https://005.0x1f4b0.com

Interactive malware hunting service

General Info

URL: https://005.0x1f4b0.com

Full analysis: https://app.any.run/tasks/f4895086-cbc0-4be8-8d3b-c8b14daf0d45

Verdict: Malicious activity

Analysis date: 10/19/2020, 06:31:23

OS:: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration: 60 seconds

Additional time used: none

Fakenet option: off

Heavy Evaision option: off

MITM proxy: off

Route via Tor: off

Network geolocation: off

Privacy: Public submission

Autoconfirmation of UAC: on

Software preset

Internet Explorer 11.0.9600.17843 KB3058515
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (75.0.3770.100)
Google Update Helper (1.3.34.7)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.7.2 (4.7.03062)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)
srvpost (2.12.72)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Hyphenation Parent Package English
IE Spelling Parent Package English
IE Troubleshooters Package
InternetExplorer Optional Package
InternetExplorer Package TopLevel
KB2533623
KB2534111
KB2639308
KB2729094
KB2731771
KB2786081
KB2834140
KB2882822
KB2888049
KB2999226
KB4019990
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
PlatformUpdate Win7 SRV08R2 Package TopLevel
ProfessionalEdition
UltimateEdition

Behavior activities

MALICIOUS	SUSPICIOUS	INFO
No malicious indicators.	No suspicious indicators.	Application launched itself chrome.exe (PID: 2364) Reads the hosts file chrome.exe (PID: 548) chrome.exe (PID: 2364)

MALICIOUS

SUSPICIOUS

INFO

No malicious indicators.

No suspicious indicators.

Application launched itself

chrome.exe (PID: 2364)

Reads the hosts file

chrome.exe (PID: 548)
chrome.exe (PID: 2364)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Screenshot of unknown taken from 16173 ms from task started

Screenshot of unknown taken from 17185 ms from task started

Screenshot of unknown taken from 24213 ms from task started

Screenshot of unknown taken from 26213 ms from task started

Screenshot of unknown taken from 27214 ms from task started

Screenshot of unknown taken from 30222 ms from task started

Screenshot of unknown taken from 31222 ms from task started

Processes

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

–

Specs description

Program did not start

Integrity level elevation

Task сontains an error or was rebooted

Process has crashed

Task contains several apps running

Executable file was dropped

Debug information is available

Process was injected

Network attacks were detected

Application downloaded the executable file

Actions similar to stealing personal data

Behavior similar to exploiting the vulnerability

Inspected object has sucpicious PE structure

File is detected by antivirus software

CPU overrun

RAM overrun

Process starts the services

Process was added to the startup

Behavior similar to spam

Low-level access to the HDD

Probably Tor was used

System was rebooted

Connects to the network

Known threat

Process information

Click at the process to see the details.

PID: 2364

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://005.0x1f4b0.com"

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators

Parent process: ––

User: admin

Integrity Level: MEDIUM

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\msasn1.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\netutils.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\bcrypt.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\credui.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\lpk.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\hid.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\webio.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\winsta.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\devobj.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\imageres.dll
c:\windows\system32\dui70.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscui.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\wbem\wmiperfinst.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\pdh.dll
c:\windows\system32\slc.dll
c:\windows\system32\duser.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\audioses.dll

PID: 3780

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6c57a9d0,0x6c57a9e0,0x6c57a9ec

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: MEDIUM

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll

PID: 2532

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2312 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: MEDIUM

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_watcher.dll
c:\windows\system32\profapi.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\sechost.dll
c:\windows\system32\winmm.dll

PID: 3304

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4629470173761239950 --mojo-platform-channel-handle=1028 --ignored=" --type=renderer " /prefetch:2

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: LOW

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\windows\system32\version.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\userenv.dll
c:\windows\system32\user32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wintrust.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libglesv2.dll
c:\windows\system32\avrt.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\bcrypt.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libegl.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\evr.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\atl.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\mf.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\devobj.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\slc.dll

