxl
xml
MD5: ccd806e21aad31e3083e8e611d60f672
SHA256: a17d2de5cc82a44c8d69013cedffe05a20b24af1d5e46d30bf54fd5306d7c972
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\BootstrapperApplicationData.xml
xml
MD5: 86db35c38e2c8bd65e3909747716b172
SHA256: 7c424352fd8aed19e561d4838edbf559e2dd9a3e5ab850494ce7da864c70a28f
2324
msiexec.exe
C:\Windows\Installer\MSIDBF3.tmp
––
MD5:  ––
SHA256:  ––
2324
msiexec.exe
C:\Windows\Installer\MSIDB56.tmp
––
MD5:  ––
SHA256:  ––
2324
msiexec.exe
C:\Windows\Installer\13ba5c.ipi
binary
MD5: 23753dae8a8985621d4f29b4377cbe24
SHA256: afbbc1884cf7c26f721b85ee6534fa9eb98474f94149a781c20d16a1f3f3ffd2
2324
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF632DF2603FFF58A1.TMP
––
MD5:  ––
SHA256:  ––
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\BootstrapperCore.config
xml
MD5: fe42e78f2460c0ded74733b8bb674d73
SHA256: 31ad27412aeed9493d9f8c65d910ad544b27f0e3cc2878b33155c9e2690b5221
2916
rundll32.exe
C:\Windows\Installer\MSIBC3F.tmp-\CustomAction.config
xml
MD5: d044d23e8084c869cbdae714ba47b866
SHA256: f12f1b6613d92efcb62e63b99a0f5950c97fb3c0999201c736f86798f7a588fd
2324
msiexec.exe
C:\Windows\Installer\MSID826.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF13bc3f.TMP
text
MD5: 641c290ec40ff9d816b513af4515fb9d
SHA256: 6bf95932f05f5b2996574e29ac176052ee56579235f91f760356c8c829d31b07
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 641c290ec40ff9d816b513af4515fb9d
SHA256: 6bf95932f05f5b2996574e29ac176052ee56579235f91f760356c8c829d31b07
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9a6080f7-e5a7-4901-8790-0412e23fcf50.tmp
––
MD5:  ––
SHA256:  ––
2324
msiexec.exe
C:\Windows\Installer\13ba5a.msi
––
MD5:  ––
SHA256:  ––
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1049\mbapreq.wxl
xml
MD5: de00c27af7c2a65a128e52bb0c86d996
SHA256: d47a140dcd36d438d5c72b5ff1725dbfabe09bd4214f553ed52df9a4d2bd6c37
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\2052\mbapreq.wxl
xml
MD5: 1aa634ddfb2b46c72b9fa7f59ca2f533
SHA256: ff8b6c6ba9a5c1806b4540158c01a87a5cd1830359020141af4e174c55f20b81
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1055\mbapreq.wxl
xml
MD5: b0d8de284b2c7a37a72c2acc08a85a18
SHA256: 705ae382f2adbc7cf43ae22330d49ba0ab86bbf5e8a11ba466e37a851dee7661
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1036\mbapreq.wxl
xml
MD5: c3b54df5ec1503888abf1d4153c0a789
SHA256: c5f1d0966ef658437b9c47056c01b479a988339593c7416a4e5a35417d44e7ab
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1043\mbapreq.wxl
xml
MD5: d82150bee4cc7cebffa96cdf3762e320
SHA256: 41d9d9363935702730a09fa9fedf730cebc51db962e05fa4b05841840895c92c
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1060\mbapreq.wxl
xml
MD5: fb797985dbd06b555a8ab8e43a0dd8e9
SHA256: 8e069b1722a4fc499c545a6cc0827d83b017ef6adfc59b8d06da501eb0a3bffe
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1041\mbapreq.wxl
xml
MD5: 14a1279359281b86936e9bd3921829df
SHA256: 13635769db1f48f0e5226721268b0ff2ba3f8b391da13d877c9caae08d4c58c1
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1040\mbapreq.wxl
xml
MD5: f7aba1307da91170e6e130e4f4b7e78c
SHA256: ad4cf22947472ffd62f5e854bc3c0f6cf3439cc2c321c2bd3a1a2a6e167a53f6
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1051\mbapreq.wxl
xml
MD5: d4146ac0ae133acab276bf9f9b70915f
SHA256: f944fe7d8473ed6a0b0560a52204199a364b0542d25a2a5dcf85dda66763620a
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1042\mbapreq.wxl
xml
MD5: 4d530fbcd8a7cf63a60d2d2e79c7880e
SHA256: 00a5f823904e2d6849bb82f2170e798eb33898317fec7c39e2aac2452b900667
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\2070\mbapreq.wxl
xml
MD5: a71ae7998b25da159a1423e7b302c2df
SHA256: be8e22b102a9a21ae392d5e381eeab13910a2d70f8f0b1fcc3683629b336439c
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\3082\mbapreq.wxl
xml
MD5: 6fcbb73c04bebbe421824e18b9665609
SHA256: bdf44a835be92644bbcf1e7e3302ab7284ce5508fe614d4b7218b4608efca220
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1044\mbapreq.wxl
xml
MD5: de3ace5cd8e4ce57b6d3379ae9e66540
SHA256: ae7aa89299f00e43364d2627b46b78dc04f80279d8a0d905a8517c322115d21f
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1045\mbapreq.wxl
xml
MD5: d62430f31ca6b21562591a6cc6ec134f
SHA256: a64afbd95664554ccf6eae2b5a45161cd1b0da7cdfd0874df0bd547968e5bc89
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1046\mbapreq.wxl
xml
MD5: f96b3463b3d35f1f169238c737a62897
