General Info

File name

READ ME.txt

Full analysis
https://app.any.run/tasks/685a0f2a-0e42-4a69-ab8f-7ffe6c941586
Verdict
Malicious activity
Analysis date
6/12/2019, 07:26:50
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

rat

orcus

Indicators:

MIME:
text/plain
File info:
ASCII text, with CRLF line terminators
MD5

5991c706e73efeb8b6f07dbabebcfb74

SHA1

feb578d7d6b2f19d23a2c562d6c70d3169260780

SHA256

b25e01140c48d71709cf9ce685fa298393bda84c2545fb44c90b3663e6c0871a

SSDEEP

24:lZDsB9VovZqmhdvwj7OVkL3j065YcLQCzl:T0foRv6OgpJUKl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • Orcus.Server.Patched.exe (PID: 636)
  • Orcus.Administration.exe (PID: 3168)
  • SearchProtocolHost.exe (PID: 1924)
Application was dropped or rewritten from another process
  • Orcus.Server.Patched.exe (PID: 636)
Orcus was detected
  • Orcus.Administration.exe (PID: 3168)
Executable content was dropped or overwritten
  • Orcus.Server.Patched.exe (PID: 636)
  • WinRAR.exe (PID: 3148)
Modifies files in Chrome extension folder
  • chrome.exe (PID: 1136)
Reads Internet Cache Settings
  • Orcus.Administration.exe (PID: 3168)
Reads Environment values
  • Orcus.Administration.exe (PID: 3168)
Application launched itself
  • chrome.exe (PID: 1136)
Manual execution by user
  • chrome.exe (PID: 1136)
  • Orcus.Administration.exe (PID: 3168)
  • Orcus.Server.Patched.exe (PID: 636)
Reads settings of System Certificates
  • Orcus.Administration.exe (PID: 3168)
  • chrome.exe (PID: 1136)
Reads Internet Cache Settings
  • chrome.exe (PID: 1136)
Creates files in the user directory
  • chrome.exe (PID: 1136)
Dropped object may contain Bitcoin addresses
  • WinRAR.exe (PID: 3148)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

Screenshots

Processes

Total processes
70
Monitored processes
32
Malicious processes
3
Suspicious processes
0

Behavior graph

+
start notepad.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe #ORCUS orcus.administration.exe searchprotocolhost.exe no specs orcus.server.patched.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1924
CMD
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
Path
C:\Windows\System32\SearchProtocolHost.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Search Protocol Host
Version
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\tquery.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msshooks.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msidle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mssph.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\authz.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\version.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\de\orcus.staticcommands.resources.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\de\orcus.plugins.resources.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\x86\turbojpeg.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\xceed.wpf.toolkit.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\writeablebitmapex.wpf.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\vestris.resourcelib.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\turbojpegwrapper.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\system.windows.interactivity.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\starksoft.aspen.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\sparrow.chart.wpf.40.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\shelllibrary.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\sharpdx.dxgi.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\sharpdx.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\sharpdx.direct3d9.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\sharpdx.direct3d11.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\oxyplot.wpf.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\oxyplot.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\orcus.shared.utilities.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\orcus.administration.resources.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\orcus.administration.commands.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\opuswrapper.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\ookii.dialogs.wpf.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\mono.cecil.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\microsoft.threading.tasks.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\lidgren.network.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\icsharpcode.sharpziplib.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\icsharpcode.avalonedit.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\gongsolutions.wpf.dragdrop.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\exceptionless.wpf.signed.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\directoryinfoex.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\cscore.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\be.windows.forms.hexbox.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\aforge.video.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\aforge.video.directshow.dll
c:\windows\system32\notepad.exe
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\orcus.administration.exe
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded server\orcus.server.patched.exe
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded server\orcus.server.commandline.patched.exe
c:\windows\system32\netutils.dll

PID
3336
CMD
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\READ ME.txt
Path
C:\Windows\system32\NOTEPAD.EXE
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll

PID
1136
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\imagehlp.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\mf.dll
c:\windows\system32\shdocvw.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\syncui.dll
c:\program files\notepad++\nppshell_06.dll
c:\program files\windows sidebar\sbdrop.dll
c:\windows\system32\stobject.dll
c:\windows\system32\cryptext.dll
c:\windows\system32\colorui.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\winspool.drv
c:\windows\system32\iertutil.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\winshfhc.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\mpr.dll

PID
2096
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f5e0f18,0x6f5e0f28,0x6f5e0f34
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3584
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3948 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_watcher.dll

PID
2800
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=15920027177994419801 --mojo-platform-channel-handle=932 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\73.0.3683.75\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libegl.dll

PID
1904
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --service-pipe-token=3294789208902669516 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3294789208902669516 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1512
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --service-pipe-token=16713318273647596486 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16713318273647596486 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3868
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --service-pipe-token=14923747116235490702 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14923747116235490702 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2544
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5615481860600211993 --mojo-platform-channel-handle=3100 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2864
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=11266410188796666539 --mojo-platform-channel-handle=3824 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3784
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=1684341774666295715 --mojo-platform-channel-handle=3828 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3816
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=17302368921703721613 --mojo-platform-channel-handle=3904 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2896
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=4821398390995444233 --mojo-platform-channel-handle=3916 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3292
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=12471950397714314449 --mojo-platform-channel-handle=3876 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3140
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=13880697783576517737 --mojo-platform-channel-handle=3944 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2532
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5210206573948927017 --mojo-platform-channel-handle=4108 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3700
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=3364458063708410358 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3364458063708410358 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3924
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=9979175758953506514 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9979175758953506514 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3208
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=12635911168242030999 --mojo-platform-channel-handle=2004 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
968
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7505835237613684397 --mojo-platform-channel-handle=4260 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2456
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=18086554551977965850 --mojo-platform-channel-handle=4976 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
2652
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=11093711611032406564 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11093711611032406564 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1920
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=1961596161925210002 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1961596161925210002 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
4088
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=16115231517777722660 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16115231517777722660 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2360
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=666686906909689268 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=666686906909689268 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2632
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=6845404533423741844 --mojo-platform-channel-handle=2704 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
3544
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=14129911564719543537 --mojo-platform-channel-handle=2856 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3828
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10475201787745855185,11569598025373852412,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=15283196308684541387 --mojo-platform-channel-handle=5012 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3148
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\Orcus.rar"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
3168
CMD
"C:\Users\admin\Desktop\Orcus 1.9 Anti-Takedown Mod\Modded Client\Orcus.Administration.exe"
Path
C:\Users\admin\Desktop\Orcus 1.9 Anti-Takedown Mod\Modded Client\Orcus.Administration.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Orcus Technologies
Description
Orcus Administration
Version
1.9.1.0
Modules
Image
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\orcus.administration.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\nupdate.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\416ba33cb980d07643e82c4c45bd5786\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\da36abbea6ef456f432434d4d8d835c1\presentationframework.ni.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\exceptionless.signed.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\6d09f865a22e2f903b74476769e1b76a\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\oleaut32.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\mahapps.metro.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatiod51afaa5#\01bed42723486eb478a5b3e2557173db\presentationframework.classic.ni.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\mahapps.metro.iconpacks.material.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\orcus.administration.fileexplorer.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\xceed.wpf.toolkit.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\sorzus.wpf.toolkit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsform0b574481#\da612289faed8f139ce9c577e06762f1\windowsformsintegration.ni.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\orcus.administration.core.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\orcus.administration.viewmodels.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\orcus.administration.plugins.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\fluentcommandlineparser.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\orcus.plugins.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\orcus.shared.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\newtonsoft.json.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.numerics\cd7ca8846a122a7e690e11c4611bc902\system.numerics.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runteb92aa12#\c56771a9cfb87e660d60453e232abe27\system.runtime.serialization.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml.linq\0261f24b2fd53085823ea90b359d71ee\system.xml.linq.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.data\032f5fa875be86b577722ddeeee2e51c\system.data.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.data\v4.0_4.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shell32.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\nlog.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.io.cb3b124c8#\07c481f02d736172c2a8b9d3b7def650\system.io.compression.ni.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\windowscodecsext.dll
c:\windows\system32\icm32.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrcompression.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml6.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\system.windows.interactivity.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\4dfa27fdd6a4cce26f99585e1c744f9b\system.management.ni.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded client\libraries\orcus.staticcommands.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\rasadhlp.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio84a7b877#\e56357d7d3d0eeefff9b4bd199154203\presentationframework-systemdata.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio4b37ff64#\ec80a2cdcf0a749cf0fbcad633b29253\presentationframework-systemxmllinq.ni.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio49d6fefe#\33d15f16d20849f7c46d19b7bc7f4273\presentationframework-systemxml.ni.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msctfui.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\uiautomationtypes\7e77d1835b49fa80598b5c47eaedccfc\uiautomationtypes.ni.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.net.http\a625f78e6ba48a38f05c102a5fb9c103\system.net.http.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.net.22cc68a8#\8d2ad6d35810477975ebd0827e4e7c6e\system.net.http.webrequest.ni.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.servicemodel\f101d49ff42f71da4271bfa41dda9bd2\system.servicemodel.ni.dll