PID: 548

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=3053963644404771724 --mojo-platform-channel-handle=1560 /prefetch:8

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators

Parent process: chrome.exe

User: admin

Integrity Level: MEDIUM

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\windows\system32\usp10.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\nsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dwmapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winspool.drv
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\webio.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wininet.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll

PID: 1396

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2147225605237719264 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: LOW

Exit code: 0

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\version.dll
c:\windows\system32\lpk.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\winspool.drv
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\urlmon.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

PID: 1836

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11707906817313112619 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: LOW

Exit code: 0

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\profapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\userenv.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\shlwapi.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\psapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwrite.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\webio.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\winspool.drv
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\cryptbase.dll

PID: 3632

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14461633799689467133 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:1

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: LOW

Exit code: 0

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\systemroot\system32\ntdll.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msctf.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\lpk.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\dhcpcsvc.dll

PID: 3648

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16144111149099795631 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: LOW

Exit code: 0

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\nsi.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\crypt32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\secur32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll

PID: 2528

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16923565546153800361 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:1

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: LOW

Exit code: 0

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\psapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\webio.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\user32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cryptbase.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\userenv.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wintrust.dll

PID: 1692

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=5685694486445106649 --mojo-platform-channel-handle=3452 /prefetch:8

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: MEDIUM

Exit code: 0

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\bcrypt.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shlwapi.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\webio.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\dui70.dll
c:\windows\system32\duser.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\apphelp.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\samcli.dll
c:\windows\system32\hid.dll
c:\windows\system32\winusb.dll
c:\windows\system32\credui.dll
c:\windows\system32\propsys.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\setupapi.dll
c:\program files\common files\microsoft shared\ime14\imejp\imjptip.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\firewallapi.dll
c:\program files\common files\microsoft shared\ime14\imekr\imkrtip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\webcheck.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\windows\system32\wshtcpip.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\mf.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ehstorshell.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\ntshrui.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\slc.dll
c:\windows\system32\wbem\wmiperfinst.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\syncui.dll
c:\windows\system32\cscui.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\cryptext.dll
c:\windows\system32\linkinfo.dll
c:\program files\windows sidebar\sbdrop.dll
c:\windows\system32\stobject.dll
c:\windows\system32\colorui.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\pdh.dll

PID: 2664

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=16758535119959239069 --mojo-platform-channel-handle=3400 --ignored=" --type=renderer " /prefetch:8

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: LOW

Exit code: 0

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\windows\system32\nsi.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\sspicli.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll

PID: 2064

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4641684432257635308 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: LOW

Exit code: 0

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\comdlg32.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\usp10.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

PID: 3988

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17521878373874136172 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1224 /prefetch:1

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: LOW

Exit code: 0

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\dxgi.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\psapi.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\uiautomationcore.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\webio.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\dhcpcsvc.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\profapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\iphlpapi.dll

PID: 1104

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5558360035186200683 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: LOW

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\version.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\crypt32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\msasn1.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\nsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\dbghelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\webio.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\sspicli.dll

PID: 2164

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=461408963281689943 --mojo-platform-channel-handle=3204 /prefetch:2

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: MEDIUM

Exit code: 0

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\avrt.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\sechost.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\evr.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\atl.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\winmm.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\dxva2.dll

PID: 864

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=17204510828989617627 --mojo-platform-channel-handle=2696 /prefetch:8

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: MEDIUM

Exit code: 0

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\systemroot\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\user32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\secur32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\audioses.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\lpk.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winspool.drv
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll

PID: 1968

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17330297457498743307 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: LOW

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\systemroot\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\user32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\userenv.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\webio.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wininet.dll
c:\windows\system32\psapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\secur32.dll

PID: 1788

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=868959671348122390 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: LOW

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winmm.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\normaliz.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

PID: 2416

CMD: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,3603471138826646063,16387016814188915107,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=14492083054849743853 --mojo-platform-channel-handle=936 /prefetch:8

Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Indicators: No indicators

Parent process: chrome.exe

User: admin

Integrity Level: MEDIUM

Exit code: 0

Version:

Company: Google LLC

Description: Google Chrome

Version: 75.0.3770.100

Modules

Image
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\usp10.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\version.dll
c:\windows\system32\msctf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\devobj.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\winspool.drv
c:\windows\system32\normaliz.dll
c:\windows\system32\nsi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wldap32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\twext.dll
c:\windows\system32\acppage.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cscui.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\netutils.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wer.dll
c:\windows\system32\msi.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\devrtl.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\synceng.dll
c:\windows\system32\cscapi.dll
c:\program files\winrar\rarext.dll

Registry activity

Total events

599

Read events

Write events

Delete events

Modification events

PID

Process

Operation

Key

Name

Value

2364

chrome.exe

delete key

HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes

(default)

2364

chrome.exe

delete key

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

(default)

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

failed_count

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

01000000

2364

chrome.exe

write

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}

usagestats

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

metricsid

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

metricsid_enableddate

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

metricsid_installdate

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome

UsageStatsInSample

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

13247562698801625

2364

chrome.exe

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E

LanguageList

en-US

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

blpcfgokakmgnkcojhhkbfbldkacnbeo

C1713309379172CA161C69037F7CB681C2A86DEA8E641A8DAD18A715B037F1F1

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

401E16959FC5898CC0C1DA556BFE8145B47F9C3A1251D0370B238C5210300A69

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

0E265BFED6F1C7D5F0A9BD790C50BB30E78E959631D51EEBB8BB0DE73E65763C

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

ghbmnnjooekpmoecnnnilnnbdlolhkhi

1F03A1E70C673E7F6AD8AF3BC8F5AE130135C4DE37A02971F0D585F7DCD9BDAD

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gfdkimpbcpahaombhbimeihdjnejgicl

D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

mfehgcgbbipciphmccgaenjidiccnmng

63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

00175B8120231631976CA8B862A3416996C9373BA3D289F0619DDA992973DDFA

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

apdfllckaahabafndbhieahigkjlhalf

710A36D140DE0869C021EFC142CEF8A87DE51D170B6693709D6F08ADDC341ABE

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

pkedcjkdefgpdelpbcmbmeomcjbeemfm

963673C3010BA8988CCB93A118A0636FAC14080CE576ECD3907541CBEDD83352

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

pjkljhegncpnkpknbcohdijeoejaedia

A40F4D75930C18143C6826A48604B05E7F01025AD0111860940AB0A0B33923D6

2364

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

5D58C2FED93EFDED578B006CB02BBB8DEC329128E2D098172E1316CDD15254DC

2532

chrome.exe

write

HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes

2364-13247562697645375

259

548

chrome.exe

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E

LanguageList

en-US

1692

chrome.exe

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E

LanguageList

en-US

864

chrome.exe

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E

LanguageList

en-US

2416

chrome.exe

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E

LanguageList

en-US

Files activity

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID

Process

Filename

Type

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

––

MD5: ––

SHA256: ––

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF2d46f1.TMP

text

MD5: 776fee091aa98ea4c8a6d48b0f99d4c8

SHA256: 6cfd5a2deb1ea58dec6f715adaeab0630cf726fc8cd31e37069e8059385ee1f6

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\73091779-551f-4b9a-9fc7-324ebfa9d1b3.tmp

––

MD5: ––

SHA256: ––

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\b4907ca0-6cba-4563-922a-affa76b37b5a.tmp

––

MD5: ––

SHA256: ––

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\27e14a75-7745-447b-8479-336db9043165.tmp

