https://005.0x1f4b0.com

Add for printing

URL:	https://005.0x1f4b0.com
Full analysis:	https://app.any.run/tasks/f4895086-cbc0-4be8-8d3b-c8b14daf0d45
Verdict:	Malicious activity
Analysis date:	October 19, 2020, 06:31:23
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:	17F644C859B064D42B5445DC26DD16AC
SHA1:	D3EDB04D54FFE1B372F14FDDD1B4FB5805BEE8CA
SHA256:	C9270DF0BB81EEFA3F3F18C3627123BD0C325861B7FF652D58826A61BC9C853B
SSDEEP:	3:N82LVyIn:20b

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.17843 KB3058515
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (75.0.3770.100)
Google Update Helper (1.3.34.7)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.7.2 (4.7.03062)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)
srvpost (2.12.72)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Hyphenation Parent Package English
IE Spelling Parent Package English
IE Troubleshooters Package
InternetExplorer Optional Package
InternetExplorer Package TopLevel
KB2533623
KB2534111
KB2639308
KB2729094
KB2731771
KB2786081
KB2834140
KB2882822
KB2888049
KB2999226
KB4019990
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
PlatformUpdate Win7 SRV08R2 Package TopLevel
ProfessionalEdition
UltimateEdition

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
- Reads the hosts file
  - chrome.exe (PID: 548)
  - chrome.exe (PID: 2364)
- Application launched itself
  - chrome.exe (PID: 2364)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
2364	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://005.0x1f4b0.com"	C:\Program Files\Google\Chrome\Application\chrome.exe		explorer.exe
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100
3780	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6c57a9d0,0x6c57a9e0,0x6c57a9ec	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100
2532	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2312 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100
3304	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4629470173761239950 --mojo-platform-channel-handle=1028 --ignored=" --type=renderer " /prefetch:2	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100
548	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=3053963644404771724 --mojo-platform-channel-handle=1560 /prefetch:8	C:\Program Files\Google\Chrome\Application\chrome.exe		chrome.exe
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100
1396	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2147225605237719264 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100
1836	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11707906817313112619 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100
3632	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14461633799689467133 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:1	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100
3648	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16144111149099795631 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100
2528	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16923565546153800361 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:1	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100
1692	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=5685694486445106649 --mojo-platform-channel-handle=3452 /prefetch:8	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100
2664	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=16758535119959239069 --mojo-platform-channel-handle=3400 --ignored=" --type=renderer " /prefetch:8	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100
2064	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4641684432257635308 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100
3988	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17521878373874136172 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1224 /prefetch:1	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100
1104	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5558360035186200683 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100
2164	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=461408963281689943 --mojo-platform-channel-handle=3204 /prefetch:2	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100
864	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=17204510828989617627 --mojo-platform-channel-handle=2696 /prefetch:8	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100
1968	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17330297457498743307 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100
1788	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=868959671348122390 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100
2416	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=14492083054849743853 --mojo-platform-channel-handle=936 /prefetch:8	C:\Program Files\Google\Chrome\Application\chrome.exe	—	chrome.exe
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100

