General Info

URL

http://silantavillage.com/libraries/simplepie/_advice_20191504.jar

Full analysis
https://app.any.run/tasks/66c36317-ad8c-4100-9a6f-1ca2ea046b08
Verdict
Malicious activity
Analysis date
4/15/2019, 11:59:30
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

trojan

rat

qrat

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes the autorun value in the registry
  • reg.exe (PID: 2852)
Connects to CnC server
  • java.exe (PID: 2440)
QRAT was detected
  • java.exe (PID: 2440)
Executes JAVA applets
  • chrome.exe (PID: 2680)
  • javaw.exe (PID: 2508)
Uses REG.EXE to modify Windows registry
  • java.exe (PID: 2440)
Creates files in the user directory
  • java.exe (PID: 2440)
Application launched itself
  • chrome.exe (PID: 2680)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
45
Monitored processes
13
Malicious processes
3
Suspicious processes
0

Behavior graph

+
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs javaw.exe #QRAT java.exe reg.exe chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2680
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://silantavillage.com/libraries/simplepie/_advice_20191504.jar
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\samlib.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\cryptsp.dll
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\winshfhc.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
2000
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6fa10f18,0x6fa10f28,0x6fa10f34
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
1888
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2504 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_watcher.dll

PID
3396
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=968,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=8016973629193070172 --mojo-platform-channel-handle=936 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\73.0.3683.75\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libegl.dll

PID
2396
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=968,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=13333574489058329730 --mojo-platform-channel-handle=1520 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll

PID
3020
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --service-pipe-token=14653279280412748734 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14653279280412748734 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1900 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
4020
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --service-pipe-token=6406123679987131092 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6406123679987131092 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2436
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --service-pipe-token=748739806248117204 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=748739806248117204 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3500
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=968,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=6432009071113214242 --mojo-platform-channel-handle=3012 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
2508
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -jar "C:\Users\admin\Downloads\_advice_20191504.jar"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\sunec.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\java.exe

PID
2440
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\java.exe" -jar C:\Users\admin\.8662562633053142852.jar
Path
C:\Program Files\Java\jre1.8.0_92\bin\java.exe
Indicators
Parent process
javaw.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\sunec.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
2852
CMD
reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v J165806be06f:U61646d696e_s /t REG_SZ /d "\"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe\" -jar \"C:\Users\admin\.8662562633053142852.jar\""
Path
C:\Windows\system32\reg.exe
Indicators
Parent process
java.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Registry Console Tool
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\reg.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3164
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=968,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=13497309284535077869 --mojo-platform-channel-handle=1868 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

Registry activity

Total events
904
Read events
846
Write events
57
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
1888
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2680-13199795984471500
259
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2680
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2680
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2680
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2680
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2680
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2680
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13199795985487125
2680
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307040001000F000A0000000900090300000000
2680
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307040001000F000A00000009000B0300000000
2396
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2852
reg.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
J165806be06f:U61646d696e_s
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -jar "C:\Users\admin\.8662562633053142852.jar"
3164
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3164
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
3164
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
3164
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-4
Mail recipient
3164
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient

Files activity

Executable files
0
Suspicious files
38
Text files
44
Unknown types
1

Dropped files

PID
Process
Filename
Type
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: 6bbca1ed1f2210330968e0de9803455a
SHA256: b12b919404ba4ac990353f8d624c75e237dfd0e8bd8bfe1cb62518091c049d16
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\86f387f2-ac68-4553-89e0-7d07e3e3ff37.tmp
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: 822f18fcb455714a0f57aad707b5fb06
SHA256: 9132776112aac48d2b3668abad28d0a0c90d8f940b515c4c582b3972f0968b91
2440
java.exe
C:\Users\admin\AppData\Local\Temp\155532243383612695616589295673301123591105911\9i7uunbsnfdndhihdobclq7jm\1fpicgsna75ssphsjhprqtt6rn\t0850iah8scoivug7aphr1mtn\crffhs7qe1a98mmvh4m0qqdvp\cu1u3sscr1ke4snj2upkfscuuqlc0h2vimg7mj11p6qikhobmlk
binary
MD5: 433aada04d8a4ae8cb5032f267b92989
SHA256: eab561607f8d07aaddcf946fb3ae62252dd8e41c6e03cc69d2286d7040ed59b4
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1lv7au1hfrmkthga5tkmvlvdkt\mj6h6lhd380ii041gkqrrikgednjaumaqqm1b2tken0v9kusrpi
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: 9364799a3745a79500ca1c0d2ca8895e
SHA256: e77a20f8fd21ac9470d6247e134b1eb45fe5a84344faa315d769f29c5e4a719a
2440
java.exe
C:\Users\admin\AppData\Local\Temp\155532243383612695616589295673301123591105911\9i7uunbsnfdndhihdobclq7jm\1fpicgsna75ssphsjhprqtt6rn\t0850iah8scoivug7aphr1mtn\crffhs7qe1a98mmvh4m0qqdvp\cu1u3sscr1ke4snj2upkfscuus5gkbmmkt6ddkikh83654hca4m
binary
MD5: 08390c44ba365d3a3f3b8ae984ec2525
SHA256: 148c6eff1b66712569e69b882d6e9219ed629dab12a323b96f2267531339aee2
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1lv7au1hfrmkthga5tkmvlvdkt\mj6h6lhd380ii041gkqrrikge9gekfk8arnovsgkg6lk8qtt6m0
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1127e8.TMP
text
MD5: e0bd3da9f8086ac1a5466d2dc8f10884
SHA256: 6e1923b07f144bff68a0af367d13d256aa9f389924c4382a18b4e2cfe1300606
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: e0bd3da9f8086ac1a5466d2dc8f10884
SHA256: 6e1923b07f144bff68a0af367d13d256aa9f389924c4382a18b4e2cfe1300606
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\254797c5-b4ce-45aa-80c9-4c70e022ce6a.tmp
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: d260dd9c5f1c18caa0e7f9d52e4a4b75
SHA256: c0bce1b4b140a73f5a78a024044ec8efc3c00cfbc1b33fcfab116c6911fea37a
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: 766fd43e141b9f0934fe02897df5eeb2
SHA256: fe480f12c67e7fa310cfe78dd55d5c9d5ebfaba9b926fbcc70d608e6825fcbea
2440
java.exe
C:\Users\admin\AppData\Local\Temp\155532242854524125597322905053621118302140908\hprjcbinro4fo6ic5r9v3rd6k\akl3gklesngq9emb38i7h0a5j\38i8lc1d8ppsv7vlbqe16mi6v\207dohun1vod6pmoe9hfpvf943\brr47i2aim1v2lv3447gkslsn3pghjj5tt6igu0uh1ec24khh3l
binary
MD5: 75bdbe9d444796cd4c864f25a213f263
SHA256: 388e24ced4f28f0094c76a76e736b110f4ccc10ac3c22145e81ae226a83adfa8
2440
java.exe
C:\Users\admin\AppData\Local\Temp\155532242854524125597322905053621118302140908\hprjcbinro4fo6ic5r9v3rd6k\akl3gklesngq9emb38i7h0a5j\38i8lc1d8ppsv7vlbqe16mi6v\207dohun1vod6pmoe9hfpvf943\brr47i2aim1v2lv3447gkslsn2re1qfpmv0kbsg54jmk6rasceh
binary
MD5: bd7a022e89a5c5032636e6ca4c1b4ea1
SHA256: 4d8b313219616829135d51c6b8bda21d3ab7c878ec35e664248c9513760fa406
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: bd2fd1f47ee74b4a9d631b1e467f1cbd
SHA256: 0c1725a5d14c0c6970b24ce08cdc4aef8a5fb6e69ac500cb9fa18464fe976c9a
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: 62cf3b29e34b0bffadeee302b57fc92a
SHA256: 75b9a5b0bbdcc6d6ab62f4714de9430510dfd16fb1e9444c984e856cc650b709
2440
java.exe
C:\Users\admin\AppData\Local\Temp\15553224235243088898610127537871113259069981\1p7san1oph6r07iqud307tvaoe\3d8pjhp3qfor6gvl25la24mt7c\1v4jc7o9pepfmdvk10vt193b7o\rq2q1kttdj81knf6ij5n6o1jd\77b34ab8e6jk6ingbdu6efcmhhenh75ncrq85j0fg3o61ecnh3e
binary
MD5: a20bba22cbcd161824d592ce19c1bd28
SHA256: 285ff4d9942648a78a49e9c2012b7b55921549e390d67d4cde679f31e27a7d71
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: 65d19c9d4f38e1b9134609b344c7964b
SHA256: 47f99c5a5eddbf4726afb866de44a0343dc8cf3c2a74693f3466c28f6a946990
2440
java.exe
