General Info

File name

1.docx.exe

Full analysis
https://app.any.run/tasks/34f65605-00a0-4050-902d-091527e662c4
Verdict
Malicious activity
Analysis date
2/11/2019, 11:09:19
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

rat

njrat

bladabindi

trojan

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5

33b7beec3e6de49bcf50f79fdddf8953

SHA1

95b25c38391bba995ac8f6f0d95f5e7ae559ef48

SHA256

abfebbe0922f14ec72bc397de877627657a7cb74b49b2de0f0a9fccc729245e0

SSDEEP

12288:Q8kgSb5AeioMUSIJiwnJsFJSe46qnuz1hbC55+ftZ2AE:Q8kgS9MUtv+NFhbCLRAE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads the Task Scheduler COM API
  • RogueKiller_portable32.exe (PID: 3364)
Loads the Task Scheduler DLL interface
  • RogueKiller_portable32.exe (PID: 3364)
Application was dropped or rewritten from another process
  • RogueKiller_portable32.exe (PID: 2380)
  • RogueKiller_portable32.exe (PID: 3364)
Connects to CnC server
  • taskiu.exe (PID: 2132)
NJRAT was detected
  • taskiu.exe (PID: 2132)
Changes the autorun value in the registry
  • taskiu.exe (PID: 2132)
Removes files from Windows directory
  • RogueKiller_portable32.exe (PID: 3364)
Creates files in the Windows directory
  • RogueKiller_portable32.exe (PID: 3364)
Creates files in the driver directory
  • RogueKiller_portable32.exe (PID: 3364)
Executable content was dropped or overwritten
  • RogueKiller_portable32.exe (PID: 3364)
  • chrome.exe (PID: 3684)
  • 1.docx.exe (PID: 3156)
Creates or modifies windows services
  • RogueKiller_portable32.exe (PID: 3364)
Starts Internet Explorer
  • RogueKiller_portable32.exe (PID: 3364)
Connects to unusual port
  • taskiu.exe (PID: 2132)
Creates files in the program directory
  • RogueKiller_portable32.exe (PID: 3364)
Low-level read access rights to disk partition
  • RogueKiller_portable32.exe (PID: 3364)
Starts itself from another location
  • 1.docx.exe (PID: 3156)
Uses NETSH.EXE for network configuration
  • taskiu.exe (PID: 2132)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 3536)
Dropped object may contain Bitcoin addresses
  • iexplore.exe (PID: 3536)
Reads settings of System Certificates
  • RogueKiller_portable32.exe (PID: 3364)
  • chrome.exe (PID: 3684)
Changes internet zones settings
  • iexplore.exe (PID: 2824)
Creates files in the user directory
  • iexplore.exe (PID: 3536)
Reads internet explorer settings
  • iexplore.exe (PID: 3536)
Changes settings of System certificates
  • iexplore.exe (PID: 3536)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3536)
  • chrome.exe (PID: 3684)
Application launched itself
  • chrome.exe (PID: 3684)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Generic CIL Executable (.NET, Mono, etc.) (63.1%)
.exe
|   Win64 Executable (generic) (23.8%)
.dll
|   Win32 Dynamic Link Library (generic) (5.6%)
.exe
|   Win32 Executable (generic) (3.8%)
.exe
|   Generic Win/DOS Executable (1.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2019:02:10 20:07:41+01:00
PEType:
PE32
LinkerVersion:
8
CodeSize:
632320
InitializedDataSize:
69632
UninitializedDataSize:
null
EntryPoint:
0x9c4fe
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
1.0.0.0
ProductVersionNumber:
1.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
FileDescription:
pppp
FileVersion:
1.0.0.0
InternalName:
pppp.exe
LegalCopyright:
Copyright © 2019
OriginalFileName:
pppp.exe
ProductName:
pppp
ProductVersion:
1.0.0.0
AssemblyVersion:
1.0.0.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
10-Feb-2019 19:07:41
FileDescription:
pppp
FileVersion:
1.0.0.0
InternalName:
pppp.exe
LegalCopyright:
Copyright © 2019
OriginalFilename:
pppp.exe
ProductName:
pppp
ProductVersion:
1.0.0.0
Assembly Version:
1.0.0.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000080
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
3
Time date stamp:
10-Feb-2019 19:07:41
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00002000 0x0009A504 0x0009A600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.83035
.rsrc 0x0009E000 0x00010E00 0x00010E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.85204
.reloc 0x000B0000 0x0000000C 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 0.0815394
Resources
1

2

32512

Imports
    mscoree.dll

Exports

    No exports.

Screenshots

Processes

Total processes
54
Monitored processes
16
Malicious processes
4
Suspicious processes
0

Behavior graph

+
drop and start start drop and start drop and start 1.docx.exe #NJRAT taskiu.exe netsh.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs roguekiller_portable32.exe no specs roguekiller_portable32.exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3156
CMD
"C:\Users\admin\Desktop\1.docx.exe"
Path
C:\Users\admin\Desktop\1.docx.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
pppp
Version
1.0.0.0
Modules
Image
c:\users\admin\desktop\1.docx.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\shell32.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\taskiu.exe

PID
2132
CMD
"C:\Users\admin\AppData\Local\Temp\taskiu.exe"
Path
C:\Users\admin\AppData\Local\Temp\taskiu.exe
Indicators
Parent process
1.docx.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
pppp
Version
1.0.0.0
Modules
Image
c:\users\admin\appdata\local\temp\taskiu.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\4dfa27fdd6a4cce26f99585e1c744f9b\system.management.ni.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvfw32.dll

PID
3748
CMD
netsh firewall add allowedprogram "C:\Users\admin\AppData\Local\Temp\taskiu.exe" "taskiu.exe" ENABLE
Path
C:\Windows\system32\netsh.exe
Indicators
No indicators
Parent process
taskiu.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\napipsec.dll
c:\windows\system32\tsgqec.dll
c:\windows\system32\eapqec.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
3684
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\users\admin\downloads\roguekiller_portable32.exe
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
3004
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6cea00b0,0x6cea00c0,0x6cea00cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2984
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3700 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
2196
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=980,5155504341040494669,13447804381796605670,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=21F36403827F66576941728A7970F846 --mojo-platform-channel-handle=940 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2964
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,5155504341040494669,13447804381796605670,131072 --enable-features=PasswordImport --service-pipe-token=A3FBCD942BA321A13D1DBF71DFA05628 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=A3FBCD942BA321A13D1DBF71DFA05628 --renderer-client-id=5 --mojo-platform-channel-handle=1916 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3460
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,5155504341040494669,13447804381796605670,131072 --enable-features=PasswordImport --service-pipe-token=DB38ABC8DC80BF30BC25096124BD3B79 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=DB38ABC8DC80BF30BC25096124BD3B79 --renderer-client-id=3 --mojo-platform-channel-handle=2080 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3848
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,5155504341040494669,13447804381796605670,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=A2F59B67498BE7A4C09C9AA8F1030E91 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=A2F59B67498BE7A4C09C9AA8F1030E91 --renderer-client-id=6 --mojo-platform-channel-handle=3508 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
388
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=980,5155504341040494669,13447804381796605670,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=A50B5078F935C289C6EF3F8C7E14973C --mojo-platform-channel-handle=3864 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2172
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,5155504341040494669,13447804381796605670,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=88966A0689C9EB88271567D958840FF5 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=88966A0689C9EB88271567D958840FF5 --renderer-client-id=8 --mojo-platform-channel-handle=3956 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2380
CMD
"C:\Users\admin\Downloads\RogueKiller_portable32.exe"
Path
C:\Users\admin\Downloads\RogueKiller_portable32.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\roguekiller_portable32.exe
c:\systemroot\system32\ntdll.dll

PID
3364
CMD
"C:\Users\admin\Downloads\RogueKiller_portable32.exe"
Path
C:\Users\admin\Downloads\RogueKiller_portable32.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\roguekiller_portable32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\sspicli.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mstask.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\imageres.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\windanr.exe
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\taskiu.exe
c:\windows\system32\ncrypt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\netutils.dll