––

MD5: ––

SHA256: ––

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000001.dbtmp

––

MD5: ––

SHA256: ––

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

text

MD5: 20f4f35a259b0d887b60d305d80abb7c

SHA256: 29be54ab227b94e334f023269a070553d12b347e7fc674f7aba04a0b05d4ac5e

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2d9b89.TMP

text

MD5: 20f4f35a259b0d887b60d305d80abb7c

SHA256: 29be54ab227b94e334f023269a070553d12b347e7fc674f7aba04a0b05d4ac5e

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF2e056e.TMP

text

MD5: 507239ac6e2c292064c4086c6757bc5a

SHA256: 9e34184f3579509f43bd5c2aee45d6568f5b0202119c4bfcbfc2dda2dbabdb86

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State

text

MD5: 507239ac6e2c292064c4086c6757bc5a

SHA256: 9e34184f3579509f43bd5c2aee45d6568f5b0202119c4bfcbfc2dda2dbabdb86

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF2d9a7f.TMP

text

MD5: 6fe6fa5a762c8233500af928a6df1318

SHA256: bd8c6255c257270006bddf71b3160f7b786668b419a80bc639acf38f3b852633

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RF2dd14f.TMP

binary

MD5: 6b092e4563002074e000d944142679b1

SHA256: d7c560e410cd5d2117f7d444455700af418ef63f447f1d8470c08e117171554f

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

binary

MD5: 6b092e4563002074e000d944142679b1

SHA256: d7c560e410cd5d2117f7d444455700af418ef63f447f1d8470c08e117171554f

548

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013

compressed

MD5: a58062fd2974927e9c0e74418fb525e5

SHA256: 2cf542fc678dadfdaa5e28918e701e730908daede04d315175a8f2a8b3166f8f

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a2a16f4809ce485f_0

binary

MD5: 1c2fdf4b2c7980550c49098bf610dd14

SHA256: 63f70a5facf7b1174a3843b0bdbbe252455b6699cb9ac24ece7f9d6350353c91

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c4087b87171c1029_0

binary

MD5: 6fb6c82e6e7c639f231461c7e1f8979d

SHA256: 909c69c15a09fd122fc12c32c60f4d02dd9885ed2914823a1004e160339bbc1d

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001

binary

MD5: 5af87dfd673ba2115e2fcf5cfdb727ab

SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\37623272f1e5fcaf_0

binary

MD5: f2449e2c43880307d190a5b612bac1d7

SHA256: 267cd3a3a53a879b93f624ed0d10c2d3036ea8bdc6ac8b5277fe4792581673f5

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

text

MD5: 9ed06e8732b85f512b38d9eb78e1d869

SHA256: 86b7b0173718efe9c801c6a4d4a5221b6a6ec014cc2ab69f4d44401a222d917a

548

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014

compressed

MD5: d2480edaae9e30b53135eac01290565d

SHA256: 7f1e54b317cdbaf44a347da6018bb2e4ddd111bb1f16879053a6fb6ec1576d38

548

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012

image

MD5: 1c421357055f4a0e764ea9bd952cbaec

SHA256: e06e8e245725dd24e2fe71c325bf851cc21c20927500b385ea7cb34449f46050

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

text

MD5: 46295cac801e5d4857d09837238a6394

SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF2d8ff0.TMP

text

MD5: 9ed06e8732b85f512b38d9eb78e1d869

SHA256: 86b7b0173718efe9c801c6a4d4a5221b6a6ec014cc2ab69f4d44401a222d917a

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\10555a64e2553dcb_0

binary

MD5: 190de675d0bab318bf98564e9e9281e9

SHA256: e1d74561a4184a4a8ab5c2ca2f01f4e6e8c46a702f0926db373e4603d0710bfc

548

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\80b46e6a-3573-4998-9823-3d197e15dc63.tmp

––

MD5: ––

SHA256: ––

548

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011

image

MD5: 1d8b56f7e4d54130997fb71c539a2ca2

SHA256: 333a51c87b820fa460fe3b7759b1432dfd8bc48f20c4aab20dd07c252cfda6e9

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d9855cfc-f9e8-4323-b627-bf518e5d365c.tmp