PID
636
CMD
"C:\Users\admin\Desktop\Orcus 1.9 Anti-Takedown Mod\Modded Server\Orcus.Server.Patched.exe"
Path
C:\Users\admin\Desktop\Orcus 1.9 Anti-Takedown Mod\Modded Server\Orcus.Server.Patched.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Orcus Technologies
Description
Orcus Server
Version
1.9.1
Modules
Image
c:\users\admin\desktop\orcus 1.9 anti-takedown mod\modded server\orcus.server.patched.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\users\admin\appdata\local\temp\costura\21e29ad7cd88fd3c37963ffa4c49aeb2\32\sqlite3.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.servicemodel\f101d49ff42f71da4271bfa41dda9bd2\system.servicemodel.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.data\032f5fa875be86b577722ddeeee2e51c\system.data.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.data\v4.0_4.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runteb92aa12#\c56771a9cfb87e660d60453e232abe27\system.runtime.serialization.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll

Registry activity

Total events
1825
Read events
1669
Write events
153
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
1924
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
1924
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\notepad.exe,-469
Text Document
3336
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosX
44
3336
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosY
44
3336
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosDX
960
3336
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosDY
501
1136
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
1136
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
1136
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
1136
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
1136
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
1136
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
1136
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13204790849586000
1136
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
1AE164D7636748206A2B7A305A584B66ED43755C730126B3922D70AAA71BF3A6
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
9BD36B9CF4E17F5DD2F70ABF36B15F96959D9049620212B0362E481EC3C439BE
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
DFCAC2063A645F0942310C30D9C81EE3573AF6F128CF04C9029D12727ACF617F
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
2B87730D4DFBB9202ABC68134503500DCC7A3D845F5579D66E019A749A4BAF6F
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
0B982DF3457D07764EEE9C1D889C5D7F5512D2A2B8E1B5507CF70DFCDB582890
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
BC248819C49FEFFAE76874A9131325580E84EF2A3F60209382F7D1BE5FAE79F6
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
00175B8120231631976CA8B862A3416996C9373BA3D289F0619DDA992973DDFA
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
0E265BFED6F1C7D5F0A9BD790C50BB30E78E959631D51EEBB8BB0DE73E65763C
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
EFA63CBF982B82CF44E63E567FF3BB95FE3F51570D9A0CED8846E77B13199169
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
7E4C87A3A3E397CB1412D1686D130A980F1C7951F2EB9D9683A0C113F9A8E314
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
161F88C6329950467D110C1BFBB6298D8BAE682A902D1DCBDF6B3BEBA514A675
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
25F53BF1C8B2136DB5232F13B5CF59CABF7885C621B8C323B7909C50EF5ACC34
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
5AED52ECC8A5C2C15242BCC7F36C50CF2CA5BB7E1CB6EE3705E962616AE12CD5
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307060003000C0005001C002000C80300000000
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307060003000C0005001C002000CE0300000000
1136
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
1136-13204790848336000
259
3584
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
1136-13204790848336000
0
2632
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2632
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
2632
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
2632
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-4
Mail recipient
2632
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3148
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\Downloads\Orcus.rar
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface
ShowPassword
0
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\Downloads
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C800000000000000000000000000740108000000000039000000B40200000000000001000000
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C8000000000000000000000000007201080000000000160000002A0000000000000002000000
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C800000000000000000000000000840102000000000016000000640000000000000003000000
3148
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Comment
LeftBorder
476
3168
Orcus.Administration.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Orcus_RASAPI32
EnableFileTracing
0
3168
Orcus.Administration.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Orcus_RASAPI32
EnableConsoleTracing
0
3168
Orcus.Administration.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Orcus_RASAPI32
FileTracingMask
4294901760
3168
Orcus.Administration.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Orcus_RASAPI32
ConsoleTracingMask
4294901760
3168
Orcus.Administration.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Orcus_RASAPI32
MaxFileSize
1048576
3168
Orcus.Administration.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Orcus_RASAPI32
FileDirectory
%windir%\tracing
3168
Orcus.Administration.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Orcus_RASMANCS
EnableFileTracing
0
3168
Orcus.Administration.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Orcus_RASMANCS
EnableConsoleTracing
0
3168
Orcus.Administration.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Orcus_RASMANCS
FileTracingMask
4294901760
3168
Orcus.Administration.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Orcus_RASMANCS
ConsoleTracingMask
4294901760
3168
Orcus.Administration.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Orcus_RASMANCS
MaxFileSize
1048576
3168
Orcus.Administration.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Orcus_RASMANCS
FileDirectory
%windir%\tracing
3168
Orcus.Administration.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3168
Orcus.Administration.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3168
Orcus.Administration.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
Orcus.Administration.exe
3168
Orcus.Administration.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
636
Orcus.Server.Patched.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
636
Orcus.Server.Patched.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
37
Suspicious files
108
Text files
229
Unknown types
38