PID
2824
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "https://adlice.com/thanks-downloading-roguekiller/?utm_campaign=roguekiller&utm_source=soft&utm_medium=btn"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
RogueKiller_portable32.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll

PID
3536
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2824 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\t2embed.dll
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\windows\system32\secur32.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\xmllite.dll

Registry activity

Total events
1815
Read events
1529
Write events
280
Delete events
6

Modification events

PID
Process
Operation
Key
Name
Value
3156
1.docx.exe
write
HKEY_CURRENT_USER
di
!
3156
1.docx.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3156
1.docx.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2132
taskiu.exe
write
HKEY_CURRENT_USER
di
!
2132
taskiu.exe
write
HKEY_CURRENT_USER\Environment
SEE_MASK_NOZONECHECKS
1
2132
taskiu.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
70c9b0c0a1740eb91b291821bf9b5918
"C:\Users\admin\AppData\Local\Temp\taskiu.exe" ..
2132
taskiu.exe
write
HKEY_CURRENT_USER\Software\70c9b0c0a1740eb91b291821bf9b5918
[kl]
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-100
DHCP Quarantine Enforcement Client
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-101
Provides DHCP based enforcement for NAP
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-103
1.0
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-102
Microsoft Corporation
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-1
IPsec Relying Party
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-2
Provides IPsec based enforcement for Network Access Protection
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-4
1.0
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-3
Microsoft Corporation
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-100
RD Gateway Quarantine Enforcement Client
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-101
Provides RD Gateway enforcement for NAP
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-102
1.0
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-103
Microsoft Corporation
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-100
EAP Quarantine Enforcement Client
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-101
Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-102
1.0
3748
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-103
Microsoft Corporation
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3684
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3684
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3684
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
3684
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
3684
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
3684
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13194353390109250
3684
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307020001000B000A0009003B006C0000000000
3684
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
2984
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3684-13194353389171750
259
2984
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3684-13194353389171750
0
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
EnableFileTracing
0
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
EnableConsoleTracing
0
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
FileTracingMask
4294901760
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
ConsoleTracingMask
4294901760
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
MaxFileSize
1048576
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASAPI32
FileDirectory
%windir%\tracing
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
EnableFileTracing
0
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
EnableConsoleTracing
0
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
FileTracingMask
4294901760
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
ConsoleTracingMask
4294901760
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
MaxFileSize
1048576
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RogueKiller_portable32_RASMANCS
FileDirectory
%windir%\tracing
3364
RogueKiller_portable32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3364
RogueKiller_portable32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\RogueKiller_portable32.exe
DumpFolder
C:\ProgramData\RogueKiller\Debug
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\RogueKiller_portable32.exe
DumpCount
10
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\RogueKiller_portable32.exe
DumpType
2
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\RogueKiller_portable32.exe
CustomDumpFlags
0
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight
Type
1
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight
ImagePath
\??\C:\Windows\System32\drivers\truesight.sys
3364
RogueKiller_portable32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight
Start
3
3364
RogueKiller_portable32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3364
RogueKiller_portable32.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\RogueKiller_portable32.exe
3364
RogueKiller_portable32.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight\Enum
3364
RogueKiller_portable32.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{32A3E6D9-2DE5-11E9-AA93-5254004A04AF}
0
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307020001000B000A000A0004006102
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307020001000B000A000A0004006102
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2824
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
98B79BF6F1C1D401
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307020001000B000A000A000400E102
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
11
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307020001000B000A000A000400F202
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
30
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307020001000B000A000A0004003103
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
22
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006C000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3536
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3536
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Blob
0400000001000000100000009414777E3E5EFD8F30BD41B0CFE7D0300F0000000100000014000000BF4D2C390BBF0AA3A2B7EA2DC751011BF5FD422E090000000100000068000000306606082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030806082B06010505070309060A2B0601040182370A030406082B0601050507030606082B0601050507030706082B060105050802020B000000010000005C00000047006F006F0067006C00650020005400720075007300740020005300650072007600690063006500730020002D00200047006C006F00620061006C005300690067006E00200052006F006F0074002000430041002D005200320000005300000001000000230000003021301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0620000000100000020000000CA42DD41745FD0B81EB902362CF9D8BF719DA1BD1B1EFC946F5B4C99F42C1B9E1400000001000000140000009BE20757671C1EC06A06DE59B49A2DDFDC19862E1D000000010000001000000073621E116224668780B2D2BEE454E52E03000000010000001400000075E0ABB6138512271C04F85FDDDE38E4B7242EFE190000000100000010000000A8827A3CBD2D87D783B59B8062C87E9A2000000001000000BE030000308203BA308202A2A003020102020B0400000000010F8626E60D300D06092A864886F70D0101050500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3036313231353038303030305A170D3231313231353038303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100A6CF240EBE2E6F28994542C4AB3E21549B0BD37F8470FA12B3CBBF875FC67F86D3B2305CD6FDADF17BDCE5F86096099210F5D053DEFB7B7E7388AC52887B4AA6CA49A65EA8A78C5A11BC7A82EBBE8CE9B3AC962507974A992A072FB41E77BF8A0FB5027C1B96B8C5B93A2CBCD612B9EB597DE2D006865F5E496AB5395E8834ECBC780C0898846CA8CD4BB4A07D0C794DF0B82DCB21CAD56C5B7DE1A02984A1F9D39449CB24629120BCDD0BD5D9CCF9EA270A2B7391C69D1BACC8CBE8E0A0F42F908B4DFBB0361BF6197A85E06DF26113885C9FE0930A51978A5ACEAFABD5F7AA09AA60BDDCD95FDF72A960135E0001C94AFA3FA4EA070321028E82CA03C29B8F0203010001A3819C308199300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604149BE20757671C1EC06A06DE59B49A2DDFDC19862E30360603551D1F042F302D302BA029A0278625687474703A2F2F63726C2E676C6F62616C7369676E2E6E65742F726F6F742D72322E63726C301F0603551D230418301680149BE20757671C1EC06A06DE59B49A2DDFDC19862E300D06092A864886F70D01010505000382010100998153871C68978691ECE04AB8440BAB81AC274FD6C1B81C4378B30C9AFCEA2C3C6E611B4D4B29F59F051D26C1B8E983006245B6A90893B9A9334B189AC2F887884EDBDD71341AC154DA463FE0D32AAB6D5422F53A62CD206FBA2989D7DD91EED35CA23EA15B41F5DFE564432DE9D539ABD2A2DFB78BD0C080191C45C02D8CE8F82DA4745649C505B54F15DE6E44783987A87EBBF3791891BBF46F9DC1F08C358C5D01FBC36DB9EF446D7946317E0AFEA982C1FFEFAB6E20C450C95F9D4D9B178C0CE501C9A0416A7353FAA550B46E250FFB4C18F4FD52D98E69B1E8110FDE88D8FB1D49F7AADE95CF2078C26012DB25408C6AFC7E4238406412F79E81E1932E
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Internet Explorer\DOMStore
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CachePrefix
DOMStore
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CacheLimit
1000
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CacheOptions
8
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CacheRepair
0
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
24
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\adlice.com
24
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
49
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\adlice.com
49
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019021120190212
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CachePrefix
:2019021120190212:
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CacheLimit
8192
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CacheOptions
11
3536
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019021120190212
CacheRepair
0
3536
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
3536
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910