SHA256: ebc2bf04a4f378aea26e5cb9f4ad334f3713dc36a4a98056e8384c87a33cda4d
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1038\mbapreq.wxl
xml
MD5: f40a084c4b41d752a5c518d62abd12e2
SHA256: 43e00163c060a09c66ae65bdabd5a9943c55bbe8d11f8ddf95ba20008a605075
3500
setup.exe
C:\ProgramData\Package Cache\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}v7.0.2693.6661\setup.msi
––
MD5:  ––
SHA256:  ––
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1032\mbapreq.wxl
xml
MD5: 9c21e76357218d33613174538eea4120
SHA256: 166801eff4a826bf1b50cd24c0be4b51717cc2b00f793fbc8cd8ab4b9ad6730b
3500
setup.exe
C:\ProgramData\Package Cache\.unverified\Main
––
MD5:  ––
SHA256:  ––
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\Main
––
MD5:  ––
SHA256:  ––
3536
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: 9543068b6751e1f3e11f91d72ee78d95
SHA256: d060ad21ae6e04cb58668caa52adfca573e018102cc07554d2ed3eae11ab7785
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\mbapreq.thm
xml
MD5: 8d0fca899786568009d0c06bd02c9aab
SHA256: 2f5346eacc04092fec722d91f35f35d747404293bcacac67b9b3da015c1f8378
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1030\mbapreq.wxl
xml
MD5: aa3e13a2daa064e8da8cf2f4acc25900
SHA256: 90680e9500a2014137d92ea0988b92ec34648d6826f18c9646a318e26bd1a511
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1035\mbapreq.wxl
xml
MD5: d16da30005059d92e295c50d145aa066
SHA256: 3dbd6bc3779f577af30ee5005581f5c0b1c503f859502be076ce49a15f73de55
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\1031\mbapreq.wxl
xml
MD5: 8f20f95b91954ed6da50324f870dd5fb
SHA256: 19690c6f750082042121d3d3fd23caac94732566a411fa45287ae772a5724064
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\mbapreq.wxl
xml
MD5: af028088a02cbd4e1cd24639b2d3f513
SHA256: b60169d904ba73a897a1671784b846389dbb3e6f7feeaea8dca4adf39bb4faa8
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 07c4ce6dba23dae24352265cd1453177
SHA256: 8209d98afdb729ff5dfb2ca84757ad00b48cfad1f5069cc88c29fe3f543bc71e
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF1393a8.TMP
binary
MD5: 07c4ce6dba23dae24352265cd1453177
SHA256: 8209d98afdb729ff5dfb2ca84757ad00b48cfad1f5069cc88c29fe3f543bc71e
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\11e6fd88-e0fa-4bd2-a12d-28d578e5c640.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF135c7b.TMP
text
MD5: c3cc08fa0044161e2c07737c7bde1545
SHA256: 7b8804b3ab476887516b92df4fe097acedd7a1f78a486abbca95729fc464dc5f
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\a72aaa0c-3754-48e6-b092-dac98b82b675.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: c3cc08fa0044161e2c07737c7bde1545
SHA256: 7b8804b3ab476887516b92df4fe097acedd7a1f78a486abbca95729fc464dc5f
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1320aa.TMP
text
MD5: c3cc08fa0044161e2c07737c7bde1545
SHA256: 7b8804b3ab476887516b92df4fe097acedd7a1f78a486abbca95729fc464dc5f
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\0ab9dc44-56e7-4c79-9698-13d999bda36c.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF131fef.TMP
text
MD5: 911c5a82b93d5880c23def8bc3d87edb
SHA256: 7f81eb7748b806e978d0716a06147ca6f27f08f60d0ee04c88dd92293a404fb2
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 911c5a82b93d5880c23def8bc3d87edb
SHA256: 7f81eb7748b806e978d0716a06147ca6f27f08f60d0ee04c88dd92293a404fb2
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\39f60512-fde4-4f75-b83d-ac5481aa7b02.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000001.dbtmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: fe4a40aaac27bcf0a1de63c49263ae71
SHA256: f3aae246aada3ca041db127854ab56b216b34f8f4c3f9743b1d14595837f8331
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF12d1cf.TMP
text
MD5: fe4a40aaac27bcf0a1de63c49263ae71
SHA256: f3aae246aada3ca041db127854ab56b216b34f8f4c3f9743b1d14595837f8331
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ccf7d4ef-eed8-4f35-bef1-a8698d8bad38.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF12aabf.TMP
text
MD5: 5741930cf0a703097074d806c7a32a49
SHA256: 08cd460f555dc8ff19b3434c33de18bd22a0e64f06b75fdcfc1ec38b5633b67e
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 5741930cf0a703097074d806c7a32a49
SHA256: 08cd460f555dc8ff19b3434c33de18bd22a0e64f06b75fdcfc1ec38b5633b67e
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\c7485dcd-1685-4829-968c-ba1dc5e4f56e.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: b51f81bc8d82183fdaec26b9ac8fbb87