Dropped files

PID
Process
Filename
Type
636
Orcus.Server.Patched.exe
C:\Users\admin\AppData\Local\Temp\Costura\21E29AD7CD88FD3C37963FFA4C49AEB2\32\sqlite3.dll
executable
MD5: d8aec01ff14e3e7ad43a4b71e30482e4
SHA256: da1d608be064555ab3d3d35e6db64527b8c44f3fa5ddd7c3ec723f80fc99736e
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\FluentCommandLineParser.dll
executable
MD5: 9b5e37f89268ccce0e098222004093ad
SHA256: fe068b6f15a5423f86558927dd22ec35070c041db9cde1ecade0590d93ca5285
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.Plugins.dll
executable
MD5: c0a1d945b4edd07bfd16c7fa8c702425
SHA256: 8ffe6de509f29c52b2a62fae165dc91d015073eec33f2c8a90f36d08e0b8581f
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Exceptionless.Signed.dll
executable
MD5: 1b0128f8b2bf3aafec28817c2031dc70
SHA256: 98672dfd5c31b77afebc9853539a828836ec72e7d9b0d5f5f5267ad2ebda16ba
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.FileExplorer.dll
executable
MD5: 64d39f6ae623e811adfc568e2c4339f2
SHA256: 073962b2c49be6fd7c844db723e6b8bf3ad950955acc0cd2b8f28a004597cf67
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Exceptionless.Wpf.Signed.dll
executable
MD5: ef36a316751603cdcb9c3f5da42b3b60
SHA256: 78fdd30a20ee50f88602059f0940acc92d9bfc09bc5ebebe99372d2a5af7342a
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Plugins.dll
executable
MD5: b1514fb82d332691bec05d5eb215621c
SHA256: 7aadc3b3cdf8ad6e8e6032ba2701d67703a8b530032d985215b146249c7ec9f0
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\DirectoryInfoEx.dll
executable
MD5: 314955d214bb02847e7f8607a16ec550
SHA256: 82fd40348eb630313d5032910d021ebd982fdde086fbe73ba8947a6d2cb40357
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.ViewModels.dll
executable
MD5: 2bc1236c108c3c8ec1eea5b7d98918d5
SHA256: ea223476d216cb4069e0a09198630d41af6e71427ae1f219c1216e3e3decc3f8
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\AForge.Video.DirectShow.dll
executable
MD5: 17ed442e8485ac3f7dc5b3c089654a61
SHA256: 666d44798d94eafa1ed21af79e9bc0293ffd96f863ab5d87f78bcee9ef9ffd6b
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\GongSolutions.Wpf.DragDrop.dll
executable
MD5: 21e4c0b33f44d13cdf91b4faf828c044
SHA256: 508e1187d1a42cf9d7a2d7eab9012fc1fd75a24b6d94d9fa636d81dc38c4fcbb
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Shared.Utilities.dll
executable
MD5: b35c2b279b4fb6e97937f09b98a529fe
SHA256: 393583b6dbb47e8de1c559b689aaf74308ca63a7cf0aa9fa56ebb4eaf6eafc2c
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.Core.dll
executable
MD5: ad3c240eb1f76b5857330238e079b818
SHA256: 949c1a060e7995c08c6321911492cb8173611adf283103768b0eb3f786c9594f
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\CSCore.dll
executable
MD5: dde3ec6e17bc518b10c99efbd09ab72e
SHA256: 60a5077b443273238e6629ce5fc3ff7ee3592ea2e377b8fc28bfe6e76bda64b8
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\ICSharpCode.AvalonEdit.dll
executable
MD5: d7467d0156f22feb4b22cc5f74d7bd60
SHA256: 2bf6079c143f177d954731db2ffde515bee8fbd6261e0d338ba8e7c8df1ab658
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Shared.dll
executable
MD5: ff50d43370efe0bbb001155843dbcb32
SHA256: 496782100ff55259457a6bcd20b25b8a2b925e9830d9cc05be40114a30c1a1b1
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.Commands.dll
executable
MD5: 9ab6c9b6dd87628285c892f2c5c0190e
SHA256: f47afc523d077fd7bcfa325c0b74ee3e4623d74179959c8186c27ca2c8ebd60a
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Be.Windows.Forms.HexBox.dll
executable
MD5: e00907b3d9270d4cca87c25ff30bcd02
SHA256: 5448e587498c560ef1d8e182344bc340a57cfd3b05c4507c48da11e139035818
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Lidgren.Network.dll
executable
MD5: a6fdc03e2cbdfa9d393512606097a1ff
SHA256: bf9948c27bd2947a42ea51ccc63b93f2b9030bd117393e1d7637a5770b9b0776
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.StaticCommands.dll
executable
MD5: e6f165cb62b40d4cd53ccafedd0f253c
SHA256: c007c2a4aadc728be29aae5000e2389d0bdc40615d394d32a3dcf97c4e1a738a
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\ICSharpCode.SharpZipLib.dll
executable
MD5: c8164876b6f66616d68387443621510c
SHA256: 40b3d590f95191f3e33e5d00e534fa40f823d9b1bb2a9afe05f139c4e0a3af8d
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\AForge.Video.dll
executable
MD5: 0bd34aa29c7ea4181900797395a6da78
SHA256: bafa6ed04ca2782270074127a0498dde022c2a9f4096c6bb2b8e3c08bb3d404d
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\MahApps.Metro.dll
executable
MD5: 63a79e31b7bc52bb9aec3a747cbb63fe
SHA256: fb5fae42fcc19f3fe3ed2d9b1fdf0594a4c442148b58ac4d2a9dafdda847e673
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\OxyPlot.dll
executable
MD5: 705da03570bd14a66f4f60ec054f28e6
SHA256: 2d312cde67d4ecf600298148742df302df2f7d4d179a65a9311f2967ffdc262e
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\MahApps.Metro.IconPacks.Material.dll
executable
MD5: d8e627aadfb6dfed292be0672faa9f15
SHA256: 97f4ca8c89ee13b8c249ca6f929d067ba3e87be07b4afa372fdc0a7e9e6e78e1
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Server\Orcus.Server.Patched.exe
executable
MD5: 0f6f91ea2cc96cf248a9bdc8edfc4c9a
SHA256: 0fb5d4dcc4dbf4d1dd045680e26edb76224c868556c99c5e25d103c5cf72d3b4
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Microsoft.Threading.Tasks.dll
executable
MD5: d01819bfe03222dfa9e35a36555b6b6c
SHA256: 5f29e16edff5379e93d5be9bee4cddf98132b84326027688511ac0f3157aaf94
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\OxyPlot.Wpf.dll
executable
MD5: 542f3f95bfcc7cdd6eeb79f03d104428
SHA256: 6188d0b17fdee865f0896b2742b1d519435c8c04e5da903d969b69aeb66855ea
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\OpusWrapper.dll
executable
MD5: bf0ef47bea0139b87d42a449a0240101
SHA256: 07ec44bca9b44de3b22f9d212db3ecc5191201e27e4310d7bb2b199deffbab5a
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Server\Orcus.Server.CommandLine.Patched.exe
executable
MD5: 7c1aa207581ca4b7cdd0343930bbb619
SHA256: ae53f530a683f4135254b7de109da5a21eaaaae3fae0dcef5e33c8bb712a6ef3
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Mono.Cecil.dll
executable
MD5: cc0bc97cb18ac4e7c6f4decf0218a127
SHA256: ea592e7ba43cb057966778b0027c0d6e7ce9672741b5d3c8c927d48918366183
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\SharpDX.Direct3D11.dll
executable
MD5: 98eb5ba5871acdeaebf3a3b0f64be449
SHA256: d7617d926648849cbfef450b8f48e458ee52e2793fb2251a30094b778aa8848c
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\NLog.dll
executable
MD5: a10a1a2ae1c77e9c7b3fbf7df9179998
SHA256: 6e7016fd4ccf28a1549958dfe226e48b236c28c9b240c983e38bac0eb6b08989
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Newtonsoft.Json.dll
executable
MD5: c53737821b861d454d5248034c3c097c
SHA256: 575e30f98e4ea42c9e516edc8bbb29ad8b50b173a3e6b36b5ba39e133cce9406
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Ookii.Dialogs.Wpf.dll
executable
MD5: 5926472580c7a7b45cd611dc0fb06244
SHA256: 04b8cb55ff481a4f4f9a60bc3c5e06ed78c12a8677c211621edcf9d8467bd823
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\nUpdate.dll
executable
MD5: 253ba7f0427e3f8e032b97496a019a24