Files activity

Executable files
4
Suspicious files
81
Text files
141
Unknown types
23

Dropped files

PID
Process
Filename
Type
3156
1.docx.exe
C:\Users\admin\AppData\Local\Temp\taskiu.exe
executable
MD5: 33b7beec3e6de49bcf50f79fdddf8953
SHA256: abfebbe0922f14ec72bc397de877627657a7cb74b49b2de0f0a9fccc729245e0
3684
chrome.exe
C:\Users\admin\Downloads\RogueKiller_portable32.exe
executable
MD5: e6f8ceec9cf20655b20b7ea870563715
SHA256: 8a26f457270b2dcf690f4e55f8c9f803b47b6030a0d2ef9ace26f2c563ac6534
3684
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 97831.crdownload
executable
MD5: e6f8ceec9cf20655b20b7ea870563715
SHA256: 8a26f457270b2dcf690f4e55f8c9f803b47b6030a0d2ef9ace26f2c563ac6534
3364
RogueKiller_portable32.exe
C:\Windows\system32\drivers\truesight.sys
executable
MD5: 0c997b061e3c66bd9e927c1288eb1cc7
SHA256: 3807e9a1bc159b9e8fc0c7caad10d7213ff8ed8ad1cea9ea552b093c81bf624b
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\logs\AdliceReport_SCN_02112019_101040.json
text
MD5: 078fe64db01659582f8a9d6f1f808dae
SHA256: b81224a9538f7c84f922d9bcb37f32c2c9c84640083f446b846d6ee654315f30
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\vt.cache
text
MD5: b9a4d379c2de64218ecc923470830516
SHA256: f8501c922cc5f58cc928b76d5308fde571147767ea6fafeb74fb74dbab157df9
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\version
text
MD5: 9710b0613d4b98482c777d321bf53bba
SHA256: 574243d57b48886280954fda8cec25fbfdc70e1058f55027e7488a7c3a6b945d
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\windows
binary
MD5: 1deec0986ca2d19fd9e9e4d3421d572e
SHA256: 64bf7f6e161b41a58af910797151d1c35cdfc778a41793b2770a0b986cd8595a
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\wmi
binary
MD5: a9e3823beb293cee5af33e37b6d51941
SHA256: 57101c3b6e819ecba9e364a935f5edb5d6754cf9b24c1496140f8145f9c5b012
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\webconfig
binary
MD5: 8c4f4455ee581811488202c2d38f1553
SHA256: d761d9f1e0c56a36b086799a83f1f7b1f6eaeaf1cce4861467a40abaf7ade902
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\tasks
binary
MD5: 19d26d4ca2a594f3f5f13118fd46dd2a
SHA256: b9e35c042aa80503bb309c8b1d7fa3f2bbfbf9bec3522c272bf791010d6e5482
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\services
binary
MD5: 3afe53c2b99bf7791a1aab0965695c23
SHA256: f140b08b93788d80e6729cfca1d17eb91fe9b4670ee3bc54161fae4c3f188fb6
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\signatures
binary
MD5: de8aaf293606f1376cbfdf56ecba7a14
SHA256: bd010a5fe4e28ff68ee1f70190b1264aeca40a7e2041401126b1b17bd603ae3f
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\regnames
––
MD5:  ––
SHA256:  ––
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\pdb
binary
MD5: db71ffb3e2cc6c227aa29257ff3814b7
SHA256: 54f56f13f4ccd64091b906bb5ca5ab96acfafc976aad146f659b5cb729cbf190
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\mbr
binary
MD5: 7a11c1488ea96f09892fde6bef638dd4
SHA256: 8234a17d7734f0e80aa0fe8dacb840730a9f74ef977471a66e1c2f0f1ff88c21
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\ips
binary
MD5: 5b9d7453cf7db331141098aafea44a0d
SHA256: 3162ed18ebd3bf13b59b8d28db2ea5783e4a9f21340da166b0481e74b5737408
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\hosts
binary
MD5: 7c0571805eefe7569a1d3cc4a9f9b3f1
SHA256: 3aeca634c258643a37409da3d30a25e3aecc085a5311bf43a8b6ee5617812409
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\guid
––
MD5:  ––
SHA256:  ––
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\filenames
––
MD5:  ––
SHA256:  ––
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\domains
binary
MD5: 8ebb18899c89205009c15c2e35c8424e
SHA256: 756ba23f9bd6b0da5264802f1f7957d18f0951109e3c38ad37b988d1d5833d46
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\digisig
binary
MD5: 905f3648f3285f79f2e59d7a056e2e33
SHA256: 94f4575d4f9b9a51a4e32f2ef285abccf6d54d367efcedfcf65c28c4c28bde27
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\signatures\addons
––
MD5:  ––
SHA256:  ––
3364
RogueKiller_portable32.exe
C:\Users\admin\AppData\Local\Temp\as_A161.tmp.zip
compressed
MD5: 3fa09b0284bddb167c094d7b13a7fb09
SHA256: 330c9a089014086d18d43387e7821ceaf1d6aeec7a49dca3354b9e23dbc36afc
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 96384bd8a2a22482f323fef1a960fc77
SHA256: 74bf8b77285424f33426fc307aa51d6039f5c9b1c0aa0761f1682ccf153fb3ad
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: b0b74997627a406115559aae3f687de3
SHA256: a99a12fb98eb71a3fd4ac2fd0db56ccddffebbea41f8937fa8c66f7dae5f4466
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 65644ebd80393b03a6769e3188dcd4b8
SHA256: af0e233498ad537f8f9af73ae26a98e4b7a2f0330a2dd646f8249e15c88d6346
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 76c33693a9016bf3ca7946003b74f371
SHA256: 0e8e16a45344f4e8ad3de38743b3fe2aedb98cdac1c39daa3a3179d3ab01c692
3536
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
2824
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFCC91CC84F1353E88.TMP
––
MD5:  ––
SHA256:  ––
2824
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{32A3E6D9-2DE5-11E9-AA93-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3536
iexplore.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: 0814e1228cfb54f37d574a7ba4a9f4af
SHA256: bcde47f92c5ff5e63e451b18a921e132909c7c39ef53ed8522064008391299bf
2824
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFC3BAECA397383C8A.TMP
––
MD5:  ––
SHA256:  ––
2824
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{32A3E6DA-2DE5-11E9-AA93-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\f[2].txt
––
MD5:  ––
SHA256:  ––
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\f[1].txt
text
MD5: 82bb040bd5729e459f7cc5a09981cc86
SHA256: 0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019021120190212\index.dat
dat
MD5: 86867f52361375512c0199df1f7c4952
SHA256: 61b56479177f1c49692b757f1a7aac452909deb1c12c6feb3eb5d02b66db5ba9
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\lazyload-8.15.2.min[1].js
text
MD5: 0c5a79aef93b34a1c19392738175f45a
SHA256: 07d643bcbe55c7747fbe061b5e528c091e2554b852e793c5e6ada31baca1e00a
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\spinner[1].gif
image
MD5: b0a3dde331637e27aa6476d476481871
SHA256: 189d13d13190e962ee77c41a05836e977ef88368c24c70bf592b27f38094e530
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XF0XT12C\www.adlice[1].xml
text
MD5: fef9c2668109862187d89ef4871c62e1
SHA256: 78bcf9b5b0d809fc9b264203477e7e80dc948cac4e0851637c2727dbd8392032
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 59196e2e03d5f4302454dbf720ad38f2
SHA256: b6ed3295f30fde597e4610e4072933f41553a71e2bc3235c586ff4ebb193fb47
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\uk-cookie-consent-js-2.3.0[1].js
text
MD5: ca195aafa3574546ecac7815cabd014f
SHA256: daf2c82f6cc4f0d084fdfb79175e21a26e41e802bfc0120abdc57dc3a3943d3b
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\wp-embed.min[1].js
text
MD5: 5a03f97cc479b9f5d7efdaccec31bc17
SHA256: dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\frontend-1.4.1[1].js
html
MD5: df474432dbdf318057831c69d69489b0
SHA256: c168a9333ca40200ee23679a90f2426e709c9ef4e74e755a7a578a813e500c4e
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\jquery.knob.min-1.1[1].js
text
MD5: b76661adecad07ee3b4f8ee7beaa0c2e
SHA256: 369f70aea2854ba2f72914418b086115bcc5c4c0129a805cb48218d6ff0ef7b4
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\anchor.min-1.4.1[1].js
text
MD5: c3ed08c948054f56f15ca4bfbe661aef
SHA256: 2449220fc96995b2f0d49b7803c6c2604324c51534ec80e7c48154bb98dcca02
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\legacy.min-5.4.1[1].js
text
MD5: 72af679f189f59692798e8592865e774
SHA256: e85f8e834c70e789e772c4c32c6f898daae4e36841d33a49e12c03a8068f8394
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\main-2.2.12[1].js
text
MD5: 23350ac50c791d82579b146c311e587b
SHA256: 0f00fda7487189c4b8fa0533649e844924cc758bd9175a26df0fe110779c0e59