––

MD5: ––

SHA256: ––

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\c0348672-051b-4ea8-b7d2-24ae4a1d8709.tmp

––

MD5: ––

SHA256: ––

548

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010

image

MD5: e95d2a3e4d074efa3651746d0d096487

SHA256: 2406adad4933046b5c3d4ec41c51c62ca30ada72eaa29fb5164081a3f6d5a1dd

548

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF2d7aa3.TMP

text

MD5: df5e7ef598dba454a26e4d550c53f286

SHA256: 04428c9f9596e8492166fcb2d60ca315a4c111dae4d0c797ca5fb0bb27fb4911

548

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity

text

MD5: df5e7ef598dba454a26e4d550c53f286

SHA256: 04428c9f9596e8492166fcb2d60ca315a4c111dae4d0c797ca5fb0bb27fb4911

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2d68c1.TMP

text

MD5: e33e5bf3c0a1d033dd47a03bdfb84897

SHA256: aa11ea604d8e14c8c3fa0cdf23f8750714bb4d36e4b5a3ab9efd19b5e745b4db

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1

––

MD5: ––

SHA256: ––

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old

––

MD5: ––

SHA256: ––

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF2d43f3.TMP

––

MD5: ––

SHA256: ––

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF2d67f6.TMP

text

MD5: 345d5a1a0ad7010766007157cc965cb2

SHA256: 46504e37d6855f29492f5f8a9b8f9b2255b1eabd46777b2e7567a3da74ae1727

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session

binary

MD5: 1b9b3420fab158720b68cd1beb45dfa1

SHA256: 629658a0414baa7a9177f0c685c7b3bef8d504d08f28b6dbd0b6b0234ef0b4cf

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\99ab5c12-f338-40e5-b5f1-1eb7c95da14b.tmp