SHA256: 814eb85113211fa90efe952f35d06e537f01bf38febca48e2c0cef02ebdb1877
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.Resources.dll
executable
MD5: 4c1637c66736593fc3df725e8808dcc2
SHA256: 15b9fbbd653192da82fdd6b3dabdd2dc04a5a88c7fac7fe51aff98e1b544bdfc
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9cfa0dda3968329980b7e40c251f29bfef877f68\index.txt.tmp
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\ShellLibrary.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\SharpDX.DXGI.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\SharpDX.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\SharpDX.Direct3D9.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\OxyPlot.xml
xml
MD5: 25e6ac82fcd698331828f8e4dcfec96c
SHA256: 16522639d7c8816de0c33ea3cd6c1bdd145bbc5b6aff1e0bd150cac3f6d08559
636
Orcus.Server.Patched.exe
C:\Users\admin\Desktop\Orcus 1.9 Anti-Takedown Mod\Modded Server\NLog.config
xml
MD5: 073d7a3051dacab30b6eb6468756af8a
SHA256: 89ef6ade268f50f86b543db939df5df2dbfd72503e8e3dc74f0866c6549c82d5
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\OxyPlot.Wpf.xml
xml
MD5: 6086cf7b6c693af1b2f1964eff0a71ce
SHA256: 68ac04bfbf6d935fdf45a16832e41eaee464a40aa73b9b490f38cda327dcd754
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\OxyPlot.Wpf.pdb
pdb
MD5: 6b208231ef6bb405f911e104db56f29a
SHA256: 4f85e9bdae8426c148a6640a2506ebdd01093a9d5423b404f2f68ac8aa529ca0
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\OxyPlot.pdb
pdb
MD5: d753f4d8454bf949c74ed23754cf5814
SHA256: c4b7991d845465d74c16582527431d0ca09621602adba9c4690c6a804230c123
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\READ ME.txt
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\READ ME.txt
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.StaticCommands.pdb
pdb
MD5: dadd3f09dee1f0cfccbadf6ad5a0ed62
SHA256: c0de8599df04fc910cce5d2057a22cc07f97028f2945a1a349cf512768b12d3c
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\settings.json
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Shared.Utilities.pdb
pdb
MD5: 6bcb40dc9dc2dcbe02a8c5fc92572ed0
SHA256: 27de5cc7ca2e6905a0f6b74dc94554660486530c03ad35278b8adcdb85c9827c
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\plugins\Screamer.orcplg
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\plugins\OrcusPatcher.orcplg
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Shared.pdb
pdb
MD5: f70d3a606984d1570880e26781e78f4c
SHA256: 2e3636ec106d37472d9b1ca62d42d20b4e66b6db74fc5e967c4dcdacd115b2c9
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Plugins.pdb
pdb
MD5: f522b03a924ef4fc7735fa8545711bc7
SHA256: cc87eb693425431f06045dac687d903da64010fb53648ba67acb667e54f11ea0
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\plugins\NotificationCenter.orcplg
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.ViewModels.pdb
pdb
MD5: 12ab826c12f421bd851813aee4b52a60
SHA256: 29fafd872c93b0b60f8cee3b07f04a9ba0300c06962204f544e8d74dee4a913e
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.ViewModels.dll.config
xml
MD5: e43cb7ae813c9025ba999bcdc97ad687
SHA256: 02aec367b0d22afcdf576637cd23aa2b123767b60b5322a1144dbcc0d073c73e
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\plugins\ExtensionSpoofer.orcplg
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\plugins\ExceptionTest.orcplg
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.Resources.pdb
pdb
MD5: 72c9f7b006e6e69a40786285bf9aad83
SHA256: 78c72ec9ed8fb2b3b67821141d8b5c3b02b4dfac140747adf267d4e6edc09953
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.Plugins.pdb
pdb
MD5: b078559db78ce116e280918ee3ddcc9e
SHA256: 2ee855d5c45adf0b20b893f0ce161c1c9a4445c3d402b31f0e864dbf910dc2ef
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.FileExplorer.pdb
pdb
MD5: 21af280fc71b1cc2b9e939dffb29a3f0
SHA256: 2dcb03c635f4f21b07478b17552b2fd18d2a58ed8f19c7028305ac67a9e91fbe
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.Protected.pdb
pdb
MD5: d7aa1fb324d4a261ba8259ab3c376d4e
SHA256: f391021c775fc1ecba72390457bfd0396851cf08c6dc683fbb5633a0d6d60c3e
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\plugins\GamerView.orcplg
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.Core.pdb
pdb
MD5: 26ed4c8a9fd2479772430dd592b27fd8
SHA256: 9afdac52b1d0862ad6956f31248170406456576ecdacd5a3a06f0a82d78b92d7
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\plugins\EILoTIRiXAudioPack.orcplg
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\plugins\BuildPumper.orcplg
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\plugins\ConcurrentRDP.orcplg
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.Commands.pdb
pdb
MD5: 7975244aae1c16f20a19f0e24d69a7cb
SHA256: ed437679a1ed3f4efb4a3e5c68556cb00d17b677ee30238bb1156fec389d8c63
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Orcus.Administration.Core.dll.config
xml
MD5: e6350abc733d88dd0d2dc6f00c9b17b4
SHA256: 3d338682303fa469255fcfe39d923b415481c782280c94e794d35c30eaa1d464
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\OpusWrapper.pdb
pdb
MD5: 2d1b0f08cc92511c73ee67432a46d39d
SHA256: c95b3763fd3dc16f590af8c0a49ece513b05851d8b473b0573f786ee3dda2b2a
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Ookii.Dialogs.Wpf.xml
xml
MD5: 38cc6ca7ea65b3eaeccc780f217be2b0
SHA256: 184a5a445d65b158f0cecc0135797350c327c31209ce18525251e2e8e0e16e76
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\plugins\BSoDProtection.orcplg
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\nUpdate.dll.config
xml
MD5: 8fd95a14599b6fcb8f31bf86773522b9
SHA256: 4560c371fa83c28464c1489e2cd6c4194d3fff08da6f0a8dd9e7113e9b2b4ede
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\nUpdate.pdb
pdb
MD5: d01ad4a540f23a0638547ce0d6ce3e65
SHA256: a7686cf951724d0018dfe1e1c7b4357fa9028a84dd15b2ae7f200e7fa4b8bf78
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\Orcus.Administration.exe.config
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\plugins\ApplicationAudioPack.orcplg
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\NLog.xml
xml
MD5: 7149cf36a31e0de1ed71a19f46bbc88f
SHA256: 137dcdd847f025490874739684b0f7367f6a952dafc80523031dc8bc8f89d12e
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Newtonsoft.Json.xml
xml
MD5: 685161f38e4eff85b93161ff23117876
SHA256: 8e4f42413a3b84b49b47a85382243573a635af4fb6a9cf63b734b4b50b3252f7
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\Orcus.Administration.exe
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Microsoft.Threading.Tasks.xml
xml
MD5: 58ce53b954afa8eafee0d70787c0ccfe
SHA256: 4d3e9cd7064ccf9d4098a4514b30a4e8c9607c63d41e60058b4f144e76d46754
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\x86\turbojpeg.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Xceed.Wpf.Toolkit.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\MahApps.Metro.xml
xml
MD5: 075d665ace802afd4f30517c29b12cbf
SHA256: 410592a120538491c3d054fec2b35404dae377418d06c81b8afca833bd7b25f0
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\de\Orcus.StaticCommands.resources.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\MahApps.Metro.IconPacks.Material.xml
xml
MD5: 62ef921619818896565710f326941cc7