C:\Users\admin\AppData\Local\Temp\15553224235243088898610127537871113259069981\1p7san1oph6r07iqud307tvaoe\3d8pjhp3qfor6gvl25la24mt7c\1v4jc7o9pepfmdvk10vt193b7o\rq2q1kttdj81knf6ij5n6o1jd\77b34ab8e6jk6ingbdu6efcmhkb3pi4uip8ud576cfofk2lkkv6
binary
MD5: 49d23f9e017578822fc7bef3da32f490
SHA256: 360212d38ece043246666855eb55bae5f8a9fc20d4509ca6abd501c3e22614a9
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: bafd897dc22e9dc09e4db77de6d2c4f7
SHA256: 87efd9cdba76d60686a3b10f7f87ff2ba489d05b9b1c72d4afa292efee7481d3
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1100d8.TMP
text
MD5: bafd897dc22e9dc09e4db77de6d2c4f7
SHA256: 87efd9cdba76d60686a3b10f7f87ff2ba489d05b9b1c72d4afa292efee7481d3
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e1b92382-cffb-43f3-8371-a4e7cf8de115.tmp
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: 96cab9b2a0b5617a055879a433af298b
SHA256: f6f5cb95d140994ecf01d6868d034156081f82fbca6832838fa457aeda66c78f
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: 5a2f5fbd2b9cae2a2829e15fa4fe4ee1
SHA256: 3e7df87d7917885193f8031b6457e5d0ed692331c1ee57ba61caca1c4dd0a851
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g38fbhjbebt0nhbnkobhtt5qgoj8\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\1nf4sbi2fcuh9gal68jpt0n48g\3417d4iitkbs6nibujeria7k5v\99gakmb9cg32uek6t79pe0is5iumdsg5hqoeec2qshl3rcmeqh0
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g3ep4g7vuah4dqbutl1jfcanl3d4\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\1nf4sbi2fcuh9gal68jpt0n48g\3417d4iitkbs6nibujeria7k5v\99gakmb9cg32uek6t79pe0is5iumdsg5hqoeec2qshl3rcmeqh0
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g38fbhjbebt0nhbnkobhtt5qgoj8\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\vlc3arg9t0dhfo3s9e54kj5n9nmro124f518bbu2pap26550ki
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g3ep4g7vuah4dqbutl1jfcanl3d4\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\vlc3arg9t0dhfo3s9e54kj5n9nmro124f518bbu2pap26550ki
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g38fbhjbebt0nhbnkobhtt5qgoj8\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\23f4j6eltk2nq3nj4m9ks0vj4b\hpr8ior43tsfainsgml3at3g8e2jdfbi00mpv8qv9ehs5ktd2fk
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g3ep4g7vuah4dqbutl1jfcanl3d4\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\23f4j6eltk2nq3nj4m9ks0vj4b\hpr8ior43tsfainsgml3at3g8e2jdfbi00mpv8qv9ehs5ktd2fk
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g38fbhjbebt0nhbnkobhtt5qgoj8\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\4eeq4m6p0vf3qklv45l8qn8s22hkjol8sr1qpoue389q37kp94hg8i8uo19up1d8lshbv8bnupd1h
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g3ep4g7vuah4dqbutl1jfcanl3d4\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\4eeq4m6p0vf3qklv45l8qn8s22hkjol8sr1qpoue389q37kp94hg8i8uo19up1d8lshbv8bnupd1h
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\AppData\Local\Temp\155532241782088763012156760227871107561346254\2fv24478ecj2gh81d6tm25p9ro\1630ao3nvhppl4quiqhsdl6p0q\25ln16alupcrpvomtirm8sdc4e\p15g222aubt1f3p487nt1b92\5oiqeates2kgvlojjaukqv8r856eu68pvcv0m33ekioiune1qhi
binary
MD5: 709f9d366a35f3758d793a4010bb58ee
SHA256: 4a03ad3e1d6a529569e975e95969a239b7c261b41eb2e710ee301468a4a58b56
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g38fbhjbebt0nhbnkobhtt5qgoj8\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\4eeq4m6p0vf3qklv45l8qn8s22b6irfr4d77dktjj80n5tp9dbt4k1e9g9ll46vtu41ckve2kched
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g3ep4g7vuah4dqbutl1jfcanl3d4\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\4eeq4m6p0vf3qklv45l8qn8s22b6irfr4d77dktjj80n5tp9dbt4k1e9g9ll46vtu41ckve2kched
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g3ep4g7vuah4dqbutl1jfcanl3d4\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\13jmh5hm87roul5fp1da6lq70gipkmrup39prd7csq05pfeabav8f37s2ba4fsvm9lgtkc17eoftegksbeon7tua1hq4e1ppgojajda
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g38fbhjbebt0nhbnkobhtt5qgoj8\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\13jmh5hm87roul5fp1da6lq70gipkmrup39prd7csq05pfeabav8f37s2ba4fsvm9lgtkc17eoftegksbeon7tua1hq4e1ppgojajda