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\jquery.appear-1.1[1].js
text
MD5: 4fd810132323d5edf24b317d63a8bfc5
SHA256: 55b3db461fb25b74993a2130a46d73846d40b8a322693afb24d011be8e3ed204
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\public-2.6.7[1].js
text
MD5: 063671f73e8618f22e489ca828387440
SHA256: eea40bc2dda0de2d279ee4c74dc8641b131698a7dddf1c356723eef0932325d2
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\f[1].txt
text
MD5: ed02515196d5bc8f74e2cafed57ca857
SHA256: 20e915e695b8815b0c9a22d9a9946ae56e11ae7b81f0e1178ae69e6b5fde2de3
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\jquery.form.min-4.2.1[1].js
text
MD5: c0605fbc84c8376662f59020a313ea9b
SHA256: 6252807f44ccf97e6aeddd8722e25a98d670baa9172402068b8f086ee8bf683b
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\go_pricing_scripts-3.3.7[1].js
text
MD5: 24818537f500a91c9b440444dc80e3a0
SHA256: 6786fdb614b1734fb06ec5aba00b04e3195ca75a8310e75f5a52eebfa2fa94e9
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
dat
MD5: b91533b019779393c1d0116e4bd8ca02
SHA256: eaa245b95914fa2d94010c4166858ba9034ac2d0642eba1e10744978f9f19a18
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\analytics[1].js
text
MD5: 0ea40a4cb2873a89cbe597eaea860826
SHA256: 3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\main.min-5.4.1[1].js
text
MD5: a67d941cfeb5b86bbea4ad46b7134ca2
SHA256: 900883bb8063257a4c315d3b30dd543d486fa63f698bb3bd756cc8213b281bb0
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\mem8YaGs126MiZpBA-UFVZ0f[1].eot
eot
MD5: 9dce7f01715340861bdb57318e2f3fdc
SHA256: ee6885417a5772a42be3280cf34581001cafd5548d12b66b5466e53f05dabf96
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\fontawesome-webfont[2].eot
eot
MD5: 674f50d287a8c48dc19ba404d20fe713
SHA256: 7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979
2824
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{32A3E6DC-2DE5-11E9-AA93-5254004A04AF}.dat
binary
MD5: 8b797427eee15979e6a25daf81ebf8e1
SHA256: 8067bba9ddc81121d782766f72734d9b3b6674f3c61b590d6f86b22210834077
2824
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{32A3E6DB-2DE5-11E9-AA93-5254004A04AF}.dat
binary
MD5: 5d73ec630537a5f1370c3ab59bef90c2
SHA256: 06642823f31c8c7e02a1bcf1c6430a68ff2f0eda80f90d6809e367ec499a3de0
2824
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFCFF789F99D8FDB51.TMP
––
MD5:  ––
SHA256:  ––
2824
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF7A86416F16910F39.TMP
––
MD5:  ––
SHA256:  ––
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\shortcodes-090ce7bd75ee6d570a379f52c91a251e[1].css
text
MD5: ac9c2ef0cbb61bb1c93bf44d92fb48e8
SHA256: 49ad6365ad0e9fd9adecc1ea68092c0539e166a335c42c51bc36d30be2408654
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\scripts-5.0.5[1].js
text
MD5: e3c361e5392d747169256208c0ba6792
SHA256: cbaf8842ac98da501312af37ac62ad9343fca60a03f6303c0c90fb97644db039
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\fr[1].png
image
MD5: a6b419f8502fa8faca4c693b46989e2d
SHA256: 9c86c0c02ccb446b1a50d0282f4d9715e45670be443c4c3f666c263601e36274
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\icomoon-arrows-carousel-32x32[1].eot
eot
MD5: 7bbe8753ac49373605a738857d6757a5
SHA256: ff421ae53947231aa7ae13fb52c77a9edce47dd353ede7177ad40f22e3d0023b
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\zOL64pLDlL1D99S8g8PtiKchq-dmiQ[1].eot
eot
MD5: 6d0694241dafa23fa07d7cfcf64f3dd7
SHA256: 11da8f3b73600084534ab6f7ff2d6117db1d5542a173e69cbf308853452a5a17
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\en[1].png
image
MD5: 2878f64a0217a154e531853f6a822c65
SHA256: 3f47c75fa68e49b1cdca50c61e9cd6603b57c521e5e6809df59a4a15e291a4ef
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\logo[1].png
image
MD5: 8b4bd32f112e0e35147b622c1adc0fc2
SHA256: 8c718e689935bc339870cd69523d5dc45ac4752f6e0f5e17fb50ae5dd0fdba8d
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 68889c246da2739681c1065d15a1ab0b
SHA256: 830d75bbf0e1f9289d787422f767b23f9d63fd79dbe75c091a119b6b7155d198
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\JTUSjIg1_i6t8kCHKm459Wlhzw[1].eot
eot
MD5: 29c1d31f7d9bc4f5c1841eb14fbf5cd7
SHA256: 45ea589c36cd33266bc70b81bd0c42332fbbb6fa58939cd31282096624f7fda8
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\wedocs[1].eot
eot
MD5: 6a967822cc2b9d50cdfe52f3a05ab661
SHA256: cd8756b4d9fe42854d97823848c67613f65c477d63424ef0f4fa019d02491690
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\fontello[1].eot
eot
MD5: 56ba578ebf1f341259f2bb289cbe1987
SHA256: b4018487acc6b5ab5ddbbea891e5585cffb7e65020d4456d92fb710c54f35c69
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\glyphicons-halflings-regular[1].eot
binary
MD5: 7ba0e67bf80c702d7d9bf01ba16e36f0
SHA256: 39b09c552828dc03484d82e8107d83bb84ac2361140add0b6b19fb2ea0e7991a
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\dashicons[1].eot
eot
MD5: 30e410c715c6215fa7faa1c979b6480c
SHA256: a55660c37af5bbcc8c6c485c032e3d74d876946607e6c20148e3d3d5f37043b8
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\fontawesome-webfont[1].eot
eot
MD5: 45c73723862c6fc5eb3d6961db2d71fb
SHA256: d4f5a99224154f2a808e42a441ddc9248ffe78b7a4083684ce159270b30b912a
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\chosen.jquery.min[1].js
text
MD5: 4f0361640d5597fb84f0b07deabe3d56
SHA256: 7373ca9ed2c272959213699ab6c34d53f342a2d01d996ebc543743312911a6dc
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\bootstrap.min[1].js
text
MD5: 4422b5e224030e6b1ba4a00b83ec492c
SHA256: 4b9329f540f2a0a583e6b0dff71f0f68d819ca3920c752fdb4e6bb1f88659cab
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\front[1].js
text
MD5: 1cddbe27c1eb6adb9a8de168b1a1ad05
SHA256: e6e5f09ff117361f1ceb2cd30e668a373d6ee6384c5ee6e15f0ef96cd79d8ad4
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\above-the-fold.min-5.4.1[1].js
html
MD5: 26bcc63f374c43287868adb618b8fd7c
SHA256: ccd1e0d2d06c1358483fefd52cd9729ce3a30e4b669847a61175c847db0835f8
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\mailin-front-1535363816[1].js
text
MD5: 58916766ecfb1c63e85fd9b4cce2b1d9
SHA256: c9ab6a740ea718431c83ffc2bc6b84c8d57bbd9f047842678e326b7f37278b9f
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\script-1[1].js
text
MD5: c56b066243522dd64c1e1ea4ff3054f4
SHA256: 0309ea9863108df1b0e04b00cf187e3af711d3d4e952c8b38a40eb1e78a552ab
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\jquery.cookie[1].js
text
MD5: 42af20a21999a3377af0979cdce17cdf
SHA256: 463b99dfb3fa81d269f7508768da9f4ca229416b1b8e68177a30d0291868f945
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\style-6c45559eb5cb5b9d7dbd0e988df11a4e[1].css
text
MD5: 78b310e4e00815b61dbe2e959d8db576
SHA256: b78cc9c93a5b9203f298371aa2e5f8aa83d8085d9ac2c49d929c63fba93fb55e
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\jquery-1.12.4[1].js
text
MD5: 3b1a9f1f833ccc59775f92e801fd596e
SHA256: 8a4c252da9c4b03a65ca99a734ef82408df893c1b6a5d5a49c4f87f774bc4f75
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\css[1].txt
text
MD5: 31b8f0aa107cbde0d92b91fed8e82190
SHA256: cd4b6d4596f12172f2fc3d4d3210114d7d4630d5d0af9db04856603241a5103e
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\crayon.min-_2.7.2_beta[1].js
html
MD5: 3b6275d9477ca1f46273d475b3c4d276
SHA256: 193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\legacy-52bfdbb2b1-edba48470d4c4fd0cf740b6e657ad9de[1].css
text
MD5: 60008a7b163c1ac518edd09d96407085
SHA256: abfbf16188e07cc9bab119d61a43c06a85c84964705c9bb3822beaf9404c684c
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\custom-52bfdbb2b1-21cd0e873635e2c8961fd77d0f75948f[1].css
text
MD5: 49b7f66600039b772aac3894669b39cd
SHA256: 3a5f187e5d9694ae8492057aa3e6c407c4f0918a3c497a0c010242552c147f21
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\mailin-front-831548b431d0e97b1b5468fca3252dc4[1].css
text
MD5: bda2d3e9d0306e4b702eb7367d753459