SHA256: 85f4106903d6ccf6636e86b298632dfe2ae927b17f11f5748257e0cc1108bd0a
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\MahApps.Metro.IconPacks.Material.pdb
pdb
MD5: be9fff6d99f61d173d2453d3d58c5aad
SHA256: 4074fe09c05d2e44ceeaca40c45be6abe18fbfb4bd2a17e192bdd375c1fab993
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\de\Orcus.Plugins.resources.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\MahApps.Metro.pdb
pdb
MD5: dc3493243757d469fe274a439dbd1b4d
SHA256: fcbf9998346f321b26ad70852ea2d852470685b9adbef9bb87b8e5c86823b153
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\WriteableBitmapEx.Wpf.pdb
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Lidgren.Network.pdb
pdb
MD5: daabfe443d4cef0ee6d8a8dd5f329ad4
SHA256: 8054f0a192da60c86b02acc99f0a301d74606dd8c800cf675a5645acd9d1fa47
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Vestris.ResourceLib.xml
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\WriteableBitmapEx.Wpf.xml
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\ICSharpCode.AvalonEdit.xml
xml
MD5: 5950a341ad4ce47c8d7c2aa8ec668438
SHA256: da16d4b2088da6ce5ff6798869fa4858042820517473d349815de3067440f8e6
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\WriteableBitmapEx.Wpf.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\FluentCommandLineParser.pdb
pdb
MD5: 53c0253afa7cf1c2a0c13a4d01869504
SHA256: 2d812996cbdc1fdeddc1a9a9807e7dccae1708cc11def2c950fdb77261a0f21f
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\GongSolutions.Wpf.DragDrop.pdb
pdb
MD5: 4f837c9e86409823986a1abf9c369938
SHA256: e7317cf612e9afb974c7c1b22502d0e10767c3a8658fffb10d140a4876cc66bc
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Vestris.ResourceLib.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\FluentCommandLineParser.xml
xml
MD5: e479f4c914c9c0fab2ecc86e31cd1d93
SHA256: 0cf7bc714b9a0e327723fd9728ef3b839e2f4f19eec7a2868127c88e810c7aea
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\GongSolutions.Wpf.DragDrop.xml
xml
MD5: 2ca851954e17814eaf3312904e634969
SHA256: 66e59265329996f0d5992f24f2db80445abfbec92e0380e0ffb043e02bb6c0cf
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Exceptionless.Signed.xml
xml
MD5: 308b3c954ce65836529da588a0a0c2ce
SHA256: 3b791329744524e9e3652f998b4650415cfef8f49f9503e08111b30936208373
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\TurboJpegWrapper.xml
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\TurboJpegWrapper.pdb
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\System.Windows.Interactivity.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\TurboJpegWrapper.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\CSCore.xml
xml
MD5: 8fe5e0d1f87f336fa36572f6416a112e
SHA256: de74ff28fac66264ab57fadc235cb6988263697ec0bf94388e6fbd7eca4ae33f
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Be.Windows.Forms.HexBox.xml
xml
MD5: b534569d28458990c1b2f68eafa60bc3
SHA256: 415ea2d9a22ab58e5f89ece1caf45fd61f2579ef0c700c990a997841f284e4e3
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Sorzus.Wpf.Toolkit.pdb
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\starksoft.aspen.xml
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\starksoft.aspen.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\starksoft.aspen.pdb
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Sparrow.Chart.Wpf.40.dll
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Client\libraries\Sparrow.Chart.Wpf.40.xml
––
MD5:  ––
SHA256:  ––
3148
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb3148.32980\Orcus 1.9 Anti-Takedown Mod\Modded Server\READ ME.txt
text
MD5: 4edfa4989be0127d1523c4c1a635652a
SHA256: b91c1352d9ce92840a0ecd710d7a83cdaa002dfc84dab3a76eee158280b3667f
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_anonfile.com_0.indexeddb.leveldb\LOG
text
MD5: 0b6cabfb08713ccd988f2ee4fde963e4
SHA256: 3079dc7361ea959c4b82c249653a4377da49f860f2e7caff4d44abe98220df86
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_anonfile.com_0.indexeddb.leveldb\000003.log
binary
MD5: 0d363bf67f1d089baa9b1e7b96671046
SHA256: 3cbaa450a822de7c83e7ac95a3d90b27a4cac4dcc4beb162d1da4224bac67005
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: 5f9cb5b402c804ba36b07402e25a926b
SHA256: ee72b86eeade893b980a955c4ab3dc42a8c1779a94e8c2952c513d8cee0a52d0
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 3ac68f0d119e495434fb211747176f2c
SHA256: cb24500bf1df3250898b73f6e8731b85f8869830ed9a92d08fc36ef6afcc615e
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: 029c63185191b1cfa80f357d9dc75882
SHA256: a962106681b69b3a1ceb6ce94817d4c2888709e1f11b7c2d6a46f948f1a17209
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: 3bc086c0017cfa68e2797fec7d05f87a
SHA256: 5a7c4e36aff456e3cc54ff571fa956ac989cead2b0a684400771757b46ec5339
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF1310dc.TMP
text
MD5: 3ac68f0d119e495434fb211747176f2c
SHA256: cb24500bf1df3250898b73f6e8731b85f8869830ed9a92d08fc36ef6afcc615e
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\8540889b-0f45-4216-a09e-bab000573b4f.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: aafc637449a02b33ab87c46a9d447d78
SHA256: d45718a206955e810f0166f6341ae30a9a8fc1a551c00e4fbd70ae231638625d
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF13109d.TMP
text
MD5: 04b822e045ee2d032204d3728e801f0a
SHA256: d1d9a7ea074e69509d54efc12063d93de837e8ba4919c9fa0390fc116e24a4e0
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: cb72f20520d28aac1d1d1be055cfca22
SHA256: 313e7b1529c588dabc8187be58641e4c9381bff7a7ae74d6b3d04dd9dc1b6141
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF13105f.TMP
text
MD5: cb72f20520d28aac1d1d1be055cfca22
SHA256: 313e7b1529c588dabc8187be58641e4c9381bff7a7ae74d6b3d04dd9dc1b6141
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\e7535ea6-c5e3-4dbd-ba53-f646f0fe66ef.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e39efdd3-1011-4368-8b51-4939ecbc0315.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
sqlite
MD5: 72d7e07843cb8b049f5d08814555b039
SHA256: 25c7d1c6732b90b5152260c705a2ce8c64db0d4e7b5c524572b50c3c4f326b3d
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: a0b60fcfd56125e0fa8bf851c40c09df
SHA256: 7aa71158388703ca0ec10aa7d40c0e904840910118075e3b1e6028236067dfb5
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
binary
MD5: d48af327854edf2ce06419ed4b2b3711
SHA256: 281b0deea5ce01623fb677b27fbc0007f7b275b8eb3897c0da35abbb7eafad0b
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: b9c312eb091066ff2d44971f29adbd70
SHA256: 74ab8a98dae5d9e76af82cfddeef22028735adb07217442165204a5340630f59
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
binary
MD5: 79974e3d6bb0ecce7093d685238c3de2
SHA256: a1498969f8b86b38c5de26f9256f2d80dc4d30f1397938eb30b83a948356e12a
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: 8a3a370a38fef62813f3efc8802c51be
SHA256: 49d464cc4c7c0a8c6b820af2251a736d223d124a5bd2936f08d44c6273c2180a
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: 144bd53afc8c9cbf453c70d227e40432
SHA256: 345d8a682df38faaacab552bc35467cc01f823632b78b66b8a06b93cdcc201e2