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g38fbhjbebt0nhbnkobhtt5qgoj8\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\4eeq4m6p0vf3qklv45l8qn8s22b6irfr4d77dktjj80n5tp9dbt4b3qat6klfp2jgdvp0cpi588ph
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\1apvog2n679l0dniu574msal1q\116kqb1br9l142m9pnhd105lvu4pmj4d5q6fl0vaqo60qvnnascj0npf5vvplohsct4gm3um2r4b1\9emfcfrjejb51f3q2ttq3n8g3ep4g7vuah4dqbutl1jfcanl3d4\7csirq9bij3sefke9et9ddauk\27p47dvcd24tqaat0pjudqjo9s\314qnvrrmvpv9qdh42a8c6svf4\1u1v5du03jtjpudq8sfvbohv04\5jemhlaoo1hq0pl4q77vf4f6hkkuqhdu17estlu57cuf9oqpl88\4eeq4m6p0vf3qklv45l8qn8s22b6irfr4d77dktjj80n5tp9dbt4b3qat6klfp2jgdvp0cpi588ph
––
MD5:  ––
SHA256:  ––
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: 5aab809edd5f95bcf40a4d9414e2e06b
SHA256: beff788c8ba9afb37e5515cb8afcf2a51051f810d768e111bc77d66704ff71d9
2440
java.exe
C:\Users\admin\AppData\Local\Temp\155532241782088763012156760227871107561346254\2fv24478ecj2gh81d6tm25p9ro\1630ao3nvhppl4quiqhsdl6p0q\25ln16alupcrpvomtirm8sdc4e\p15g222aubt1f3p487nt1b92\5oiqeates2kgvlojjaukqv8r85iec7tudhruemdq5d585j61m4c
binary
MD5: eca807594d6c55ec0a94cb4a2110c0cd
SHA256: f0506c0fc0edaf056c545f5840ab77273eed0f050b0c3b996f1ea5d27eade306
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: f93404e2ef80e30d81983eafd629f5e7
SHA256: e267f8e47934fb995f32342b49a761e4a07e68935db9218851e6b60cfe9bd182
2440
java.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\83aa4cc77f591dfc2374580bbd95f6ba_90059c37-1320-41a4-b58d-2b75a9850d2f
dbf
MD5: c8366ae350e7019aefc9d1e6e6a498c6
SHA256: 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: a52093552219435d13d5f0cafd4259db
SHA256: 95bf9dac0e117a35f050308d19f6f0170a13c7b0dd031c5a5bb214ac1ce51caa
2440
java.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: b91f69c22b420e687a919b7e8cbb5c48
SHA256: 486d791ed1df4ae97bb59ae608767a22b88597ef409c9c94a3a3c986ec9e16e2
2508
javaw.exe
C:\Users\admin\.8662562633053142852.jar
compressed
MD5: 5c112f2debc05e98f0fad1c532099243
SHA256: 506cbccd89b5a4743b174ee8ab4cd46ce7cf84627006d5f44f89a17d3c28d63d
2508
javaw.exe
C:\Users\admin\5C80808AB7785187AFB1D5EBABE9903D
compressed
MD5: e0e47c1fe053f70fa6feca20d8c3cb2c
SHA256: 5c6dae050ceb71774a5fc82ce6e3f0392daf0ffa9ec3596f70d4d07ee50b8970
2508
javaw.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 54cdd41f43b4a63d10d533f7904523f2
SHA256: 5df042da398893c44733ba33de55683846b06e0afb6985c4ffd717940b7da595
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: a8b275dd5e8b3d951d88efa5aea25fae
SHA256: 581449aed48d2e00666706c2c822f95134a6b29fa4a9a7115fa80567b657416a
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF10caf3.TMP
binary
MD5: a8b275dd5e8b3d951d88efa5aea25fae
SHA256: 581449aed48d2e00666706c2c822f95134a6b29fa4a9a7115fa80567b657416a
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\6ecfa005-ad04-43eb-b66c-b0a115da1265.tmp
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 0483bec3b1167bef0091cb0796314289
SHA256: aa254f88dd77bfc02ecdd7773b590d80a349b1c03320f23c42a5a560a3ef63ed
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF10c843.TMP
text
MD5: 0483bec3b1167bef0091cb0796314289
SHA256: aa254f88dd77bfc02ecdd7773b590d80a349b1c03320f23c42a5a560a3ef63ed
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\cfef9079-f902-4c96-9bdd-5c15583c55ee.tmp
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: e9d6088836623ff0b4d6fa887d403f15
SHA256: a0d76a0395794f96343af57c8a55286fc66024d1c3684704f007778e312f2e13
2440
java.exe
C:\Users\admin\7gdsqq65r8vq4\ua5r66gan52rpc2ol7jir3pim\5hdq9lg39v81p81clp6c98hdcahhh675872ofq91s9umcj0dnrs
binary
MD5: 2e74644ce195e86913a439b3b080ce9b
SHA256: f848049959f16f72a1cbcceb46bc2601fc762934e9197e48bea8f373cfd5f10f
2680
chrome.exe
C:\Users\admin\Downloads\_advice_20191504.jar:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2680
chrome.exe
C:\Users\admin\Downloads\_advice_20191504.jar
compressed
MD5: 5c112f2debc05e98f0fad1c532099243
SHA256: 506cbccd89b5a4743b174ee8ab4cd46ce7cf84627006d5f44f89a17d3c28d63d
2396
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 770f5342d0009dcf9407d0f2cd6d41a0
SHA256: baea7dea009ca8c32f219600f76c0dd0652eefa514ca2f1cce758f33658796ce