SHA256: 3cc60ed64295b83795bcd615ffa7b286044ef8b3f4f08125ff05cbcad414415a
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\jquery-migrate.min-1.4.1[1].js
text
MD5: 01cd9590e1e043e5299db33fe8a45bee
SHA256: c4154129ebd028c6a491139f744aef258c77f427ce2155b03a0466fb84c4e165
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\main.min-5.4.1[1].css
text
MD5: 0ee4ee7a99af5c305b521bbf5f6ef81a
SHA256: 9707cc2d783792f7b7574ef12e06cad95b5696ae37b0f994559976af9d2dd22c
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\media-cbf00e6870-c2823d02efcddde47a53e7b0679adf1f[1].css
text
MD5: ed73b632b81336b62d2891f5b7099717
SHA256: 96d74155238f339a7512856d975902c85c9d2db35efc0d95623adadeb9f12a1e
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\wpml-52bfdbb2b1-29133ecbc70e246a3d677c6e9d3bda96[1].css
text
MD5: de75d1bd5aaec32132ece791144f3ee2
SHA256: 54a0053b36393e082945582ea4ff534f901eafd45bfdcbef77e007f8b34c5842
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\custom-old-ie-52bfdbb2b1[1].css
text
MD5: e3076b01b7aed36caaaa21db41d9c71b
SHA256: 6303424fdbb402388d0587d7c0ecd30fe44994248dd184035c9ffcc436e9aa78
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\style.min[1].css
text
MD5: eb1a96949e0ea0d08033d3f941bf1f3e
SHA256: 1698abe528bb1f8e76991814a09aacb0ec7247d421ed2e4ff8f00e3fb1275712
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\css[1].txt
text
MD5: 1424c0611ac37267c088c1ca76c9e2e4
SHA256: 81b37afe63c8c4e6fb46898d389e953a1678c9f82c43abb86550c373f697bba0
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\font-awesome.min-5.4.1[1].css
text
MD5: b67fc8328e6788e8ad241441f6114517
SHA256: 2a504db7a8b193506e1296e3d4c56037a153831572043496014f4fe31d5a8891
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\fontello.min-5.4.1[1].css
text
MD5: 0088127a8903e1ca6a4cf95805459f1d
SHA256: 2e4b551ee6ec2683d29c477306660a8d299175bac0673a80cc5b832ab47cf5f4
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\style.min-5.4.1[1].css
text
MD5: b6200f63ae7f0159f56997e5054dbb92
SHA256: ebc1287e4a201a8bc9ff42ce0a28e5cd3a32151e52b4551b1e10c2a2e5baddd5
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\old-ie.min[1].css
text
MD5: 68637b8b5d88ca41442aa80237b41733
SHA256: 9ef3dbd1c0a71ea1045f64322d4ccd07212dd80abfe867688892cc4e7bb4bbf7
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\TweenMax.min[1].js
text
MD5: d28a880a8b597f0b759359d5cae961b5
SHA256: f8fc2c2444bdf0e0595e41eb55d79a0f65504c3a90b2e80cb1155c4e954b8472
3536
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
dat
MD5: 27c174aaea99f2727205fa577a263da2
SHA256: 78bf8e387d2d8c5a8df2604f1e3c3199a3df466c709d26ac80dbc9888407d55d
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\style-9d6fbca47f1041f89b89b1ca452385fb[1].css
text
MD5: a936377b3d7bd18e7f7e29599ad68936
SHA256: c74f84f1fc77e6601fd8e6885ca2f3a586ea9ae72b9ec9415f07e624fd70d472
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\style-e7af389069420dccff5dd149f88a5fde[1].css
text
MD5: 5b743f1f12a511b184c52fcdc0e4bddd
SHA256: 187c0eb5c6c55f81bb753d2ef0f542cf3a219a687a1e869e246583062bd12598
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\frontend-d78f4521fad26117f711cb0a519419ab[1].css
text
MD5: 67acac2d8bb7c1116305b94c160acdb5
SHA256: f0049caac8c2b19c9674b7a778355f86f8dc9e7cd391aa8eb4159a9c00db8710
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\wp-review-eeb9cefaff310ba8b4d54fa8694e8cda[1].css
text
MD5: e157be086e5ffb1d8b0e4c3a36eb2bad
SHA256: 9809fed647e034ed43d98dcfb2e29873de9263a5204f3114ec84ee1c70e970b0
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\frontend-d287368d09216479d383157fca4ff201[1].css
text
MD5: 60419aaff3f8433f5cdc9095893afd0c
SHA256: ed70c2cf61d0f24d03299ffc5896c7abd86bb858501987dc10e3afec086c01df
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\dashicons.min[1].css
text
MD5: 1c364e777cd2b874ea6cf09100861c6c
SHA256: d0df2ff25fded9e43a0cfa5159393d4482725bfb390e8ca94f34da85b5304117
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\front-55f8ffeab18422761a3623d884a045d2[1].css
text
MD5: 331ee36c65941ba8c09751242e2e0518
SHA256: edfa000cba9bc2beff404ffb24b7075f3c2b581895eb0c43b9e6d0fe47932600
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\styles-2b4c8ce7f8f97ce7915ddb77dbbcf21e[1].css
text
MD5: 22af305f639cc35dc980740258295a09
SHA256: e88778b9414820bf2cb42abf4e1bb9d375b6112e21ccc5ca73874d4850c9390c
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\go_pricing_styles-44c78c004c3751788d855f376d1c6937[1].css
text
MD5: 7f4696dc63a65f8594fe541947d47de6
SHA256: 32812134f0ccda74891e7edc1a68339a90363b7224567a5a36d874f62471b486
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\bootstrap-44160ccd13cb75376c703293a4864db3[1].css
text
MD5: ffbba662d1032e8f3deeed071698d502
SHA256: c17d122e44fef60ddf693f63e36fde1401df97548655ff5d3019ab0498d1923c
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\chosen-ec10dccaeb9e7a76c8c35e4d45d74953[1].css
text
MD5: 6ba0a731bc35afc808d04719c1af1f72
SHA256: e5e578921225652f3bcf475b51f070c4ab8debde6e66aea7c5bc2f767f880094
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\font-awesome.min[1].css
text
MD5: 0831cba6a670e405168b84aa20798347
SHA256: 936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\crayon.min-_2.7.2_beta[1].css
text
MD5: cd3c5b5011a2d22ba2f4a6ea95fec06a
SHA256: 21179dec09544f8096211d2628c182bd03ebe55e1ba80998c7fef336474d40c9
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\thanks-downloading-roguekiller[1].txt
––
MD5:  ––
SHA256:  ––
3536
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\thanks-downloading-roguekiller[1].htm
html
MD5: 68a854cf09a8765d85f72c2da5d2ca0b
SHA256: fadff99e43cea1b7f67afaf352a8dbf83d19f8fd9bd24ceebfff82a63e43fb67
3536
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 848e7f448a11b15f6eb34f9d27cf54a5
SHA256: a479023f3205a32f0e81e34fcb22904b86ad9ffbd208af9365a85f9d2ad7316b
2824
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2824
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2824
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
binary
MD5: d524434b0bddf7f42409ba0f4f145566
SHA256: cbc5cba223d29d6dc71bef0fc2681a2e77a1133a86dde5d1a4cfe7242e083cd3
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: 7623aade4059ad6e32f7a73193812721
SHA256: 6ff44de31ddca70efb8f318272e5307c1e59c54dcef4c55eb2b590165e69da4f
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: 40781be372a244506384f454c5dd08ee
SHA256: 2bf39d90a442d25f0bbe553df351569b7c256ca2d5b4a90f757aa03aaa6dce92
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs
sqlite
MD5: 548862e6e11e2e5c3432857b13a28096
SHA256: 27ed20f58c2dfb9da37d99fd7bfab466fca370b8116b508bbdcb26a31cd7c595
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: b2b0078b9158def966ead3bc04322652
SHA256: ed6ae9757273a0da4d673c20cbcfbe9ee6225df836eb12b69eef2b311e4a1b44
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 96cdb5acba48a473af19edbac16a834e
SHA256: 6eba89e45d9f6796fdc46917c911164e4e2a1c5fce151c9debbc851ef06c001c
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF214b12.TMP
text
MD5: 96cdb5acba48a473af19edbac16a834e
SHA256: 6eba89e45d9f6796fdc46917c911164e4e2a1c5fce151c9debbc851ef06c001c
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 7348ab525f8fda0322aa039f0b7c10e0
SHA256: 5d804f3bb383e22ae9449e9ba068d59e35a8484ad47ba5fe1c275f45e4b06999
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF214b12.TMP
text
MD5: 7348ab525f8fda0322aa039f0b7c10e0
SHA256: 5d804f3bb383e22ae9449e9ba068d59e35a8484ad47ba5fe1c275f45e4b06999
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4b39dc7c-2204-449f-9ee8-bf337b5023c3.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: d932a31a0fb91833edb0325c6b434b34
SHA256: 8049465356163740d6e4c0bb56b9dcaa90149631646fa6bb56d01de223bd1f8e
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\14173f01-3eae-42bb-857a-d399299b81fa.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: f508d0da2f3256cffa062dcd0b9daac9