SHA256: 569d171a3ab744e76c29bdcf14710a9302e84eb1e44b7020d7170406a4854ead
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1273b1.TMP
text
MD5: b51f81bc8d82183fdaec26b9ac8fbb87
SHA256: 569d171a3ab744e76c29bdcf14710a9302e84eb1e44b7020d7170406a4854ead
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\439a5066-3026-4855-ad7e-b9e6ebb9eb0a.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: f5d833d0da93dd7ccd6f543718c1f4dc
SHA256: 23b6919ce1ba0e75cc28aeb7ae6e023420853252622fbbb13b4deaeba89719cc
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\edcde418-042e-4d3d-bd19-8167d58a0e1b.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\Downloads\setup.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2324
msiexec.exe
C:\Windows\Installer\MSID8C3.tmp
binary
MD5: 93a4dfbcb72569ed0e6c28c4f1bfb9c6
SHA256: 5d0c70203f2214f1998e465b7d57e9ac6c2d60724f60cf43d204e215102c02fc
3740
setup.exe
C:\Users\admin\AppData\Local\Temp\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\.ba1\mbapreq.png
image
MD5: a356956fd269567b8f4612a33802637b
SHA256: a401a225addaf89110b4b0f6e8cf94779e7c0640bcdd2d670ffcf05aab0dad03
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: cda3f19473ca4e6c1cc012e64ce77673
SHA256: 499caaa65971a44c1ad83826e92e59c27e51b37484faa2a42514222d9c647195
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF12389c.TMP
text
MD5: cda3f19473ca4e6c1cc012e64ce77673
SHA256: 499caaa65971a44c1ad83826e92e59c27e51b37484faa2a42514222d9c647195
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d73edef2-54cb-4ea2-98b4-b01451005822.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 095208e884f45da04bd1bb9f836b54cc
SHA256: 46a4b400135c98aa1dcb5be613c5f2a9354a9763e08c175e664a37b0d3ffe1f9
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF123522.TMP
text
MD5: 095208e884f45da04bd1bb9f836b54cc
SHA256: 46a4b400135c98aa1dcb5be613c5f2a9354a9763e08c175e664a37b0d3ffe1f9
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1cd25ac1-bf8f-4087-94ca-12e1af8677cc.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 6815874ae1fa291c76bd8ade10bf5a2a
SHA256: bcc68f7de1187238d466a9de66c77c983fb10bd720cba4190e27e46923aa00fd
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1234a5.TMP
text
MD5: 6815874ae1fa291c76bd8ade10bf5a2a
SHA256: bcc68f7de1187238d466a9de66c77c983fb10bd720cba4190e27e46923aa00fd
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\242ad8c6-ad86-43dd-b487-836dca138b56.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000001.dbtmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF1212f4.TMP
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF1212b5.TMP
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
2324
msiexec.exe
C:\Windows\Installer\MSIDC23.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
3440
chrome.exe
C:\Users\admin\Downloads\99d478a2-1182-4386-9e5f-bf93fc0fef2a.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT~RF1210c1.TMP
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF120eec.TMP
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF120e9e.TMP
text
MD5: c5a804a5780cfc948a8db73979de968b
SHA256: 2c6f183b3e9dfa1bdf791091ad09cdcb079307d23864dbc07c81f280aa7d9227
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: c5a804a5780cfc948a8db73979de968b
SHA256: 2c6f183b3e9dfa1bdf791091ad09cdcb079307d23864dbc07c81f280aa7d9227
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\18d5d222-7a1d-4cdd-84f2-c4c2b6e7baab.tmp
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: 70f27bb5ff84782e8065f81ee64e6008
SHA256: fd5dd0c6f1056c6ee6c2d29bd31653abb589e7d528957942e65b3972b7ecb4e9
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 768258eee3510091c97ade3bca3dc828
SHA256: 1f00cceba22a3fa7d0fffdebb99b95f0dfe19d2cda162abc09fc0d8a6e8ff21d
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF120e6f.TMP
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: 007e2c8f160468cc5a8b6c225f0ac40c
SHA256: 7f09cf7ac785c12f0062eb23854505c4ed396c6522eca7109b43ad5cc1a5f74b
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
––
MD5:  ––
SHA256:  ––
3440
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: f679598350690f14a2479935d826682b
SHA256: 4e7e1987eaf5ec751eb16b9f7cbae1c55873f1afe8e2b52416ed454f4efbf239
3500
setup.exe
C:\ProgramData\Package Cache\{f652eb2b-eecf-4a38-9c88-51c801fe2ecd}\state.rsm
smt
MD5: 4044438359d7e0567dad8d63263c8f2a
SHA256: 706340e006f561c46bed032e862291d179ecf55be7bc950704477693d563ad5d