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
text
MD5: 1d6c8eb8e4658e3d5327c7d05443a654
SHA256: f9667ac4f33a2f2f502ff3c11070611271700d080aa11fddd2001d65d16b1f4e
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 04b822e045ee2d032204d3728e801f0a
SHA256: d1d9a7ea074e69509d54efc12063d93de837e8ba4919c9fa0390fc116e24a4e0
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\LOG
text
MD5: 06da8d5bedbde21ffbe8c120685638a2
SHA256: 984d3514b3d784619d5d70b5d383b367780f1a830a703f4799ed699fa3eea19d
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000003.log
binary
MD5: 46518a9bc74e147dcb194cfb57169235
SHA256: c38d24205a1d7beb761faf70d63cf579b08038c70e5c359b61fe39344f6b0048
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
binary
MD5: 891a884b9fa2bff4519f5f56d2a25d62
SHA256: e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: a4fd533483b8f689fc84ca3c553069bd
SHA256: 8ef32f28b33a6799432008bbef6a84990807681e71532cd7118ea4ca708ecf52
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
text
MD5: 84e0aebf284bda0c65c873fced892e65
SHA256: 5eaaff26b2627716b73a44856b854b407b0f183c3d9a9d516a0dd52bb7d13b43
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF130fe2.TMP
text
MD5: 04b822e045ee2d032204d3728e801f0a
SHA256: d1d9a7ea074e69509d54efc12063d93de837e8ba4919c9fa0390fc116e24a4e0
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
binary
MD5: 75af1aae5430981b9ea4bfe1f1fe7184
SHA256: e7eb7068b50b727fe5ed5d4973f72b345212f94087abacb8a260cdcf8f8ee32e
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
binary
MD5: 5e99fad8d8eb0bce529b32b95f79edc3
SHA256: fb3ab841188ce909fccb523728fb5fa1bbc230e700d4d85f15da2c269c949035
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
binary
MD5: d4ba0ae0bb0b9faff3da6f35fdbc3c8a
SHA256: 99def1b557f19f04c1affc6f247d0451f33fc10ec42e73792223c3215ac98be6
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: 4e19099681c4d9b67ba6e5994c0dfde9
SHA256: 0e134ae624e53ace81477e6b14fbba30d24bed29ed3eb3418b01da319ee72adb
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000002
binary
MD5: 22bf0e81636b1b45051b138f48b3d148
SHA256: e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: 45f9bbbacba0f614321576d28532ac3d
SHA256: aede1c45f0c35d616c51c203db63bcc858e04c1fa1e8cb1e21d305ff568a1106
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
binary
MD5: f3fc2b8c0119e48f5aea53dbdbc9a693
SHA256: 7abd8bea0e24b4cf9ff08b6d4b1c491fdf2e0521a0f1ebbfc0d778429ba3a3e5
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
sqlite
MD5: f5a479cb80fbb5e98d35be59cb05722a
SHA256: 24475fc8095cce898baba900c9071dc3dc39690d3404eb9e46329d521c70f8f2
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: 09675087ba08aa9f9f333e7cc9012122
SHA256: 6264cd1d3e5a4debcbb01bed3bbd2da3059e69c6e269086c955311dedbf8704e
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
text
MD5: 43f7a32925e372df8565b5ea04ad69de
SHA256: 944447b2235af30970bc0aca0cd47c172e0417005870c8d783eb3f80c535f113
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
sqlite
MD5: c031d492eca9e0a05ca025bf32f4aa5c
SHA256: c6a70c5c57a4d9cda366526a5365b0cde6843f37b10f3551699343e28c30b313
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: f4929062878c1aaee1cc79ab38869a57
SHA256: 3fb528bb25a3a92629ad6b9c2007ce1844ac1d41a0eb880b3f65525e1667bd96
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000018
binary
MD5: dc50999a09b1e2f6e9350855136b865e
SHA256: f759b718dac41a2b27aca56179793c7063060dd8dc1bc051948866503c275b6f
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
text
MD5: 02f6c2541d2d89f0e93ecc70649ee317
SHA256: c23c103cff86e7887c1b8208c1c6500e23c1e86087e2cf04c54875f52e4168d7
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: efd0df03dd31a18f218bee8e3f86c6cc
SHA256: aeb748f8540ebe6010e1f6043d67c0ab9bc85f2dd6c8a2f174933c277487b47b
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
sqlite
MD5: e2463fec61615c92260d841dcf128c6b
SHA256: 69f2a992cedfb1a8dcad02453f12f3912bbe4ef024977481f8babbf949dd1d6c
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: 20787ec6c564a89f672bea11580eebcd
SHA256: bce87e3eae3337f4414de9d6aeda888ae2ed792cd536d44db04ea749c1d35384
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
binary
MD5: 0d36974c14a0ba8fc4bfe04361d5c1bc
SHA256: f82e7c3493a4235de06b786c2f2c062c332db1e341cf589fb431b3c6ea72ae9b
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: acc859ad8d7f0c63fa98448df0d64792
SHA256: 7f2ca24a17c31d0cd76a5e86f809a0b890e13e9587a70ff8926c012d80e172eb
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\1dd843c6-bc5e-402e-9f97-e7203572f2b5.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites
sqlite
MD5: 91150f1cdda9529ff34fbfbd3003fc8c
SHA256: b0d54acfa95a2fbb68aef868f1138de4c97b04a5262d046b66230af7d9684765
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 89c00a8e4f5230432acea5e752ed1170
SHA256: 23550ad3798aff7c3fa2b3b06f807ff63af264f257945a8525ccaa6c07ac4bfe
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: 17b9b685d0ab7ef785e3a8470e3bc7e1
SHA256: 6681ede8f3de8b59017efad5bbec5ba52a674e7e8092fc56ba824069c5abda1f
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: 7cc85326307eaf5d2f4a8fb1a1811d6d
SHA256: 3564ef907fa9634ebec5b7984027c2c3c3d4d1e5defd3cfdb8cbce656f565844
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: dcc1b0d092e565123b6c154a41d48144
SHA256: 1c78846ded8977047b4563997cba57ead1ef2b730748119dce78c1b601a118dc
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\8027d4ef-24f3-4300-8721-83bfdcc654f3.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\Downloads\Orcus.rar:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
1136
chrome.exe
C:\Users\admin\Downloads\Orcus.rar
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 826639.crdownload
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
binary
MD5: f788c0649ac6ceadfb197d08c721f482
SHA256: 1d98196bcc71e741d7eba66bf38bf1e58ba112d0eaaa075e9fe64ee001c3bf73
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RF12ee5f.TMP
binary
MD5: f788c0649ac6ceadfb197d08c721f482
SHA256: 1d98196bcc71e741d7eba66bf38bf1e58ba112d0eaaa075e9fe64ee001c3bf73
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: a2598bee0394e9619a12fd99849ee1bc
SHA256: 69d0e283b07cc35ff8604a5fb3f46a8d604004582ee9b060b9e263a5baac1fc5
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF12ec8b.TMP
binary
MD5: a2598bee0394e9619a12fd99849ee1bc
SHA256: 69d0e283b07cc35ff8604a5fb3f46a8d604004582ee9b060b9e263a5baac1fc5
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 70f35af14a729d3536b7189daecabca1
SHA256: dbaa164bb8d98ef6a9181da4e6a751a8862d341fc0f269a2848b5921b213d22f
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF12dc6e.TMP
text
MD5: 70f35af14a729d3536b7189daecabca1
SHA256: dbaa164bb8d98ef6a9181da4e6a751a8862d341fc0f269a2848b5921b213d22f
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\b7d5ad9d-8472-4440-8e4f-ed7490b29191.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 7b637e26246e72f2fb44b4bed13eb06a
SHA256: 11e88c42ada09c7c6a1f87fd55d7ee6ba4b2507de82ce18019b2b1ef8308f140
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF12d46f.TMP
text
MD5: 7b637e26246e72f2fb44b4bed13eb06a
SHA256: 11e88c42ada09c7c6a1f87fd55d7ee6ba4b2507de82ce18019b2b1ef8308f140