––

MD5: ––

SHA256: ––

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old

text

MD5: 776fee091aa98ea4c8a6d48b0f99d4c8

SHA256: 6cfd5a2deb1ea58dec6f715adaeab0630cf726fc8cd31e37069e8059385ee1f6

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF2d4aba.TMP

text

MD5: ec302f6b15779508f1f8bdb79778e1af

SHA256: 583a1a451868dab90a46bfcc4e8c8c72c1516c63380e0472fa51c90df970439b

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old

text

MD5: ec302f6b15779508f1f8bdb79778e1af

SHA256: 583a1a451868dab90a46bfcc4e8c8c72c1516c63380e0472fa51c90df970439b

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old

text

MD5: fec3fd9d66370f89b614ce72ae9555cd

SHA256: 6b66890cd9d32d160ea2b21634a2a46499d0c6777a009eaf3ea6b5455d726459

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF2d46c2.TMP

text

MD5: fec3fd9d66370f89b614ce72ae9555cd

SHA256: 6b66890cd9d32d160ea2b21634a2a46499d0c6777a009eaf3ea6b5455d726459

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

binary

MD5: 5b3f829d31ce289bac84e225bbf9bf26

SHA256: 725e15af1e1b7fc387d35d3082d292be51b1d1ec4e5b0532ecd296697b5b21d9

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

binary

MD5: 9fe07a071fda31327fa322b32fca0b7e

SHA256: e02333c0359406998e3fed40b69b61c9d28b2117cf9e6c0239e2e13ec13ba7c8

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

text

MD5: fe70edd1a501fcb3f95d15b09dfc1806

SHA256: 429493e86debf34fb408a35a0c7d3080fec9b93e99a8b39f97090ada1fcb22da

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp

––

MD5: ––

SHA256: ––

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old

text

MD5: 33d5f5b076df84d87591c04629d35599

SHA256: e8aa31384081d2edf8282ef19ebc827d795364856656229e179398733b8a185e

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old

text

MD5: 81bb923a0911de7f4d4db38755abbe7c

SHA256: 4eeb1738eb0576afe2b1c304111153035a70cc2eebf9053b031e71cd698b3318

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old~RF2d4328.TMP

text

MD5: 81bb923a0911de7f4d4db38755abbe7c

SHA256: 4eeb1738eb0576afe2b1c304111153035a70cc2eebf9053b031e71cd698b3318

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old~RF2d4395.TMP

text

MD5: 33d5f5b076df84d87591c04629d35599

SHA256: e8aa31384081d2edf8282ef19ebc827d795364856656229e179398733b8a185e

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old

text

MD5: f1220a80653b6b89b42dfd1b2e8155c3

SHA256: 36bbbc13cc1901cf269b4ce36e2ee08946806dfa58474ae88287ca8e9da9725d

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF2d42da.TMP

text

MD5: f1220a80653b6b89b42dfd1b2e8155c3

SHA256: 36bbbc13cc1901cf269b4ce36e2ee08946806dfa58474ae88287ca8e9da9725d

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF2d42ab.TMP

text

MD5: 74d4db05a4d3e7263e8ae314dedd8df1

SHA256: 67bf9950e818713e054268d40bed61a22d324385ce98e89ddf406a405b870802

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old

text

MD5: 5c7396b94a680035456c18b26ebd8a05

SHA256: 75f182f270af0242d799f42eeffb330178fbc0f637490e7a488679ac3b67b4c2

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old

text

MD5: 73d23e129c733ccc599f9ace77eb7f72

SHA256: 871981ecc6e3324f89cff0a85196cfb4a7c9e97347459aac36bc04243a83eb0b

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old~RF2d427c.TMP

text

MD5: 5c7396b94a680035456c18b26ebd8a05

SHA256: 75f182f270af0242d799f42eeffb330178fbc0f637490e7a488679ac3b67b4c2

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT

text

MD5: 74d4db05a4d3e7263e8ae314dedd8df1

SHA256: 67bf9950e818713e054268d40bed61a22d324385ce98e89ddf406a405b870802

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF2d42ab.TMP

text

MD5: 73d23e129c733ccc599f9ace77eb7f72

SHA256: 871981ecc6e3324f89cff0a85196cfb4a7c9e97347459aac36bc04243a83eb0b

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old

text

MD5: 1c97b70a4bad7c026f79467c7d496afa

SHA256: c5a02e4984de3f30dadfc0a89a93f45418c06653c3962eaa94c93909e51d272d

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f6b1ae1c-68a9-4f59-a22f-549ba56cc1fa.tmp