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
2
TCP/UDP connections
13
DNS requests
19
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3440 chrome.exe GET 200 104.20.31.130:80 http://static.adguard.com/windows/setup.exe US
executable
suspicious
3740 setup.exe GET 200 104.20.30.130:80 http://static.adguard.com/installer.v1.0.json US
text
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3440 chrome.exe 216.58.210.3:443 Google Inc. US whitelisted
3440 chrome.exe 104.20.31.130:80 Cloudflare Inc US shared
3440 chrome.exe 172.217.22.77:443 Google Inc. US whitelisted
3440 chrome.exe 172.217.23.132:443 Google Inc. US whitelisted
3440 chrome.exe 216.58.207.35:443 Google Inc. US whitelisted
3440 chrome.exe 172.217.18.174:443 Google Inc. US whitelisted
3440 chrome.exe 104.20.30.130:80 Cloudflare Inc US shared
3440 chrome.exe 172.217.16.163:443 Google Inc. US whitelisted
–– –– 172.217.18.110:443 Google Inc. US whitelisted
3740 setup.exe 104.20.30.130:80 Cloudflare Inc US shared
–– –– 104.20.11.222:443 Cloudflare Inc US unknown

DNS requests

Domain IP Reputation
static.adguard.com 104.20.31.130
104.20.30.130
suspicious
clientservices.googleapis.com 216.58.210.3
whitelisted
accounts.google.com 172.217.22.77
shared
www.google.com 172.217.23.132
whitelisted
ssl.gstatic.com 216.58.207.35
whitelisted
sb-ssl.google.com 172.217.18.174
whitelisted
www.gstatic.com 172.217.16.163
whitelisted
clients1.google.com 172.217.18.110
whitelisted
api.adguard.com 176.103.133.92
unknown
userscripts.adtidy.org 104.20.11.222
104.20.10.222
unknown

Threats

PID Process Class Message
3440 chrome.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP

Debug output strings

No debug info.