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\07ea56bf-e882-4a5f-bb9f-695824338400.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
binary
MD5: 202a00ac128a87d3d8677784c0375e7e
SHA256: f0ce0cb653eba98033c732e56d3d5084d27cbfc6d177199e41ce3017cf75e364
1136
chrome.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MURVIIFLRTB8EQ1OOLME.temp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: c0c9fc15e0753bea948b2ef8317173b0
SHA256: 328cf472d0e29c780a20628e9c6d03d5a7ad10f2167033341853a1ccbb4d849b
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF12af14.TMP
text
MD5: c0c9fc15e0753bea948b2ef8317173b0
SHA256: 328cf472d0e29c780a20628e9c6d03d5a7ad10f2167033341853a1ccbb4d849b
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\08a75b86-ded3-4e42-bf43-aef8db5e932a.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: e27ea755752c65b5dc7d9701ffdf7e78
SHA256: 5e42d2e6871f7b72e0f3dab4aadca8f373eb79dbcbe52b9ec2a758a62909065b
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: fbd084ca41a7ed42aac12155968b09f0
SHA256: 4df1aaf8d567da88ab88f6c7443c94b2ad3dd1c5f3bcb374bd528d7eb375c070
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF12ad5f.TMP
text
MD5: e27ea755752c65b5dc7d9701ffdf7e78
SHA256: 5e42d2e6871f7b72e0f3dab4aadca8f373eb79dbcbe52b9ec2a758a62909065b
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF12ad5f.TMP
text
MD5: fbd084ca41a7ed42aac12155968b09f0
SHA256: 4df1aaf8d567da88ab88f6c7443c94b2ad3dd1c5f3bcb374bd528d7eb375c070
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\effbc9a7-cdd1-4e0d-b18b-339977b43355.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\0421e69d-849c-41d0-a1bd-3027c65ffa08.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1046426ea0b8f98a_0
binary
MD5: 3db4632ed6b8f43a5a2e253c39c45bdf
SHA256: d449921afa007894b5620292c9ba4185ef5fe34fde1d21327b73b6ceadf2a3ec
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\18c4b479eb0c12a8_0
binary
MD5: 8d9e05f3dbf8abd18e76247c8ff3c233
SHA256: 063304c2d822d5918b557631ce53a50951680fdff05f16cd431bedffa6c44530
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc70187b41691eab_0
binary
MD5: b248b4a475d8d533765e0be5fe808b73
SHA256: f12701a818722f11c27d4d74784eef95aec8a7d84f59aec882a349377c7b86f8
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\abaa493e1d4e9125_0
binary
MD5: 9d852e0ec269ea30f5b128f0678268cb
SHA256: 296a6df5cc7526f7bfb35131d407a734ae08824beb169f76e22a1d4d90175547
1136
chrome.exe
C:\Users\admin\Downloads\0f52965c-dd5b-47fb-969f-65bdb9629b63.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT~RF129fe2.TMP
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 6a0a8f7ff03f7781cdd0ef5114e94f68
SHA256: bac8fdf1dd0f0491110cf36da3a162d1d86c636a2a56424d4af5134f06eb7d39
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar9ECE.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar9ECD.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar9ECA.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab9ECC.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab9ECB.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab9EC9.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
binary
MD5: e1b5ef173cfcd93328bd667a23020817
SHA256: 3303e3405e4643e81a23b0599217fb309b5480db134651aece8afbf3ab5a77bb
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1
binary
MD5: ced76562937ef64ec544092cd089c1b3
SHA256: bfa88f84ca417e291c30f2d41ba2758907c764ed3b7a0c8d56aafbb9db8d9652
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0
binary
MD5: 1d493c054809060f18e7ccd2c6f45a69
SHA256: fbfe71c8eab12a03602a06db5af2f1d57795f64fb5678d5ea988e97b7158bc1d
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar9D70.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab9D6F.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: b3d535ae7d6726a98fcf3f3171aede3b
SHA256: 6409d0f332c63aa660842f200df2a1efb0a84ec8ea3c33d0b690b01fc0567d80
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar9D5E.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 41577a5ab6a7d917cddeeddc2ef52d53
SHA256: 695fcbf6d5b0a83f6671ea2063aa9e2d45d263a108e826f21186b4a7f05925ff
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab9D5D.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar9D4D.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab9D4C.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f5b876a833101401_0
binary
MD5: 63d72a4b7ffa897d16c127614281b10d
SHA256: 9def844b73a946a90cc6771f3393fa95e6980c6d8a143e600c62374e0fc41368
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar9C51.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar9C50.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar9C4D.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab9C4F.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab9C4E.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab9C4C.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar9C1C.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: cb6c5fabbda0cd472febf3033314024e
SHA256: 039b54dd5eb5dbfb5b5825ff8760e461ea5ba2fde622c9abbdb28e2ef708cba6
1136
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab9C1B.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Tar9BEB.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\Cab9BEA.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 2897af38978d6aba289a7dbc4abdee03
SHA256: 9b2b3e0bccde0519169971b72e72285ac7990ab6bfe83ff1c358f2510b8ec0bc
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF129533.TMP
text
MD5: 2897af38978d6aba289a7dbc4abdee03
SHA256: 9b2b3e0bccde0519169971b72e72285ac7990ab6bfe83ff1c358f2510b8ec0bc
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a867bc96-9c6f-4499-998e-5c9fdc219e0c.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
compressed
MD5: 833c94cc69bec3d33e4821a3ca24fdb5
SHA256: 56e7509db0d99b0942d2a2b4c7dbb226b3e05a7bda2464a0a535d814692a239b
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
binary
MD5: 0cf39e9fdcaccf08e954418b0bbc94e8
SHA256: aaa7df6803e16982d2780aaf32df35b4c850852fcdbe39e202fea5d0e6af94aa
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\998b7d864affc9de_0
binary
MD5: 9ee5560068f4de550dda9eba38571551
SHA256: 1d5a08aefe00be0c3a4a374f4decfa0f2c143221c551bfb479c3941a0a752dcb
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
compressed
MD5: 585dd98ad9bada516652979df577ade8
SHA256: e88dfebceadff72fc5bb3ab4a4dfa71d835acbb4d183091d66e72e762fb306d5
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_anonfile.com_0.indexeddb.leveldb\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_anonfile.com_0.indexeddb.leveldb\000001.dbtmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_anonfile.com_0.indexeddb.leveldb\MANIFEST-000001
binary
MD5: 3fd11ff447c1ee23538dc4d9724427a3
SHA256: 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ddee2f3c984e086a_0
binary
MD5: c38c69dab52a9c1ec7e55450eba08599
SHA256: 70e7ca96cce9cce92437766c1712d6d286efab6afe4bb61eb745c9e22c443de6
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\79a2a513a2fa9532_0
binary
MD5: e501b2cf34306c83d14e28c468028785
SHA256: c157cf6ba004657f36bcc8667f802fa00d12d61c67a30cdaba2a865f1195b87d