SHA256: de6f8ed6f44a3fccf94731ad61f4c677e385d9b51169c97e17db921fe30798b9
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: ed3d1c71e33729de7febf8fe5e6ec916
SHA256: 69c86a85adc870f4b414d529894f622580db21bbefb5e2c4da4ba14141c7b1fc
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\306544f2-5626-4acd-9ef3-f2b5b6056948\index-dir\the-real-index
binary
MD5: ddcb0e3e4f60d66d3b0db1c9659c934d
SHA256: a217e4381b5e6dff9f21e89703f673a047b440060d6161cb0102adf6ee7a2efb
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF214af3.TMP
binary
MD5: f508d0da2f3256cffa062dcd0b9daac9
SHA256: de6f8ed6f44a3fccf94731ad61f4c677e385d9b51169c97e17db921fe30798b9
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\306544f2-5626-4acd-9ef3-f2b5b6056948\index-dir\the-real-index~RF214af3.TMP
binary
MD5: ddcb0e3e4f60d66d3b0db1c9659c934d
SHA256: a217e4381b5e6dff9f21e89703f673a047b440060d6161cb0102adf6ee7a2efb
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
binary
MD5: ff3c0b67db3880b7661c43f491b095e1
SHA256: b4d4049f7b881a2cd14e7830b2e7f5d59b4758642dd6fcc07954af2f97c953a0
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
sqlite
MD5: 70cb81cecdef2dddb84f9f2b70398e5a
SHA256: 5f94b004d280ba78b9c6e715454574f3800c1c1dc14cecee2c5e8001bcb15f3d
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: a928e6fb267b9649163f512a7ec9fe43
SHA256: 0c5f7d64413351c5bde3b78bb60cf50b94f8eb204068b3e222c6c94369089891
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: 48d07573892dc9faf8da269f09930ac5
SHA256: a36a8af1f0a6ab5666eb1e11c1cc0688e3b431c5213811b35aeb63e92303bde5
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: 2ef5526e516fff91300192c6ac422a3a
SHA256: 31c05442a2dcf551858279e6e299a6c43b94a4ff06a896083becaa028c0e54e8
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
sqlite
MD5: 8ea04ab2b36d11a35ccb5316a7122980
SHA256: f8a4e893f2245a8163be04e696e85e3d705257a1349d6d5681103c30472d3aee
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF214ae3.TMP
text
MD5: a928e6fb267b9649163f512a7ec9fe43
SHA256: 0c5f7d64413351c5bde3b78bb60cf50b94f8eb204068b3e222c6c94369089891
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
binary
MD5: 40edcb9620076d8d89940c15f1f4adcc
SHA256: e3002563540a7499be305d4b0ebacafa97a45b729ef7ee367dd508658573a52f
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
text
MD5: 0cd0c0bc05245f228cbe34e0b6f4ab7a
SHA256: b7bdae76c431c5b15caaf3b8c272d6901da2416659b132e2e1c053f1f98f80db
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: 6c9b2c9b96cc11d8b226c728b5cbd010
SHA256: 24298cc83554d1393f66892d510296e5d62330df2780cd1f5a765a53c445888d
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\306544f2-5626-4acd-9ef3-f2b5b6056948\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF214ad3.TMP
text
MD5: 7348ab525f8fda0322aa039f0b7c10e0
SHA256: 5d804f3bb383e22ae9449e9ba068d59e35a8484ad47ba5fe1c275f45e4b06999
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\aaee5a67-2c6e-4d95-87f1-ce1745a471bd.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\7d360670-6f7d-4f6b-bdd6-efe46eca0932.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: 288ec1be83173a0be951033a44a1c9a6
SHA256: b1807380c932a8728966be5bfed4e4317e1684c59843b463af0fed3f51b4623f
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: f639015a5e28f73684737178e7198a1b
SHA256: cf0d18afea5f745ed76251e26c9e7a04e050f3610dd75fef839a4c9f2ae21da9
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: f255ba56686196bac7856a400237fca1
SHA256: c2c286272800553f7bc1cc2e6344bb24333bc07d0fbeb7436162eb47a5641658
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: 171500cd2be7cb69c7738fe91277abfe
SHA256: 0c0287d186e63c760038229ff48feb9d0cd5a1449a3c2ced1c126b4c80fccddc
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: 345064af28dc2fca5f0346906e90ee09
SHA256: 82bf186f41597ea1006912932cfd0c662742f2278ebf478a1f8bf0604d0c5f0a
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
text
MD5: c15f1d39fb6591f5951e7e03bfc67c95
SHA256: ed78bb85845f8a94fd542998241f1bc77bb51c32439a195f71d73b9c63ec51ad
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG
text
MD5: 7fd706e256774e0c7acd2cd6ea6b9bdf
SHA256: 963ea8c6e71e0b8d13dfd68f6a0079c4bf31640ceb15b87a976d1e98ae56558f
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: be322874acdfe07413528932d2545a4a
SHA256: 2466c2aa0ce1a7c9336a63a5a5f0d4e809a9abdc54a3d43ac966578d4b076497
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: 9127571e5b3cbd97c7dd82df14940972
SHA256: 9a702f73f2d2dbf14eb215f57d45db9ab4e60cd81b1fd4aae69ea7af54fcbb1c
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 54ad1e10b6b57bc9b9eed994e581dd5f
SHA256: 24d2a7516de320c3e91b1513cad94ce5ce2b964bbb8a3d1f66e8083b3205b19c
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: 4f14198a8c23dd5ecebc0c5ae6e0d5fd
SHA256: 9bfd2bc7f326ea16d5d1527694b9e97db1cb18b8e218ccccfcd4b89797f9c4bc
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: 5b50960edbde9a428a84b70b094ce2f7
SHA256: cf2a8764e1e63ab8b055fe9cbe7615ebc70493ceac9079458dc9526c602d7ca6
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF214805.TMP
binary
MD5: 888eb3468b66326c021ec68bfc281335
SHA256: 86b5c4738468875bde7f1ab0e53b16c7a8a93cd2de3e9d2ae6e09ff683bc2560
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 2b915f57bced9d02a3fc20bb00ddc11b
SHA256: 8ccf4eab2d5a0e6483a7ac848d3e59f74eb62bc86d5db064563bc4a8f0c33f35
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF214507.TMP
text
MD5: 2b915f57bced9d02a3fc20bb00ddc11b
SHA256: 8ccf4eab2d5a0e6483a7ac848d3e59f74eb62bc86d5db064563bc4a8f0c33f35
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ac7d63ed-e38d-4d12-b928-504fa13fc0f0.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 534ca93b7d40b74657fa5958dd22bbaa
SHA256: b227d4502dcbd7a87e1e5e4ede1fbe54f4664b2fd0761b699625641227d64381
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2144b9.TMP
text
MD5: 534ca93b7d40b74657fa5958dd22bbaa
SHA256: b227d4502dcbd7a87e1e5e4ede1fbe54f4664b2fd0761b699625641227d64381
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\800cf01b-269e-49c3-a8e3-07f89d6c28ef.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF21445b.TMP
text
MD5: 6bfe67c8f7e42f6ae4663b67c4cd05db
SHA256: aec0446f7c9a6e96571cf35316f7fb9b628004fd005577646683096b27938f0d
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 6bfe67c8f7e42f6ae4663b67c4cd05db
SHA256: aec0446f7c9a6e96571cf35316f7fb9b628004fd005577646683096b27938f0d
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\bd66977d-28c8-4035-94c7-e3700c00d3f3.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 0b5c14c8940f74b2e0db7dae4807d0d5
SHA256: a6643b64b7df6161c7425a764bb1b7649baa6ad02b31c8d2d16d84d50a03cc0e
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF214371.TMP
binary
MD5: 0b5c14c8940f74b2e0db7dae4807d0d5
SHA256: a6643b64b7df6161c7425a764bb1b7649baa6ad02b31c8d2d16d84d50a03cc0e
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ca590612-35af-41ec-8c95-fbbb8ce1966f.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF2140b2.TMP
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 4ace99c73ed7905923dd5e7cec53b383
SHA256: 681123bbc225d9d875c579975897da3e152e2e349cdbeddfec864f1c3b7018e7
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\170b130f-1e73-4d0c-ad15-1d3b653278f6.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\82ee34da-c644-4349-b416-ad9c560070bc.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\Downloads\RogueKiller_portable32.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\logs\AdliceReport_SCN_02112019_101040.json
text
MD5: fa83cadf3165666e69c54999d8e4af0e
SHA256: 3faaed0ec0b960b132b545f6c38314da7f8b659e57e7be44bc52e77627674da3
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\config.ini
binary
MD5: 92c0e023d92ab63978395a5f4bca1920
SHA256: a8935d5e105384bebe5627aa0d5beaa91cbe790e2f4fac76ed6a7376a8750efe