binary

MD5: 5058f1af8388633f609cadb75a75dc9d

SHA256: cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF2d425d.TMP

––

MD5: ––

SHA256: ––

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F8D32CA-93C.pma

––

MD5: ––

SHA256: ––

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old

text

MD5: 67f45caa18c889645f50cd6216c81e65

SHA256: 33ed82cdddffd55a5059c147c6cd20f66c6712314f890a39576d3c10914d0029

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs

binary

MD5: e815400f953ea8db8a98d52737c9a50d

SHA256: e9f064927a191500b7365f51c9cd0763a6a8e68a8b866aced39aa0e72c3ead85

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old

text

MD5: c2ddba63e4a2bd2e39a8b6c2c6384aae

SHA256: 6d5c1c78341c6f84911055d970addb0ec3499f8bf7fade062122a22209ce67d9

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old

text

MD5: fb5b20517a0d1f7dad485989565bee5e

SHA256: 99405f66edbeb2306f4d0b4469dcadff5293b5e1549c588ccfacea439bb3b101

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old

text

MD5: d4322eebac92d1b8f7a6f5e39f6264b7

SHA256: a3eedf21b850dcc7ce5ae04395ecdd2d29da4ea549c8a185dd9e8b552a87b8c2

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version

text

MD5: 1a89a1bebe6c843c4ff582e7ed33ca1f

SHA256: 65099ca087b66aa8ca420ab121daad713e1db5a61c5a574d9b1c0df24f012520

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF2d41e0.TMP

text

MD5: c2ddba63e4a2bd2e39a8b6c2c6384aae

SHA256: 6d5c1c78341c6f84911055d970addb0ec3499f8bf7fade062122a22209ce67d9

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

binary

MD5: 9c016064a1f864c8140915d77cf3389a

SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787

3780

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma

binary

MD5: b59113c2dcd2d346f31a64f231162ada

SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF2d41e0.TMP

text

MD5: fb5b20517a0d1f7dad485989565bee5e

SHA256: 99405f66edbeb2306f4d0b4469dcadff5293b5e1549c588ccfacea439bb3b101

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF2d41e0.TMP

text

MD5: d4322eebac92d1b8f7a6f5e39f6264b7

SHA256: a3eedf21b850dcc7ce5ae04395ecdd2d29da4ea549c8a185dd9e8b552a87b8c2

2364

chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF2d421e.TMP

text

MD5: 67f45caa18c889645f50cd6216c81e65

SHA256: 33ed82cdddffd55a5059c147c6cd20f66c6712314f890a39576d3c10914d0029

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
548	chrome.exe	POST	200	173.239.8.164:80	http://0x1f4b0.com/	US	text html	12 b 233 b	malicious
548	chrome.exe	GET	200	165.22.38.5:80	http://srchassist.com/lander.php?f=1&p=edmv4&s=edm_DEFAULT&d=0x1f4b0.com&ts=26718152&tsh=207ea3e3160b746ae9d17d7d308d1edf	US	html	788 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	ASN	CN	Reputation
548	chrome.exe	172.217.23.99:443	Google Inc.	US	whitelisted
548	chrome.exe	216.58.212.173:443	Google Inc.	US	whitelisted
548	chrome.exe	172.217.21.206:443	Google Inc.	US	whitelisted
548	chrome.exe	172.217.18.99:443	Google Inc.	US	whitelisted
548	chrome.exe	173.239.8.164:443	Webair Internet Development Company Inc.	US	malicious
––	––	173.239.8.164:80	Webair Internet Development Company Inc.	US	malicious
548	chrome.exe	173.239.8.164:80	Webair Internet Development Company Inc.	US	malicious
548	chrome.exe	165.22.38.5:80		US	unknown
548	chrome.exe	142.93.65.89:443		CA	unknown
548	chrome.exe	172.217.23.100:443	Google Inc.	US	whitelisted
––	––	216.58.212.131:443	Google Inc.	US	whitelisted
548	chrome.exe	216.58.212.131:443	Google Inc.	US	whitelisted
548	chrome.exe	216.58.212.142:443	Google Inc.	US	whitelisted
548	chrome.exe	142.250.74.195:443	Google Inc.	US	whitelisted
548	chrome.exe	213.247.47.190:443	Webair Internet Development Company Inc.	US	malicious

DNS requests

Domain	IP	Reputation
clientservices.googleapis.com	172.217.23.99	shared
accounts.google.com	216.58.212.173	shared
005.0x1f4b0.com	173.239.8.164 213.247.47.190 173.239.5.6	malicious
clients2.google.com	172.217.21.206	whitelisted
ssl.gstatic.com	172.217.18.99	shared
0x1f4b0.com	173.239.8.164 213.247.47.190 173.239.5.6	malicious
srchassist.com	165.22.38.5	unknown
medleysearch.com	142.93.65.89	unknown
www.google.com	172.217.23.100	shared
www.gstatic.com	216.58.212.131	shared
clients1.google.com	216.58.212.142	whitelisted
fonts.gstatic.com	142.250.74.195	shared

Threats

PID	Process	Class	Message
548	chrome.exe	A Network Trojan was detected	ET MALWARE Win32/Zonebac Traffic Redirect

Debug output strings

No debug info.

General Info

Take your security to the next level

Launch configuration

Software preset

Hotfixes

Behavior activities

Screenshots

Processes

Behavior graph

Process information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings

Take your security
to the next level