2396
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF108f80.TMP
text
MD5: 770f5342d0009dcf9407d0f2cd6d41a0
SHA256: baea7dea009ca8c32f219600f76c0dd0652eefa514ca2f1cce758f33658796ce
2396
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\838dc4a8-db32-4a19-bd3a-be956bf377a2.tmp
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF108b1b.TMP
text
MD5: 91a9d3020374df54786a008112454937
SHA256: 5d77135fa927602edd770c46eb346a57321803679d7ea65235dfbd78704c8c35
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 91a9d3020374df54786a008112454937
SHA256: 5d77135fa927602edd770c46eb346a57321803679d7ea65235dfbd78704c8c35
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\3f55a76e-8969-4698-891d-e9c85fcaba9d.tmp
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF108acd.TMP
text
MD5: 8db541e7496222cde98a525d45211de9
SHA256: 619b9918c2d247cfb1ed5f001154f376df50d0931bafea59cbc3854f93d27245
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 8db541e7496222cde98a525d45211de9
SHA256: 619b9918c2d247cfb1ed5f001154f376df50d0931bafea59cbc3854f93d27245
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\a2604314-5634-420c-bf3d-b19a801f2c7a.tmp
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 48643.crdownload
compressed
MD5: 5c112f2debc05e98f0fad1c532099243
SHA256: 506cbccd89b5a4743b174ee8ab4cd46ce7cf84627006d5f44f89a17d3c28d63d
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000001.dbtmp
––
MD5:  ––
SHA256:  ––
2396
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
compressed
MD5: 3e2b5a324e357286b1ac17d68ad9be37
SHA256: c9d86a2fea2ac4f84df5372c55482b47ac4514517979bfc6a79dff0179ab3e9e
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
2680
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 48643.crdownload
compressed
MD5: bd7de00428664a067f19b907d06a6ed2
SHA256: 9018ff12659b45ce5b8f8e6e57b91d8588c0c4ff15d136b1e84a594c5e4a7a49
2680
chrome.exe
C:\Users\admin\Downloads\5b96b58d-90bf-4652-add2-b36b4919a4d2.tmp
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT~RF1068be.TMP
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF1068af.TMP
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF106870.TMP
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
2396
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
2396
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
––
MD5:  ––
SHA256:  ––
2396
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
––
MD5:  ––
SHA256:  ––
2396
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
––
MD5:  ––
SHA256:  ––
2396
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF1064e6.TMP
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF106498.TMP
text
MD5: c5a804a5780cfc948a8db73979de968b
SHA256: 2c6f183b3e9dfa1bdf791091ad09cdcb079307d23864dbc07c81f280aa7d9227
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: c5a804a5780cfc948a8db73979de968b
SHA256: 2c6f183b3e9dfa1bdf791091ad09cdcb079307d23864dbc07c81f280aa7d9227
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e9c065d2-94a2-4b84-a7fc-5f3b5e83b508.tmp
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: 70f27bb5ff84782e8065f81ee64e6008
SHA256: fd5dd0c6f1056c6ee6c2d29bd31653abb589e7d528957942e65b3972b7ecb4e9
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF106478.TMP
text
MD5: 768258eee3510091c97ade3bca3dc828
SHA256: 1f00cceba22a3fa7d0fffdebb99b95f0dfe19d2cda162abc09fc0d8a6e8ff21d
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 768258eee3510091c97ade3bca3dc828
SHA256: 1f00cceba22a3fa7d0fffdebb99b95f0dfe19d2cda162abc09fc0d8a6e8ff21d
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: 007e2c8f160468cc5a8b6c225f0ac40c
SHA256: 7f09cf7ac785c12f0062eb23854505c4ed396c6522eca7109b43ad5cc1a5f74b
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
––
MD5:  ––
SHA256:  ––
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: f679598350690f14a2479935d826682b
SHA256: 4e7e1987eaf5ec751eb16b9f7cbae1c55873f1afe8e2b52416ed454f4efbf239
2000
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
2680
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
2
TCP/UDP connections
42
DNS requests
6
Threats
41