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log
binary
MD5: 991641dbcc63a7eacba784846f16492f
SHA256: d402a1e89776f26565012ebd063638b57e09e58efc77105415906eebafc0fdd0
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG
text
MD5: a5d16bb83647e7ba526237b3e9787cbb
SHA256: 4c58def4bf351566f7890d27243e259aa786906eb7455e2c71417e958c5925df
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF2136fd.TMP
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 97831.crdownload
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\Downloads\38315f6f-9b44-406f-ad0f-8adf94153632.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
binary
MD5: 37ebfc1b6f1c83c2ee5c41a7368f3fbd
SHA256: 89685f6ae49fc479cf3862e6b368412c4d3639549b244e9f4d033a43144f2d92
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF213642.TMP
binary
MD5: 37ebfc1b6f1c83c2ee5c41a7368f3fbd
SHA256: 89685f6ae49fc479cf3862e6b368412c4d3639549b244e9f4d033a43144f2d92
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\27cd463c-36f3-48ea-aa8e-57b29b68f6d9.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
compressed
MD5: b0101476753e727fada684adc06b707e
SHA256: 49b87e18ff293e8f1144ea35b648cd07d59b2543a9a24c92829431d0cc5e725b
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
compressed
MD5: fb9c621d20785ead5857be3a3dd54bcd
SHA256: 0f014768b28900899a4ef1f74ede1d6d149ba3821d37792663b68e7136083f62
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: 888eb3468b66326c021ec68bfc281335
SHA256: 86b5c4738468875bde7f1ab0e53b16c7a8a93cd2de3e9d2ae6e09ff683bc2560
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF21346d.TMP
binary
MD5: 888eb3468b66326c021ec68bfc281335
SHA256: 86b5c4738468875bde7f1ab0e53b16c7a8a93cd2de3e9d2ae6e09ff683bc2560
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\306544f2-5626-4acd-9ef3-f2b5b6056948\e64f4a26267430e4_1
binary
MD5: 451d28f45cd34d167c6c01c29a7201f2
SHA256: f55ec1cea3f8cacca22b1f1362f16aa139a688ed37d7701c45466755230c4ec2
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\306544f2-5626-4acd-9ef3-f2b5b6056948\e64f4a26267430e4_0
binary
MD5: ab50b92757dd87ae6cd777cef83b2112
SHA256: ef88caa00054c3273b62245808e27958dfdc8c3c08c1b87a1a8839e2f41c2c32
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\306544f2-5626-4acd-9ef3-f2b5b6056948\4db55b0a5eaa7ca5_0
binary
MD5: f49b61e68a79993fc03188477b0355bd
SHA256: 0c47d2773c672017086b5940e710a32bedc545a5ee839199a0cdd40e19c76fa9
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
binary
MD5: 8e216c9c08901eed7207944133c7987c
SHA256: c1e4dba32f7b1a972a7a61565191485668917c47b795c48a019b9349368c8f16
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
binary
MD5: a1c0ca2224cdc33bccca471b91cc0f36
SHA256: ca758038590ddda4c727c6c915db284d5b0eedbe86e052c1ce4bb86b6562a3fb
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\306544f2-5626-4acd-9ef3-f2b5b6056948\index-dir\the-real-index
binary
MD5: df41063882bc222e5e2f348daf359d11
SHA256: 89950a42aa19983680844b2c588cedabc00ab048fd2cb4a1ae1d22df5b3e6bd1
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: fd3d37c413a7675a572d8bbe2839f920
SHA256: 7d39e406f74716c3874ea314bfb4be06d85425fd3108a2e7b1fb09962a628779
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF213354.TMP
binary
MD5: fd3d37c413a7675a572d8bbe2839f920
SHA256: 7d39e406f74716c3874ea314bfb4be06d85425fd3108a2e7b1fb09962a628779
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0
binary
MD5: 72436fb6c1d8d26c4647a622428b1d5e
SHA256: 045cf85a33acb845a44b5a0e1204d1bdd737b8a44190c36ab9e058ed8af26b05
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1
binary
MD5: e315d016545d46405ecf97758461f9e9
SHA256: 2a2a51041e8d75d147a4bc41effa0658640d82ef20ed7a5e3529c9f8549867f0
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\306544f2-5626-4acd-9ef3-f2b5b6056948\index
text
MD5: 4f67aba5cb5b04976834ad6da18d2017
SHA256: 4476d281b3d119577eb8f19fd90e042e5a456cba30d0bb16d05654acc91aec5b
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 9409bab446b7204c6235dfddd6066e89
SHA256: 68c1cb50ec24ac5a1dbdc7d9c845e94a1e9d60f312cf92a694f0791cd7ea105e
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
compressed
MD5: 1b7227da00e4bd9da370113d89ca7f40
SHA256: 45e11133387ab0fefe4705aa0a641ac39723412b504a03192ac825487d95aa96
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF212644.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
compressed
MD5: 52084fa108193d5b2c71a12c410b5652
SHA256: ad2853845c2e83d33e4618d72f881f5fbdcd3a2dc605d3e217ebb0552624410d
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
image
MD5: 0515236318ac3251ff39eb8372a0c129
SHA256: 228cb9c602929e1a2fb17408fe812af3599ab9f734d0b7c499ab79e15c5b8dd4
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
binary
MD5: b1cc967f81b29076a104de6947b2cc02
SHA256: e5724cb7a048517acecf36967663e11237c65de26b29bd1f4c0fda0d8bddc84f
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\353ab5148181f0c4_0
binary
MD5: 7aea3ae0146354c4ca113538cf527405
SHA256: 42b547f8a047755ea1d2debb40721be50ca7852d2d6663aea19c86c01fe83f26
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\40bba07c05914591_0
binary
MD5: 3c5d6f9e8c48722b7fd8a6d16b3ea01f
SHA256: f48be7ca7a8c8de06b1cec068a1576eb7763aa0ffe19bcb7d1988d66b551be6f
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG.old
text
MD5: 65e3a899ee20811d157b572ffa34a607
SHA256: fdbc070214092df54b10dc06b2a40f0cc30ad00d410ba67de9f98a3d53f08a75
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF212337.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\e64f4a26267430e4_0
binary
MD5: a5269144d668e2845a38f5f70aaa4b56
SHA256: a765809e0413d598c0c70b4b048d0139f6e09825a119f514503c2c50c07cdde5
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: 1a2e809ef04228cd18e3e2158c073614
SHA256: 1dc3f335d9bbc0fbea412449a63d1b96e4e610468b61f04249c9193e1ab46d48
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\50da1ec5d44a313d_0
binary
MD5: c6bf0a64d6392166f505e16f8ff56a69
SHA256: 3ad734f4248254a74c9bcbb44fe1c2e5c562355cf8860646b10b0b2d71aca1f7
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\3a41e250d088c297_0
binary
MD5: 0377f9f44eab99749595c13214fcaf27
SHA256: 4ae057350443741f5d5409e5ce5e42ae5ea8764919e0c9fbb23c245af777dbd6
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF21228b.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF21223d.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF21221d.TMP
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
binary
MD5: 6f87667fe3aa2d8df1e97916a92ad5ad
SHA256: 303a6e2044fb0a2800ca05b0beef947c88ae9938084701a7dd0cb587295d9f5b
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: c5ad1d6cfdf08fba432a18006139aa8d
SHA256: 4dc783d162bd88f3f3d6aa6cd7552b0d72bef9e91dbfb4247120bd318c2cce83
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF212097.TMP
binary
MD5: c5ad1d6cfdf08fba432a18006139aa8d
SHA256: 4dc783d162bd88f3f3d6aa6cd7552b0d72bef9e91dbfb4247120bd318c2cce83
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a4a05c60-9b4c-44b6-9916-a64d8f9e1d25.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF211e84.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF211e55.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF211e45.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a288166e-bb67-4279-acbf-38acc8525e25.tmp
––
MD5:  ––
SHA256:  ––
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF211df7.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF211df7.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF211dd8.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF211dd8.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
3004
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
3684
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3364
RogueKiller_portable32.exe
C:\ProgramData\RogueKiller\logs\AdliceReport_DEL_02112019_101048.json
text
MD5: ff920cbad0a9002772c1ab52e3f9b450
SHA256: 5304a66ac3636f554df44b7f4cde0b39fa01e8205d0bf747fd51241610d1ae08