Add for printing

Total events

599

Read events

519

Write events

Delete events

Modification events

No data

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F8D32CA-93C.pma		—
		MD5:—	SHA256:—
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old		—
		MD5:—	SHA256:—
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF2d425d.TMP		—
		MD5:—	SHA256:—
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp		—
		MD5:—	SHA256:—
3780	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma		binary
		MD5:B59113C2DCD2D346F31A64F231162ADA	SHA256:1D97C69AEA85D3B06787458EA47576B192CE5C5DB9940E5EAA514FF977CE2DC2
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF2d41e0.TMP		text
		MD5:C2DDBA63E4A2BD2E39A8B6C2C6384AAE	SHA256:6D5C1C78341C6F84911055D970ADDB0EC3499F8BF7FADE062122A22209CE67D9
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF2d41e0.TMP		text
		MD5:FB5B20517A0D1F7DAD485989565BEE5E	SHA256:99405F66EDBEB2306F4D0B4469DCADFF5293B5E1549C588CCFACEA439BB3B101
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old		text
		MD5:67F45CAA18C889645F50CD6216C81E65	SHA256:33ED82CDDDFFD55A5059C147C6CD20F66C6712314F890A39576D3C10914D0029
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old		text
		MD5:C2DDBA63E4A2BD2E39A8B6C2C6384AAE	SHA256:6D5C1C78341C6F84911055D970ADDB0EC3499F8BF7FADE062122A22209CE67D9
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old		text
		MD5:D4322EEBAC92D1B8F7A6F5E39F6264B7	SHA256:A3EEDF21B850DCC7CE5AE04395ECDD2D29DA4EA549C8A185DD9E8B552A87B8C2
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version		text
		MD5:1A89A1BEBE6C843C4FF582E7ED33CA1F	SHA256:65099CA087B66AA8CA420AB121DAAD713E1DB5A61C5A574D9B1C0DF24F012520
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old		text
		MD5:FB5B20517A0D1F7DAD485989565BEE5E	SHA256:99405F66EDBEB2306F4D0B4469DCADFF5293B5E1549C588CCFACEA439BB3B101
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat		binary
		MD5:9C016064A1F864C8140915D77CF3389A	SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF2d41e0.TMP		text
		MD5:D4322EEBAC92D1B8F7A6F5E39F6264B7	SHA256:A3EEDF21B850DCC7CE5AE04395ECDD2D29DA4EA549C8A185DD9E8B552A87B8C2
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF2d421e.TMP		text
		MD5:67F45CAA18C889645F50CD6216C81E65	SHA256:33ED82CDDDFFD55A5059C147C6CD20F66C6712314F890A39576D3C10914D0029
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old		—
		MD5:—	SHA256:—
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF2d43f3.TMP		—
		MD5:—	SHA256:—
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1		—
		MD5:—	SHA256:—
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs		binary
		MD5:E815400F953EA8DB8A98D52737C9A50D	SHA256:E9F064927A191500B7365F51C9CD0763A6A8E68A8B866ACED39AA0E72C3EAD85
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f6b1ae1c-68a9-4f59-a22f-549ba56cc1fa.tmp		binary
		MD5:5058F1AF8388633F609CADB75A75DC9D	SHA256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old		text
		MD5:F1220A80653B6B89B42DFD1B2E8155C3	SHA256:36BBBC13CC1901CF269B4CE36E2EE08946806DFA58474AE88287CA8E9DA9725D
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old~RF2d427c.TMP		text
		MD5:5C7396B94A680035456C18B26EBD8A05	SHA256:75F182F270AF0242D799F42EEFFB330178FBC0F637490E7A488679AC3B67B4C2
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF2d42ab.TMP		text
		MD5:74D4DB05A4D3E7263E8AE314DEDD8DF1	SHA256:67BF9950E818713E054268D40BED61A22D324385CE98E89DDF406A405B870802
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT		text
		MD5:74D4DB05A4D3E7263E8AE314DEDD8DF1	SHA256:67BF9950E818713E054268D40BED61A22D324385CE98E89DDF406A405B870802
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old		text
		MD5:73D23E129C733CCC599F9ACE77EB7F72	SHA256:871981ECC6E3324F89CFF0A85196CFB4A7C9E97347459AAC36BC04243A83EB0B
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old		text
		MD5:5C7396B94A680035456C18B26EBD8A05	SHA256:75F182F270AF0242D799F42EEFFB330178FBC0F637490E7A488679AC3B67B4C2
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF2d42ab.TMP		text
		MD5:73D23E129C733CCC599F9ACE77EB7F72	SHA256:871981ECC6E3324F89CFF0A85196CFB4A7C9E97347459AAC36BC04243A83EB0B
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\c0348672-051b-4ea8-b7d2-24ae4a1d8709.tmp		—
		MD5:—	SHA256:—
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d9855cfc-f9e8-4323-b627-bf518e5d365c.tmp		—
		MD5:—	SHA256:—
548	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\80b46e6a-3573-4998-9823-3d197e15dc63.tmp		—
		MD5:—	SHA256:—
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old~RF2d4328.TMP		text
		MD5:81BB923A0911DE7F4D4DB38755ABBE7C	SHA256:4EEB1738EB0576AFE2B1C304111153035A70CC2EEBF9053B031E71CD698B3318
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old		text
		MD5:81BB923A0911DE7F4D4DB38755ABBE7C	SHA256:4EEB1738EB0576AFE2B1C304111153035A70CC2EEBF9053B031E71CD698B3318
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old		text
		MD5:33D5F5B076DF84D87591C04629D35599	SHA256:E8AA31384081D2EDF8282EF19EBC827D795364856656229E179398733B8A185E
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF2d42da.TMP		text
		MD5:F1220A80653B6B89B42DFD1B2E8155C3	SHA256:36BBBC13CC1901CF269B4CE36E2EE08946806DFA58474AE88287CA8E9DA9725D
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log		binary
		MD5:9FE07A071FDA31327FA322B32FCA0B7E	SHA256:E02333C0359406998E3FED40B69B61C9D28B2117CF9E6C0239E2E13EC13BA7C8
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old		text
		MD5:776FEE091AA98EA4C8A6D48B0F99D4C8	SHA256:6CFD5A2DEB1EA58DEC6F715ADAEAB0630CF726FC8CD31E37069E8059385EE1F6
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG		text
		MD5:FE70EDD1A501FCB3F95D15B09DFC1806	SHA256:429493E86DEBF34FB408A35A0C7D3080FEC9B93E99A8B39F97090ADA1FCB22DA
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1		binary
		MD5:5B3F829D31CE289BAC84E225BBF9BF26	SHA256:725E15AF1E1B7FC387D35D3082D292BE51B1D1EC4E5B0532ECD296697B5B21D9
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF2d4aba.TMP		text
		MD5:EC302F6B15779508F1F8BDB79778E1AF	SHA256:583A1A451868DAB90A46BFCC4E8C8C72C1516C63380E0472FA51C90DF970439B