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\edb8cb7ed9c26f02_0
binary
MD5: 6da25af78952f299177722efce88c31a
SHA256: 075dae3f6bba48f75848fe1bd483d6ec43112092a75bf402276db0275266fd60
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e3c6e531f8ff4dd9_0
binary
MD5: 6c05eb60eedf420f6262fc3461f666ba
SHA256: 46320ba248c5b92d784d1085a2667a62c6ac53958003a7064f26b76828555542
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
binary
MD5: 9812e226e2157f8d1e47110b5dede03d
SHA256: 01d220e7540ea1d14bc6ac3b50940dc36f5970981418ed57be0ba2f0ec1f1994
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
compressed
MD5: e296d874aca2a1550b409394be51efaa
SHA256: 401c15b7916797f936e9d8443945ef22e0f93305655c057a92c8d9b80c327c9f
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4368e8f8673b71bb_0
binary
MD5: b315a0779839c9e6e951350f1bf7b8a2
SHA256: 307e1ba2e498ee062d3d4b7a8c841eb9ac52f1c94ac579bb400810eb83c746ec
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
compressed
MD5: 970b9a40789d10fbfdf7563e85b64f8f
SHA256: 854365f5b3d245ca05cc95a35732b054f11ab8c9b42add4ceea3429c5bd12754
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
ini
MD5: e09f45b1ee117c3b0d365c7554ff91be
SHA256: 56cd7f3c0608b8e6388ae098e6ec967e91a5fbb56e0d13a963c49f22574bfe04
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
image
MD5: b02f4a2776b104d3144e3829d2a3bda3
SHA256: a9d65e88b9f25a240e8664f636534f0b7c368dc3b491b463723860f87ca0605e
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
compressed
MD5: e179491bb5a86d2d4798fad5b6a00d74
SHA256: 29a282d89d7ee61e803838d4b1e3157c36fa49f9739d5cd99c607f72f727db38
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
binary
MD5: 689355bcc3d587e54eef403ea47c7375
SHA256: 8d907ef7eceb157753b4ce2a30a44803477a937ce73b1640d1beee5839d018c5
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RF127b81.TMP
binary
MD5: 689355bcc3d587e54eef403ea47c7375
SHA256: 8d907ef7eceb157753b4ce2a30a44803477a937ce73b1640d1beee5839d018c5
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7319.128.0.1_0\_metadata\computed_hashes.json
text
MD5: cb8c355bee1282f8b6e4b1302687e63e
SHA256: c27278a1ea72223df17c925c534fd74239bc6311514725e9910852c9ab8fbaa2
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 2ee6841d001b73f8e9537f7f262a6c60
SHA256: 4da6ad48b6d3d0384f6c1c9b02d55b12fa83471660b857bf6d5d28f8c14f442b
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF12795e.TMP
text
MD5: 2ee6841d001b73f8e9537f7f262a6c60
SHA256: 4da6ad48b6d3d0384f6c1c9b02d55b12fa83471660b857bf6d5d28f8c14f442b
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\f456548d-9fc9-4e61-a88b-6f968f4224c3.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9cfa0dda3968329980b7e40c251f29bfef877f68\d280dac2-2b8c-4855-8d58-30cdc07f009c\index-dir\the-real-index
binary
MD5: 6993d521f1489e98c6a6798df94ec8c3
SHA256: b691c2af5c92ebc641ad45f99e85b00b9f50a51485bdc518c1d9695d5e75a4dd
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9cfa0dda3968329980b7e40c251f29bfef877f68\d280dac2-2b8c-4855-8d58-30cdc07f009c\index-dir\the-real-index~RF127920.TMP
binary
MD5: 6993d521f1489e98c6a6798df94ec8c3
SHA256: b691c2af5c92ebc641ad45f99e85b00b9f50a51485bdc518c1d9695d5e75a4dd
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9cfa0dda3968329980b7e40c251f29bfef877f68\d280dac2-2b8c-4855-8d58-30cdc07f009c\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: ef7f6268e455fbd6babf5925abfa9071
SHA256: c518e4fa5dd0997180a516528cbb8ddb559175ba11a2b0baadfabf99a2337bc6
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF1277b8.TMP
binary
MD5: ef7f6268e455fbd6babf5925abfa9071
SHA256: c518e4fa5dd0997180a516528cbb8ddb559175ba11a2b0baadfabf99a2337bc6
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 7ed1808c843a90df36b9923463e87e2e
SHA256: 15714e19748473292412a3a2b168e7d6862695166492311de2bdb61aba2c5e96
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF126569.TMP
text
MD5: 7ed1808c843a90df36b9923463e87e2e
SHA256: 15714e19748473292412a3a2b168e7d6862695166492311de2bdb61aba2c5e96
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1e35a7bf-ea2f-4c7d-bd0d-951d88f63256.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000001.dbtmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: 0d831d401e8c91ba000fc24613aeae85
SHA256: 9d1ae1b94963ed178604a079e8a62ffbb16103c3f43b559841b076623b139027
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF12427f.TMP
text
MD5: 0d831d401e8c91ba000fc24613aeae85
SHA256: 9d1ae1b94963ed178604a079e8a62ffbb16103c3f43b559841b076623b139027
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bc63b129-d3da-4fab-93dc-21ebe3e19856.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9cfa0dda3968329980b7e40c251f29bfef877f68\index.txt
binary
MD5: dbb64ad5ff9a479e725797fcebedb2c5
SHA256: 1a89a981a89a144688c8efb9b9ce33ee9751cba1f3e405cdf49c15c2e30c9215
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9cfa0dda3968329980b7e40c251f29bfef877f68\index.txt~RF123e78.TMP
binary
MD5: dbb64ad5ff9a479e725797fcebedb2c5
SHA256: 1a89a981a89a144688c8efb9b9ce33ee9751cba1f3e405cdf49c15c2e30c9215
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF123dfb.TMP
text
MD5: 7c8400d3704912b8411646393d950442
SHA256: 1178151fe97d63b2ebee3610a2018c6f0ac099b87cb5c9781c0961c3d7e36694
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 7c8400d3704912b8411646393d950442
SHA256: 1178151fe97d63b2ebee3610a2018c6f0ac099b87cb5c9781c0961c3d7e36694
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\6e859ec4-9e12-4756-b03c-75a87ecaae37.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF123948.TMP
text
MD5: 4ce0e15c46b19133e658c7641ce18d0f
SHA256: 947db6ca125b2ed9388bd98cea7ba8eadb0d5f2ad588b603389afc06c60ebd47
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 4ce0e15c46b19133e658c7641ce18d0f
SHA256: 947db6ca125b2ed9388bd98cea7ba8eadb0d5f2ad588b603389afc06c60ebd47
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a4a1f198-168c-4bd8-9797-a5aa5b7560dd.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: bca43c9f076de0ede1e20671c3054cb8
SHA256: 7da9a27af1984c08d7a519a5454def2518b2d1d4fa6a206e1675327e43ccc61e
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF12389c.TMP
text
MD5: bca43c9f076de0ede1e20671c3054cb8
SHA256: 7da9a27af1984c08d7a519a5454def2518b2d1d4fa6a206e1675327e43ccc61e
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\4c6117a7-648a-4f49-8b9b-8e0bf0a0163e.tmp
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\000003.log
binary
MD5: 10f1c692e6efc1458288c032d4a6acbf
SHA256: f1472c2fd6da71eca12fe5ce3cbd3c1496d4c535d31d6ed0bba315eac0bc753c
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.ua_0.indexeddb.leveldb\LOG
text
MD5: cb58e1541598f4aa8295e6a33e3449d0
SHA256: 7c138ed564232c3ca535545c9cdc8deb02a236e0eee15d3d1e7550350e3da38d
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7319.128.0.1_0
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1136_3593\CRX_INSTALL
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir1136_11531\CRX_INSTALL\_locales\uk\messages.json
––
MD5:  ––
SHA256:  ––
1136
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir1136_11531\CRX_INSTALL\_locales\ms\m