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
50
DNS requests
30
Threats
7

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2824 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3684 chrome.exe 216.58.207.67:443 Google Inc. US whitelisted
3684 chrome.exe 216.58.205.227:443 Google Inc. US whitelisted
3684 chrome.exe 172.217.16.170:443 Google Inc. US whitelisted
3684 chrome.exe 172.217.16.141:443 Google Inc. US unknown
3684 chrome.exe 216.58.207.35:443 Google Inc. US whitelisted
2132 taskiu.exe 91.109.184.3:1122 Lost Oasis SARL NL malicious
3684 chrome.exe 216.58.210.14:443 Google Inc. US whitelisted
3684 chrome.exe 172.217.16.164:443 Google Inc. US whitelisted
3684 chrome.exe 172.217.21.227:443 Google Inc. US whitelisted
3684 chrome.exe 216.58.208.42:443 Google Inc. US whitelisted
3684 chrome.exe 172.217.21.195:443 Google Inc. US whitelisted
3684 chrome.exe 172.217.22.78:443 Google Inc. US whitelisted
3684 chrome.exe 178.33.106.117:443 OVH SAS FR suspicious
3684 chrome.exe 216.58.208.46:443 Google Inc. US whitelisted
3364 RogueKiller_portable32.exe 178.33.106.117:443 OVH SAS FR suspicious
3536 iexplore.exe 104.27.164.26:443 Cloudflare Inc US shared
2824 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3536 iexplore.exe 104.27.165.26:443 Cloudflare Inc US shared
3536 iexplore.exe 216.58.208.42:443 Google Inc. US whitelisted
3536 iexplore.exe 104.19.196.151:443 Cloudflare Inc US shared
3536 iexplore.exe 172.217.21.195:443 Google Inc. US whitelisted
3536 iexplore.exe 172.217.23.174:443 Google Inc. US whitelisted
3536 iexplore.exe 172.217.22.2:443 Google Inc. US whitelisted
3536 iexplore.exe 216.58.206.2:443 Google Inc. US whitelisted
3364 RogueKiller_portable32.exe 74.125.34.46:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
clientservices.googleapis.com 216.58.207.67
whitelisted
www.gstatic.com 216.58.207.67
whitelisted
www.google.de 216.58.205.227
whitelisted
safebrowsing.googleapis.com 172.217.16.170
whitelisted
accounts.google.com 172.217.16.141
shared
ssl.gstatic.com 216.58.207.35
whitelisted
shero19.hopto.org 91.109.184.3
malicious
apis.google.com 216.58.210.14
whitelisted
www.google.com 172.217.16.164
whitelisted
www.google.co.uk 172.217.21.227
whitelisted
ogs.google.com 172.217.22.78
whitelisted
fonts.googleapis.com 216.58.208.42
whitelisted
fonts.gstatic.com 172.217.21.195
whitelisted
download.adlice.com 178.33.106.117
whitelisted
sb-ssl.google.com 216.58.208.46
whitelisted
adlice.com 104.27.164.26
104.27.165.26
suspicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.adlice.com 104.27.165.26
104.27.164.26
whitelisted
cdnjs.cloudflare.com 104.19.196.151
104.19.199.151
104.19.198.151
104.19.195.151
104.19.197.151
whitelisted
www.google-analytics.com 172.217.23.174
whitelisted
pagead2.googlesyndication.com 172.217.22.2
whitelisted
adservice.google.co.uk 172.217.22.2
whitelisted
adservice.google.com 216.58.206.2
whitelisted
adflux.adlice.com 178.33.106.117
malicious
sigs.adlice.com 178.33.106.117
malicious
www.virustotal.com 74.125.34.46
whitelisted
stats.adlice.com 178.33.106.117
whitelisted

Threats

PID Process Class Message
2132 taskiu.exe A Network Trojan was detected MALWARE [PTsecurity] njRAT.Gen RAT outbound connection
2132 taskiu.exe A Network Trojan was detected MALWARE [PTsecurity] njRAT.Gen RAT outbound connection
2132 taskiu.exe A Network Trojan was detected ET TROJAN Bladabindi/njRAT CnC Command (ll)

4 ETPRO signatures available at the full report

Debug output strings

Process Message
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile
RogueKiller_portable32.exe libpng warning: iCCP: known incorrect sRGB profile