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old~RF2d4395.TMP		text
		MD5:33D5F5B076DF84D87591C04629D35599	SHA256:E8AA31384081D2EDF8282EF19EBC827D795364856656229E179398733B8A185E
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF2d46c2.TMP		text
		MD5:FEC3FD9D66370F89B614CE72AE9555CD	SHA256:6B66890CD9D32D160EA2B21634A2A46499D0C6777A009EAF3EA6B5455D726459
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF2d46f1.TMP		text
		MD5:776FEE091AA98EA4C8A6D48B0F99D4C8	SHA256:6CFD5A2DEB1EA58DEC6F715ADAEAB0630CF726FC8CD31E37069E8059385EE1F6
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old		text
		MD5:FEC3FD9D66370F89B614CE72AE9555CD	SHA256:6B66890CD9D32D160EA2B21634A2A46499D0C6777A009EAF3EA6B5455D726459
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old		text
		MD5:EC302F6B15779508F1F8BDB79778E1AF	SHA256:583A1A451868DAB90A46BFCC4E8C8C72C1516C63380E0472FA51C90DF970439B
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session		binary
		MD5:1B9B3420FAB158720B68CD1BEB45DFA1	SHA256:629658A0414BAA7A9177F0C685C7B3BEF8D504D08F28B6DBD0B6B0234EF0B4CF
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000001.dbtmp		—
		MD5:—	SHA256:—
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\27e14a75-7745-447b-8479-336db9043165.tmp		—
		MD5:—	SHA256:—
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\b4907ca0-6cba-4563-922a-affa76b37b5a.tmp		—
		MD5:—	SHA256:—
548	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010		image
		MD5:E95D2A3E4D074EFA3651746D0D096487	SHA256:2406ADAD4933046B5C3D4EC41C51C62CA30ADA72EAA29FB5164081A3F6D5A1DD
548	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013		compressed
		MD5:A58062FD2974927E9C0E74418FB525E5	SHA256:2CF542FC678DADFDAA5E28918E701E730908DAEDE04D315175A8F2A8B3166F8F
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State		text
		MD5:345D5A1A0AD7010766007157CC965CB2	SHA256:46504E37D6855F29492F5F8A9B8F9B2255B1EABD46777B2E7567A3DA74AE1727
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences		text
		MD5:E33E5BF3C0A1D033DD47A03BDFB84897	SHA256:AA11EA604D8E14C8C3FA0CDF23F8750714BB4D36E4B5A3AB9EFD19B5E745B4DB
548	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011		image
		MD5:1D8B56F7E4D54130997FB71C539A2CA2	SHA256:333A51C87B820FA460FE3B7759B1432DFD8BC48F20C4AAB20DD07C252CFDA6E9
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a2a16f4809ce485f_0		binary
		MD5:1C2FDF4B2C7980550C49098BF610DD14	SHA256:63F70A5FACF7B1174A3843B0BDBBE252455B6699CB9AC24ECE7F9D6350353C91
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\10555a64e2553dcb_0		binary
		MD5:190DE675D0BAB318BF98564E9E9281E9	SHA256:E1D74561A4184A4A8AB5C2CA2F01F4E6E8C46A702F0926DB373E4603D0710BFC
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF2d67f6.TMP		text
		MD5:345D5A1A0AD7010766007157CC965CB2	SHA256:46504E37D6855F29492F5F8A9B8F9B2255B1EABD46777B2E7567A3DA74AE1727
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\37623272f1e5fcaf_0		binary
		MD5:F2449E2C43880307D190A5B612BAC1D7	SHA256:267CD3A3A53A879B93F624ED0D10C2D3036EA8BDC6AC8B5277FE4792581673F5
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2d68c1.TMP		text
		MD5:E33E5BF3C0A1D033DD47A03BDFB84897	SHA256:AA11EA604D8E14C8C3FA0CDF23F8750714BB4D36E4B5A3AB9EFD19B5E745B4DB
548	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014		compressed
		MD5:D2480EDAAE9E30B53135EAC01290565D	SHA256:7F1E54B317CDBAF44A347DA6018BB2E4DDD111BB1F16879053A6FB6EC1576D38
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001		binary
		MD5:5AF87DFD673BA2115E2FCF5CFDB727AB	SHA256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
548	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity		text
		MD5:DF5E7EF598DBA454A26E4D550C53F286	SHA256:04428C9F9596E8492166FCB2D60CA315A4C111DAE4D0C797CA5FB0BB27FB4911
548	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF2d7aa3.TMP		text
		MD5:DF5E7EF598DBA454A26E4D550C53F286	SHA256:04428C9F9596E8492166FCB2D60CA315A4C111DAE4D0C797CA5FB0BB27FB4911
548	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012		image
		MD5:1C421357055F4A0E764EA9BD952CBAEC	SHA256:E06E8E245725DD24E2FE71C325BF851CC21C20927500B385EA7CB34449F46050
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c4087b87171c1029_0		binary
		MD5:6FB6C82E6E7C639F231461C7E1F8979D	SHA256:909C69C15A09FD122FC12C32C60F4D02DD9885ED2914823A1004E160339BBC1D
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\73091779-551f-4b9a-9fc7-324ebfa9d1b3.tmp		—
		MD5:—	SHA256:—
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index		—
		MD5:—	SHA256:—
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\99ab5c12-f338-40e5-b5f1-1eb7c95da14b.tmp		—
		MD5:—	SHA256:—
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT		text
		MD5:46295CAC801E5D4857D09837238A6394	SHA256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF2d9a7f.TMP		text
		MD5:6FE6FA5A762C8233500AF928A6DF1318	SHA256:BD8C6255C257270006BDDF71B3160F7B786668B419A80BC639ACF38F3B852633
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF2d8ff0.TMP		text
		MD5:9ED06E8732B85F512B38D9EB78E1D869	SHA256:86B7B0173718EFE9C801C6A4D4A5221B6A6EC014CC2AB69F4D44401A222D917A
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RF2dd14f.TMP		binary
		MD5:6B092E4563002074E000D944142679B1	SHA256:D7C560E410CD5D2117F7D444455700AF418EF63F447F1D8470C08E117171554F
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index		binary
		MD5:6B092E4563002074E000D944142679B1	SHA256:D7C560E410CD5D2117F7D444455700AF418EF63F447F1D8470C08E117171554F
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF2e056e.TMP		text
		MD5:507239AC6E2C292064C4086C6757BC5A	SHA256:9E34184F3579509F43BD5C2AEE45D6568F5B0202119C4BFCBFC2DDA2DBABDB86
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2d9b89.TMP		text
		MD5:20F4F35A259B0D887B60D305D80ABB7C	SHA256:29BE54AB227B94E334F023269A070553D12B347E7FC674F7ABA04A0B05D4AC5E
2364	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences		text
		MD5:9ED06E8732B85F512B38D9EB78E1D869	SHA256:86B7B0173718EFE9C801C6A4D4A5221B6A6EC014CC2AB69F4D44401A222D917A