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2396 chrome.exe GET 200 27.254.85.195:80 http://silantavillage.com/libraries/simplepie/_advice_20191504.jar TH
compressed
unknown
2508 javaw.exe GET 200 151.101.120.209:80 http://central.maven.org/maven2/org/mozilla/rhino/1.7.7.2/rhino-1.7.7.2.jar US
compressed
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2396 chrome.exe 216.58.207.67:443 Google Inc. US whitelisted
2396 chrome.exe 27.254.85.195:80 CS LOXINFO Public Company Limited. TH unknown
2396 chrome.exe 216.58.207.45:443 Google Inc. US whitelisted
2396 chrome.exe 172.217.23.174:443 Google Inc. US whitelisted
–– –– 172.217.16.131:443 Google Inc. US whitelisted
2508 javaw.exe 151.101.120.209:80 Fastly US suspicious
2440 java.exe 179.43.156.194:2008 Private Layer INC CH malicious
–– –– 179.43.156.194:2008 Private Layer INC CH malicious

DNS requests

Domain IP Reputation
clientservices.googleapis.com 216.58.207.67
whitelisted
silantavillage.com 27.254.85.195
unknown
accounts.google.com 216.58.207.45
shared
sb-ssl.google.com 172.217.23.174
whitelisted
ssl.gstatic.com 172.217.16.131
whitelisted
central.maven.org 151.101.120.209
suspicious

Threats

PID Process Class Message
2396 chrome.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions
2508 javaw.exe A Network Trojan was detected ET INFO JAVA - Java Archive Download
2440 java.exe A Network Trojan was detected ET TROJAN Java/QRat Variant Checkin
2440 java.exe A Network Trojan was detected ET TROJAN QRat.Java.RAT Post-Checkin Request
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected ET TROJAN QRat.Java.RAT Checkin Response
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected ET TROJAN Java/QRat Variant Checkin
2440 java.exe A Network Trojan was detected ET TROJAN QRat.Java.RAT Post-Checkin Request
2440 java.exe A Network Trojan was detected ET TROJAN [PTsecurity] QRat.Java.RAT (state_alive)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected ET TROJAN QRat.Java.RAT Checkin Response
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected ET TROJAN Java/QRat Variant Checkin
2440 java.exe A Network Trojan was detected ET TROJAN QRat.Java.RAT Post-Checkin Request
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected ET TROJAN QRat.Java.RAT Checkin Response
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected ET TROJAN Java/QRat Variant Checkin
2440 java.exe A Network Trojan was detected ET TROJAN QRat.Java.RAT Post-Checkin Request
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected ET TROJAN QRat.Java.RAT Checkin Response
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected MALWARE [PTsecurity] QRat.Java.RAT (command_start)
2440 java.exe A Network Trojan was detected ET TROJAN Java/QRat Variant Checkin
2440 java.exe A Network Trojan was detected ET TROJAN QRat.Java.RAT Post-Checkin Request

Debug output strings

No debug info.