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
548	chrome.exe	POST	200	173.239.8.164:80	http://0x1f4b0.com/	US	html	233 b	malicious
548	chrome.exe	GET	200	165.22.38.5:80	http://srchassist.com/lander.php?f=1&p=edmv4&s=edm_DEFAULT&d=0x1f4b0.com&ts=26718152&tsh=207ea3e3160b746ae9d17d7d308d1edf	US	html	788 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
548	chrome.exe	216.58.212.173:443	accounts.google.com	Google Inc.	US	whitelisted
548	chrome.exe	172.217.23.99:443	clientservices.googleapis.com	Google Inc.	US	whitelisted
548	chrome.exe	173.239.8.164:443	005.0x1f4b0.com	Webair Internet Development Company Inc.	US	malicious
548	chrome.exe	172.217.21.206:443	clients2.google.com	Google Inc.	US	whitelisted
548	chrome.exe	172.217.18.99:443	ssl.gstatic.com	Google Inc.	US	whitelisted
548	chrome.exe	173.239.8.164:80	005.0x1f4b0.com	Webair Internet Development Company Inc.	US	malicious
548	chrome.exe	165.22.38.5:80	srchassist.com	—	US	unknown
548	chrome.exe	142.93.65.89:443	medleysearch.com	—	CA	unknown
—	—	173.239.8.164:80	005.0x1f4b0.com	Webair Internet Development Company Inc.	US	malicious
548	chrome.exe	172.217.23.100:443	www.google.com	Google Inc.	US	whitelisted
548	chrome.exe	216.58.212.142:443	clients1.google.com	Google Inc.	US	whitelisted
548	chrome.exe	216.58.212.131:443	www.gstatic.com	Google Inc.	US	whitelisted
—	—	216.58.212.131:443	www.gstatic.com	Google Inc.	US	whitelisted
548	chrome.exe	142.250.74.195:443	fonts.gstatic.com	Google Inc.	US	whitelisted
548	chrome.exe	213.247.47.190:443	005.0x1f4b0.com	Webair Internet Development Company Inc.	US	malicious

DNS requests

Domain	IP	Reputation
005.0x1f4b0.com	173.239.5.6 213.247.47.190 173.239.8.164	malicious
clientservices.googleapis.com	172.217.23.99	shared
accounts.google.com	216.58.212.173	shared
clients2.google.com	172.217.21.206	whitelisted
ssl.gstatic.com	172.217.18.99	whitelisted
0x1f4b0.com	173.239.8.164 213.247.47.190 173.239.5.6	malicious
srchassist.com	165.22.38.5	unknown
medleysearch.com	142.93.65.89	unknown
www.google.com	172.217.23.100	whitelisted
www.gstatic.com	216.58.212.131	whitelisted
clients1.google.com	216.58.212.142	whitelisted
fonts.gstatic.com	142.250.74.195	whitelisted

Threats

PID	Process	Class	Message
548	chrome.exe	A Network Trojan was detected	ET MALWARE Win32/Zonebac Traffic Redirect

Add for printing

No debug info

General Info

17F644C859B064D42B5445DC26DD16AC

D3EDB04D54FFE1B372F14FDDD1B4FB5805BEE8CA

C9270DF0BB81EEFA3F3F18C3627123BD0C325861B7FF652D58826A61BC9C853B

3:N82LVyIn:20b

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Reads the hosts file

Application launched itself

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings