General Info

File name

[email protected]

Full analysis
https://app.any.run/tasks/30b18f5e-1fab-4a63-a58f-91da08803ee2
Verdict
Malicious activity
Analysis date
14/01/2022, 19:59:06
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
text/html
File info:
HTML document, ASCII text, with very long lines, with CRLF line terminators
MD5

59d49d263bb8bf998ccf010d64b2d400

SHA1

753b2162098fe4fad292c945c93410d3ede0f23f

SHA256

d10b1c12359d1d1a8383a74bec31ea64ec283c133385d1aae321e23c1b9dfdc2

SSDEEP

192:IttNuyhY+vKb3Q2sEg50LO3gg+5PprfiMX7XFQ+:mZKrQSg50L3h1JbrXFz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 120)
  • iexplore.exe (PID: 3760)
Modifies files in Chrome extension folder
  • chrome.exe (PID: 3028)
Reads the computer name
  • iexplore.exe (PID: 120)
  • iexplore.exe (PID: 3760)
  • iexplore.exe (PID: 2204)
  • iexplore.exe (PID: 3108)
  • chrome.exe (PID: 3028)
  • chrome.exe (PID: 276)
  • chrome.exe (PID: 1084)
  • chrome.exe (PID: 3192)
  • chrome.exe (PID: 992)
  • chrome.exe (PID: 1092)
  • chrome.exe (PID: 3136)
  • chrome.exe (PID: 2740)
Reads settings of System Certificates
  • iexplore.exe (PID: 2204)
  • chrome.exe (PID: 1084)
Reads the date of Windows installation
  • iexplore.exe (PID: 2204)
  • chrome.exe (PID: 3136)
Checks supported languages
  • iexplore.exe (PID: 3760)
  • iexplore.exe (PID: 2204)
  • iexplore.exe (PID: 120)
  • iexplore.exe (PID: 3108)
  • chrome.exe (PID: 3028)
  • chrome.exe (PID: 3436)
  • chrome.exe (PID: 1084)
  • chrome.exe (PID: 2824)
  • chrome.exe (PID: 2288)
  • chrome.exe (PID: 276)
  • chrome.exe (PID: 2508)
  • chrome.exe (PID: 992)
  • chrome.exe (PID: 2708)
  • chrome.exe (PID: 3644)
  • chrome.exe (PID: 2496)
  • chrome.exe (PID: 3192)
  • chrome.exe (PID: 2816)
  • chrome.exe (PID: 2264)
  • chrome.exe (PID: 3388)
  • chrome.exe (PID: 3136)
  • chrome.exe (PID: 2740)
  • chrome.exe (PID: 3776)
  • chrome.exe (PID: 892)
  • chrome.exe (PID: 2948)
  • chrome.exe (PID: 1092)
  • chrome.exe (PID: 3460)
  • chrome.exe (PID: 3960)
  • chrome.exe (PID: 3320)
  • chrome.exe (PID: 4032)
  • chrome.exe (PID: 1576)
  • chrome.exe (PID: 2868)
  • chrome.exe (PID: 3316)
  • chrome.exe (PID: 2660)
  • chrome.exe (PID: 3440)
  • chrome.exe (PID: 3480)
Application launched itself
  • iexplore.exe (PID: 2204)
  • iexplore.exe (PID: 3760)
  • chrome.exe (PID: 3028)
Reads internet explorer settings
  • iexplore.exe (PID: 3760)
  • iexplore.exe (PID: 120)
Changes internet zones settings
  • iexplore.exe (PID: 2204)
Checks Windows Trust Settings
  • iexplore.exe (PID: 2204)
Manual execution by user
  • chrome.exe (PID: 3028)
Reads the hosts file
  • chrome.exe (PID: 1084)
  • chrome.exe (PID: 3028)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.html
|   HyperText Markup Language (100%)

Screenshots

Processes

Total processes
73
Monitored processes
35
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs chrome.exe chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2204
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\AppData\Local\Temp\[email protected]"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\winhttp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\propsys.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ieui.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mswsock.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\duser.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\dui70.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\url.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\mlang.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\schannel.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\linkinfo.dll

PID
3760
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2204 CREDAT:144385 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\imm32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\winhttp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\version.dll
c:\windows\system32\ieui.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\oleaut32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iphlpapi.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\profapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\devobj.dll
c:\windows\system32\userenv.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mshtml.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\sxs.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\mlang.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\propsys.dll

PID
3108
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2204 CREDAT:333057 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\usp10.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\version.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\webio.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\userenv.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\winhttp.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\bcryptprimitives.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\bcrypt.dll

PID
120
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2204 CREDAT:144390 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\propsys.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\msctf.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\advapi32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winhttp.dll
c:\program files\internet explorer\ieshims.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\comdlg32.dll

PID
3028
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\user32.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\webio.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\netapi32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wpc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\samlib.dll
c:\windows\system32\dui70.dll
c:\windows\system32\duser.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\imageres.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\mscms.dll
c:\windows\system32\cscui.dll
c:\windows\system32\slc.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mfreadwrite.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\mf.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\wship6.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\uxtheme.dll
c:\windows\system32\qmgrprxy.dll

PID
3436
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e70d988,0x6e70d998,0x6e70d9a4
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\lpk.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\user32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll

PID
1084
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1332 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\user32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\webio.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ntmarta.dll

PID
276
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1028 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\winmm.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\atl.dll
c:\windows\system32\evr.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dxgi.dll
c:\program files\google\chrome\application\86.0.4240.198\libglesv2.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\winspool.drv
c:\windows\system32\slc.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\secur32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msmpeg2vdec.dll
c:\program files\google\chrome\application\86.0.4240.198\libegl.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\webio.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll

PID
2824
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\nsi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\psapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll

PID
2496
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\webio.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ws2_32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dhcpcsvc.dll

PID
2816
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winmm.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\webio.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wintrust.dll

PID
2708
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\msctf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winmm.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dbghelp.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\psapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\secur32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\imm32.dll

PID
2288
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oleaut32.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\shell32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll

PID
3192
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1144 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\atl.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wintrust.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\profapi.dll
c:\program files\google\chrome\application\86.0.4240.198\swiftshader\libglesv2.dll
c:\windows\system32\avrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ddraw.dll
c:\program files\google\chrome\application\86.0.4240.198\swiftshader\libegl.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\webio.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winspool.drv
c:\windows\system32\secur32.dll
c:\windows\system32\slc.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\evr.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\mf.dll

PID
2508
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll

PID
992
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2968 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\iphlpapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\nsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\cscui.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\slc.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mf.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mfreadwrite.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\winsta.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\windows\system32\firewallapi.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\windows\system32\wship6.dll
c:\windows\system32\webcheck.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\bthprops.cpl
c:\program files\microsoft office\office14\visshe.dll
c:\windows\system32\shdocvw.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\program files\microsoft office\office14\mlshext.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wevtapi.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\uxtheme.dll
c:\program files\windows sidebar\sbdrop.dll
c:\program files\common files\microsoft shared\ime14\imejp\imjptip.dll
c:\program files\common files\microsoft shared\ime14\imekr\imkrtip.dll
c:\windows\system32\syncui.dll
c:\windows\system32\colorui.dll
c:\windows\system32\cryptext.dll
c:\windows\system32\stobject.dll

PID
3644
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1948 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winnsi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptbase.dll

PID
892
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1960 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\usp10.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wintrust.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\webio.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll

PID
3388
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\advapi32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\nsi.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cryptbase.dll

PID
2264
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\webio.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleacc.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winspool.drv

PID
3460
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\nsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\webio.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\profapi.dll

PID
1092
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\advapi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\nsi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\winnsi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\crypt32.dll

PID
3136
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1040 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\ws2_32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cfgmgr32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\winnsi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\devobj.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\webio.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\imm32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\version.dll
c:\windows\system32\msctf.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\apphelp.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\twext.dll
c:\windows\system32\syncui.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\slc.dll
c:\windows\system32\netutils.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\acppage.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\sfc.dll
c:\windows\system32\cscui.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\wer.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\synceng.dll
c:\windows\system32\uxtheme.dll

PID
3776
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\psapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oleaut32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\webio.dll
c:\windows\system32\nsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winhttp.dll

PID
2740
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\shell32.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\psapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\version.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll

PID
2948
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1564 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winspool.drv
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\user32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shell32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\dbghelp.dll

PID
3316
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\imm32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uiautomationcore.dll

PID
3960
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1492 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\user32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cryptbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\webio.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winspool.drv
c:\windows\system32\crypt32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\msasn1.dll

PID
3320
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1864 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\version.dll
c:\windows\system32\sechost.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\secur32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nsi.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll

PID
4032
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2336 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\user32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\nsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dwrite.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\userenv.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\psapi.dll

PID
3440
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\imm32.dll
c:\windows\system32\version.dll
c:\windows\system32\msctf.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\webio.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sechost.dll

PID
3480
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\version.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\webio.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winspool.drv

PID
2868
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\user32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\lpk.dll
c:\windows\system32\winmm.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\psapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\nsi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\webio.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\kernelbase.dll

PID
1576
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\userenv.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\psapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dwrite.dll

PID
2660
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,1540497121941448815,12912317924080517459,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2332 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\webio.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dhcpcsvc.dll

Registry activity

Total events
24136
Read events
0
Write events
298
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
833619200
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935425
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
D0F9C7318109D801
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935425
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{6F558719-7574-11EC-BB61-12A9866C77DE}
0
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
2A5CCA318109D801
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E0013003B000900A203
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E0013003B000900A203
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E0013003B000900A203
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E0013003B000900B103
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
26
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
26
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E0013003B000A009E01
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
26
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E0013003B000A009E01
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
26
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E0013003B000A009E01
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
26
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E0013003B000A009E01
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
26
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
26
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
26
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
A0B43C328109D801
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000B92344068FDFA24FBD3B4FA6DAFE96F7000000000200000000001066000000010000200000000F2F8BF74E8DC6070470C835195C868BADE8BD5911D8E0A9A19C36DFC98A4CDF000000000E800000000200002000000007CD6D8F9BF61B38B08C60533CB22D8D7F1BF23BAF9F0B3374D1A8A3F112A82820000000D298D21FA2E8F78E3EBF0EFF785BDC970EEFE8B766312EE1AC934CC22D6129D140000000B2161160F4F69C79887BF1CC9A52D96575CDD6D0EDF9AB2FF4C390AE6ABC41D9A5C9DEF9C56128006CEDCC7C868727134E101FA959348365277BF59107E8ACFC
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E0013003B000D00400101000000644EA2EF78B0D01189E400C04FC9E26E
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E0013003B000D00340300000000
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A607000008404790ABFE6AFCC60E8C729407B3084DE30AA4D5244AA2646CD9393F722674D0CBB75C537BE1CBCA3895F3119CD611E49DC2D12816FB6CD938EE51CE2C5D68FA3CB0E495481CBBFC6F6B6822175A55F3CCFEE84EA82C435F2233434E9080E54EB26F5DC007FBC7DAD35212350BA46424917A1E677B2DC48D48AF72CC3C9B05114D08AC66572FA3D584C29E2B1815E9580A0A734D2F1EFC6BCC9985C1D1F669B62C8630B6D7D56CDEA29C0A33DE63E88C588BE0956433E3FDCC35F624F09889B3713ED49F29C86EF34DAC5BE1FCAB9BF89B18D3CEBA3FE45B6A7371C5370D93483B117151EC40F3A8A4EE29BD142BD830F460F7CDD18E78F1C48A07594821D766AA918582BF302665CBEBF7DEC5A803E181A3566E4AFDD30BFCE42FBFC1A9C963DE993AEB44AA087BDD235AC0AF849AAD63E4C43CC3E99B8B306B938B43B28EB0F6FFB55E1A4E717FFC69F2F072264971BB589B1DDDEBB51382B6B25C6F9319CC1447BE8DE069216F483E3312AE188D19A745C5FA38FF1E86106E55A0E33CDC1C5790B2B638D6E44BE1A1FE670366F3CD48791EE8741DD7E2FC7CC75941CC0316DF84CD5CC16DC742E7A5092C11AED59CBE441BDA3152DE6765C4ECA327364897CBDEB8931A5A545B7A7B174578A8B9412A22CB7C106339F56AF1216837C74BAE3D8570E6E50CEB5DBA1CFF61D8D031FFAA682052AFC2106D2D09E90A0F4C87E154BE7C45C1F62127C7D3899AD0C155B85FDE8D79AF54DCE9CCF2709C50AFCA19301F70804D8E347AC18113C30231C8776AEAF4D2B04C981F69B2DC399B164A18F11FC07B2B518D26C80C0ABD0DD24E73E950E0D852C014C1222A6CC38E1D3D8EB6E9E90DFACE5035FC9B329A9124F7C1FD9311A535FA4E5619126878CB300ED3A175E1AE599A04107D0CC2F52E18CE89C6085D92F923D9BB6CBEE402F0E11513D1A6DC3AEA0142476BA346EA8476266665B0D6543F515A223D814FFF9E3FEC77662465564CAF753BE6B25F3933996C4CF8864D69A50C12B5AABBD4147630483180C2BCC31E5FB37A0E0E4655DB0A93B0A04B1A07CC5D7A71D58C88DE16756BBF3E0E910902A299EC03CC26131CF903637EE239B05464EB83DC566F6320BD1FF8C27C0162978443F1E520464096A02626B051BAAFDD34590BE133481432FF4B252B73F2C87CC04AF1D45CFF44E9687CB157F8788A075F208402363189ED90094F99F8B34553F7D9D5F03387B8B48A3FAD93AA2B44731EDB4E612A166FF24C5C8B2B9BF25EBBD0CF93590588DD9928A02C8549C13FBF2551721DB3F0C1DFA2689F03F500C453D4F1DD2FBF88A73773861A4B900B498CC46EE155DDDA36560A471D40856629BD622EDA924124DC2E85E9C70618BBEA7A824F642BD4ECE9F5E0622502B3C96E984FEEC7A2FC15E61E8CB967D737AEFE296A5CB3BD81EF8C5D87637A69431FC3838179AD7FAE0C5BA79E5203DCC28A9239E16F6F2DCBDD1F2FB8B28394B43175201A68A9494A583069FD83A5361BAD074BF416AE992830B9090184ECA5DF768B0DD224FD20395F3A046526AB05D2634DFD3DD7582392040F8D20780FBB56308CEC2B7FBF2481E64718BD434C6AA67B26F0CA8BC5E96909EC5947C85AF675E4235CE84F8775242E70456ACE1183AB1B0CC4D8CE250DE83DB80E4506DD75A21E96FC14289833ADD46D2B06E3DB71AEF28119B57281AD4087144DBE6AF15A7689D56E9918A67EA292CB6993A59F545BB49A8F3F1067EB660CC1B4B3B380C42A4A4351067F8E764EC3A5A1C5A26B4D8CE396C6FE9DB7E516694BE54D9326D376C3C5448BEC6D3C10BA9272D4C8FF7A8AF0735F8F1907BD90ADE17E84AC2FA7F386E6E94B1678EE24F0987C1EECA7FC65A626F8B5478D91FE2FAD209525AA5F6EBA48DF64D734ADB8F7EC5FA6E177F4D4E21B3201790D834829006C68C2C71D75B482C583447F99CC4753BB6721058048A9E0ADB2679AB1002BA10037931300F0F1EE3D95D04FD273D3253072FDC5C1C27ACB09C020FB3D245E437E663747284A5B56E695794D788671315EF96A8FD7DB0382E67CFE7C46338FEE849FA69DB4CAD8BC5F5D1146ABF0190BE5FF5659E385187BE5E8B3F9EBCB1549B4EF94A9C63E36EB4A508A078B76E57C65C28BBE033A0352A4A5656A4E7F7F06AC9359C07D515942461E5E2A38ABED807D662A8A589C1C0DC4EBD79B8D3112940D017704F904C380F261003AD224F4D8CF5DAE5103C5BCB7E557A338CAAB1FB57861A15B5AA66827F0D25C217985D7BFFAC78400226C75CBA75E85DF234D20FD8B1A6090BF7DD367DFF56D2E4D77E0E99E3134CBD6979CB6AA5BB672BA0AA77EE87B3EE54A0597A85EDCDD0D6ED9D4F25BF912983F292FB68EEB56B2ADEB23032D9B84151AD819530F3DB912FC41E6E9D1B589467EA9F655F4BEE71D1EA86DABFBC38D514F16A17E910A322E1796667AA0F4F0AEB12C09277A4DD8A22B942A7BF38F9E2F09C3BEAC83B07117DFFA51366847F1ABF9489518C1701C2AF684FBCAB3DF59A567E7FD0D87C179EE7455A553C9827C2377ABFED36945D9889DE77D58DD67BBAD8B92EC233CC619B2F6418A1363C4553849254AA912B7201B42691B1E0F98A76594CD6ED74113F0FC85114D78D69223FB9028DB925C5DBA850352AC80EAEE0C45A299611838DA7CF9412F2699C1131B886C437F61E82EFE120253E76F0FA38A87D4BE917FC08B41C34A2ED1A9C6FA3357FE5BCA5054EDBF725EC8A0D01C70B9C44CB2FEB378010000000E000000385835324E41646D516B412533640200000000000000
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
E2E8E1348109D801
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
E2E8E1348109D801
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000B92344068FDFA24FBD3B4FA6DAFE96F7000000000200000000001066000000010000200000003C566D8F530634823281C38C636142E93C8A8DD0F72492ABB9F1EFC8056DD863000000000E8000000002000020000000719F514F780C82080C50EDB8222DED5545D345F0788A45F3EBE63EE1FC01F7B9500000008C88E3AA4F6B0BA58DC6A88C08BB30018EEBE329C6204D9736BDCAF3F2D4146D33F722E2382D0F7E77CEECE43786172082070D87F70751F022F9B24972EE8741F1C9B05C9F69F6481B7259F49540414840000000E65A777D12AF502DF5A661E628AF238BC8A259786CB5D946661F6E9CFF170050117A7E9E25AFD4BFC671EB8CE2694D5D3DE81E6176D86E22B59E0548CFE2C40E
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000B92344068FDFA24FBD3B4FA6DAFE96F700000000020000000000106600000001000020000000ADEB71445D7AB05A68E1FCF5C8CE4ABB58FA57D159D149CEB5BEB7AD0B3408ED000000000E800000000200002000000030A952240A1ADF43D37F18E330AA2CDBE44693D461FC504DDC5C718EF2E3B70810000000E5BB05627041A926DAC267CE7A1BDB5940000000F225BA8BC44AB2BE466A1C4A212A7F5E27D9A72D337E639E4AD9C8F1AB1B13DB53703B8019135623F7A91C9FB26E7901845658EEBA3E0CEECE02A2B65E21EBB3
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
27
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
27
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000B92344068FDFA24FBD3B4FA6DAFE96F700000000020000000000106600000001000020000000338709168375354E93DB3ED043E84CADF52C4FC8149369B69D3AE5C53C46E9AD000000000E8000000002000020000000935FF21A59F5FE73139EFF5ACA78A2F828FFB7CAE556FC9414D73C2E7D250A0D500000007A621E837B3171DC6784740C0B0B868F97BF46A9A48E4C5D09720A4DA97DFF123CD1C577576822640597950AE77C99130F80C099F8F90634BA179F3A0A5EB69018C492F8363FF8A4F0340BBEC07FA7434000000094A370C71548D21521160E5DC86793E40A3E1FAD1697C43CE3D8FDBD7AD4A28D69FDEA9E32DEF3EE951E519E8B1D1C1F60E1FB069CDBED5F126B643E11813E42
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E0013003B0010004600
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E0013003B0010004600
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C080000B08804EFB3C47701AEDC171A2CCD7A9E7560FB2B6D4D2F63CC12344F771FC00278E5BAB95BCEAB38B25F754D97C758A9E93B5AA1EADBCEC36508B371E05EA5402DC716B66D490823FB8FE7D4E557FF73652C836ED62AA2DED2BAC6668A66F411644E3BAFC4D4E58C9E8CA1D8148069F13E51F078ACDAABDB404AEC470DD8C87BBE997D943611279EA476DFF111E2C216D1CBB7A6778CEAA0C1D6AB7FDC52DBE1C4CA1D4D9E9EA065A46DB39D2E1D5C75AFBA76245CDEB91D578053EC42761AA23F00E8E2931D9165E991CA8B70D1C05C1D3FF5E97A7141A9896601CBBFE22A461C5BE1ED792D3438CF0258B32D9E03942A78819B3AE5506672AA427EC7379A3CC8FA0E60C16DF242D9E04C3B782457A1DD8638B5C8DAF7C3CB6A481A1916162ED0FFAA96EF7FEE76C84B2E35C202529D8B893206E1F092033FC8D9C6A61D16D6E389C7BE2E021C259C639123A3DAB89A27A23F7E99C734D7B7E2BBEF46EE787540B87989A59584E179491C558B4B3F9FBFEF134A5A005E0755DA7B46D52760CE27AC6032BEDA32733D1BE808C3F5C9259591964001392D32C3CEB58FC86921B4E984C1D1797029D850FA406AC87843395DA9FC9D6F13EA9376E0FD4761553B29A0624403E3F65B581A06455975744A1864559A0F972EEEE0FE2ECB0FC989420F686581D7FF0EE6A7525FD4007289296CCDB6D614D62A922EE4DAE0EF5FA7415F1EADCD1C5C57C617052596413657A30F98EC96A586A7BBF47E036366A64DBE038D5945EEA970EADB0F788CE95E7EA6665D1895336C46FD0FC2C84A4A731DCC2CB38B879CA5FBF8595B78CEBC7E9EEB42F0588AF44CA563DF7F4B117A0EB58341E962CAE24E979F8D64454A4C9C56A459BBCDCA7E3B653D70CEAA695EAAB6076235FEE665BEE36D7D32FFABA08C48B94E6098F2B5FA26DEB75C0760364EC103717D7F888E1C81E4B626C66BB3B613AF4539D74707DD889ADCC180E93BC474FDB587042FAC571040E77CBA52B3D0572C0BD0ABCAF8B82BD1927637769360713407C0AF3967F62FA57B0BFBFB20A7B446CB893435008BAF9F83A94A910A3956328F199F0E881B80E75317A9C5B4C3CAF65666931EB51AB5A8CC0BDB47AD8AC422150AF4E40B6BA207824FE40D1A283911FB4CE64D4A40DBE9857608971E295C48DD74CEC585F934922355CC4C7522A146E8EA4E095A1EC2725E39F3F2D0CABC2118A54C7DD718D8893CE3816FBC5EA2D22633ECB405A20AD74595BAB40170867AE1F390B432472DC2AFF8230EE056DC761F72DE985DB5530E28537F3D8C3C58C1CA0CB92370CBD2D13CF7D2B6C678EF15AFE8457922A93D15B8A4601589DCD3890065E79AB131694E95A8AEF40F857ABED2D94143CD526921484E7F24BF599810F34839435863910280D6D71AB0E71F3CD703F38DEE487526B528FB71E3D845C496D7D19347D0E9C009C76D6C5AB67D1E23157919DC0402EB63B1F304A9247C5B330BCE637C3A1320C6D1900DB4F9341E8FCEF4D4A9FCB0534630895EA6F3DB2AC17D5053ED46AEC526E960CB63F4E488486785C477F51FEDFBE6DB17FDAF038ED95A77E5C39659AAD987FD1DE32F2DD74A7E4ADB0FAFEFADF61B0B5BE314955533E06295DD40B6153E6A874C2D0DAFC463E064AAD13DC125BB813716EDCE2FA0B1B6331BA2926359E5B51E2E332E0AA3CBB1F34AEE5C332A2557812C33427397035F0951289E021F26A9E2F32554DE434C47185EF503E63CC7CC07203EFAFFFAD20E0479A73932F8C0DFF3D88E58CBF3F43FF1B1B01E7A7E5225EB6FCAB374307E8843CD3EB5920F8DB8710B3838711A63F19F0E53F38FBF0F9C4B585529735B6F85E87E0BDEC4AA42C27C5DE6F96F14995C426BF2A7C5D76F22494383FB9A26F2AF121F8734672F46D43436DEBC67446223FB945494BC109EB30391495A8BE8A729E19D43881A6E903DBA8A3F80F8DA4BFFE8EC0D7E158032059B21F4C5E4A78262752AEAE07FE59B2C2C8A2DD7C2682AE92AEFE9026E3DE7BD2F70F398461E57BBEDCE917935886B6AAB63C6CB65B32F4EE29CAB52685D6333E1BD7B3552C4F8F26B5C6393DB4E9D2757FBEA3081BD94542E431982A3DB17ACCECCFAA1A68DE61C0E928FB113A3870D5035D92DB6B1C9822F4656D6BF0929E11B355252E4D98F5DF61E92427CF67147B640956BA4E043870563929F5C61697FE418EBFCAAE81A81424FC5A0B5F2D257A9E11E5FEB48CD54D1F5046A1BFB61FB499B977C9A9DC8AD14BE48F16027A55F49197B282B7B71E8B1B739599A326E6B6CA0400E5291E2F58B4E34461CF4CA3AB6149094034FEEB8C6C3AE627A2EE9CF6BA167EB730E3831C74A1D8488067B2E10DDC88D1520BF3231FDBDE85BC9634668B577509E8C2C70E861EA4646A8CB3B77B38EF70039B1331094DAE7DD8CF0DF813FE5C971C7579D0D38F850F57E3D390B2D95DC644209CA843521B2A0BC8059D88B1E7D8E98B1D358628FAE34B36011EC94EEFEE1343B85AD472F9144EB4AA38BE44D1693985304E8ACA555A5F889253A64F7C8177B317DAC6751696A4C471DBCD7E5FF21F7C65BDD24F74EE7069143153F0B6DA617217C9F11004FB05DBBEC89D00614D9ECDE6557CD65B09958A71B9D5D11382ED5F2AAA763AF36B733D22E1438ACC859412DA9750EB1275DBF34E1F2A7D2514F8E3763E5D5E3C31F74498F7BDDAF6343E9FDE359F87A75D2AED0D634D5234BA990B03177A7A5A98831281AE0F2953C35EDE328226A98D4974940F78380DA51DCA464F97EAB3B9992668E9561A93192D0F4DA20F05DBA634EBC899AFFBE9B81872047941A1F3638DEA8891920BD1467B5A6F381E2A6607996BD16D1C8C56DBB4C236E026C41CC500A9204293CF9CEC6822094D91A651ED80E03E995FEEE24ACCA8ED91F92E68823B767C0BAD432FE2AD905444DB7542C7D584EDAD3C1269ACAA1A0C9DDADF946EA85995B6D0A0C31E058980C27D93D526213A6EEDF3184B5B371EDA467DE547DDB14EF71A3FC56979AA0F36769A08116CEDE9BB9A76E134518DACB6D314389DCBC04B2C148CC037E23520ABBA32BC1466E5B61CFA9987DA50B7C96CBE6FDD93A74F6666CD3985CA7010000000E000000385835324E41646D516B412533640200000000000000
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000B92344068FDFA24FBD3B4FA6DAFE96F70000000002000000000010660000000100002000000019B6DD4E5450C4DF02C88C7ABDD40F0337B6C6E7861F1601621908E4D315DBFA000000000E8000000002000020000000B1AC30A79477A76633653DFFA624CB5C17B3D955D14CF058054E5C84471C3A44100000007D14E1A29110812394AE643C720E381840000000AAA2685A028408D5E0AE0EFCB842E2B870DAD10DDF2C84DC80583D89A311B9E6DBDF082DE6E616A7F4A0013D8B652AF9BD7BE53A76FD5F3B96B343E134BECB00
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
27
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000B92344068FDFA24FBD3B4FA6DAFE96F700000000020000000000106600000001000020000000FF26F212C28A0EA0CDF20546DCCC127B5A973548D9324F1FD560702A4A98BA55000000000E80000000020000200000004174A15182F2A099CFA5CE0215A29963CFB6B9F84F9F8DA2105AEF0B92C83AE210000000017B91832CB26FA4A1849DE26E7451F140000000BD64C7E16B46D4D8E3610A54BFAD7553F8CC33C8595178DD03A034454107CE214F91BE9CDF2C58494E4EEBD6F49D8038D7CFAB39919B547140D9582016423539
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E0013003B0010004600
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
27
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C0800006C2369377FE497B142AD8DF118D356D5F1156FF1F91C7DEFA8D351C46B4BE347B411922EA739DA86CE4D8CF9636D910CEDFAA7B2FE8E1A6A811EC3328C89330991F4E0C2A1AFD33C178BE784B1D42055E164CA46227141ECB616C261B6C1461A28EDE68698E6809A828530BD4005B4B03A73141A986444D564DC4736E19248B8E21A27FB7A7FAC70085DC944E59E02135547E8D4E309EAAA658EAAB7C09C0708889C03FA22182B5198310AFF9A406FF1ABFF68A948FF6118734DE609EE7F702F43941E735F52975D452346B8248CD15E99BDE6FECEE5A7022D39033243DB2FF45020FF78A5CDF21FD3518890F920CABD2EA0BF62CE5D73AC1672E8B46B5013FA9461E09B8D297074B5DD9B3F4C9ED1FB59C8DCCC5C06A4E32F1879F9057EA4869C77E6989306588634E61724B6A4B6628F541235F57F12495B4B32854A058FD55F834554620518D8F08B672477D481F3A366D078ED6A5DA1532BC3037A856F028CA3702779C4CF5F65EE4A5D5FCC7C59BB1DFB8B6E66653571D8981DB99D0B7DFBF8687C72E4B7AF912D53A7B72D38631199B500951279476772A723D4EF8C1125A355BAC505B1316C6AAAE17C98281659FA90DA7B1018945219BB85CD1A987D5CC2EC82AFC73C72B6C39215A1AB844AE05F07B523FFFBE65AEDAA1AB5BE4796A476C43DA3CAE47A4E5AE066260865DAC9EAF533A27ECFB7000EF83AF37B0C03C2DFF3F590AEDF3AE94DF6D3024DE65F1CBA47CA122FCCE51A9CA4A5BAF12B7D411EA98455141D0473BEB2C4AA1B258359EF24D178B13C7126B7E13E1FC0C5AB0F51ED11699AE315B7CB166F2A13FADB74A914E8B8A3E1531B7F28903288E887A599E4DA12E1C23278964204C8D3DA5ABF071BAB0FA74D5FEA140E2946E9EC5369177A53F289C8519E3DC2B078FDED4CE42B9CB86E5CAA33F89640C252835A2131E9BA90A032C9531AE2296F022F3EE63D341204C961F23EE5253D3768F61EE8FB3029069B7C5DD0D0A3B2A7840A32645442D37A0C5886CFD2E175519CE1C92D8C0C8A902A083EEF17A2A7A0732FF1B88D7469F97FE0A53ACDEA0D5B95E65638459E13D5577424547BFEF4BEF73C76C9E2ECE18E8E984709EF60F08F96A4D7D84604A5EB17614B18B3D694955CD3B93F48C9E9125422553D1263584CC5BBDAC0C85F8B5AB56FF9D3394C85C8F692B0E56E2B5F096A1DC2A5DD13CE1DF6CB9E6669D00C68C43E6DBBFF7EA9BB8A1A78963732A6D59628783EB1908E961C746F802F755EB08B6EEAC6548EE512220CBCB8F6FD684221E5CEA2F7FAB6F820560F04C06F8E1577A0B3EECB9A6B02CC069152ECAE0551BDF2AC928071BBAC7011BCC499DE92FD7D72A87604C4187151AA49A55D646F64E6F17183EA157C8B25450E9584E3FCDA3F858544CA2AB2E8B3965B59073F17AF3C813340CC06F0F5749284FD0B9CA30B1C7921502BEED253826B2C42915EBBFD9041BAA0D5647CBD3898F186C72A9204C6EEC618AD2E09910DCABEA8CAE330C6E8D3CC48D44F64DD9FF69189C1ADE2D08A846332050C8AD2A051D02BE3ED519001D6617B82E78A02934EE39D1646DCD8CADBA1DF9BA6EDCE7BA2E72C7A9C0BA79BE99BFC3F4D4AE5F83F7288BC1382030C9475BDC61E7BBFF95B8ED064104D20A9AECC07259FE46ED269BFC7FA35AE212E4DE47A8992CD349A1D228DB5680F2E48C4434C73FEF0B4EE6C38A823CDC0A952A79BA405242EB400892446C3C6ABC5B7CA1803688A57C006E80EEA42F99BC3E542B582C3F251298C3D4CFE3B49A292EA62FA13416333271F7DA0F9D4DA3DA8F9BEA3FDD41E05250CDBB2137511B13B672B194078A97C7435CBE0B3C9903D49A2BB789D3EC7E7F18D017910583DF3F7B3C4DE6E467C715F17729ABC133C965278DA4190B80CF96F68510106A7EF7171E0CF9AF657FCC3D466126869E5FC797454B9C9C8210F68C754694280FB46D0FB4AEB2807214966D2A94A5231BEF10FFD2CF9E62580EEDFE9A3EA16FE6D62DE1796B7401619834F0984BC16B9773CBCCCC53AB4AD56CB93E17F75C8064A63134746D5EC6517CA145C99079E670EFB678ADF1C5ADA8BC473F3E4A825C1D068963336E4DE93083F8C25DDCB6B8BD04F7234ED3F1CF011FB678C7925E12886931D1FA283B63F05FFD14EFEA84D11815870FB8E43186CAB8E9D045F8AF1C70303FEAD0B5489BA1B2DBE3BE03E61CD4D372A715CC9557D2B9FF431AB78C30750D8BDF37EF60DCA1FE82580102D104E110ABD013D6FA48CB34C42C17C90150F6C328EE0AD08C67C0F50816A32153146B9F2F5C21AD613DC26B75D6FC0701131BC30C6EF562C1208EB859D5B079654806D10618EC89E2B2E82FE290379BA0EEAB6F4182C7C01FBC1E2A761EF4C5050663C824D6FFA676F800743AA22430C9E6F379D6A89F326C41AFBD6DAF265E3D518E169915F9CD184D595A465F08807CACE4E4BBA81063DCDB7FD32D93181EE6C149FE5E153727D72140D43A97B2A4C5D99811DA61165E53C90C7DBD60ABA134C695817E59519094CEB493F6805FC797A26F935F3F6FDBD0223F9F1CDD9E3F10880171D7E743216C9CFBFB79A0A1930845F78B20D465B6732B788940B2FF828C673D918AE3DFC44040777CD642AEC0F891F2EB47B53428220AFCAE482DAF458B5F26529758DFB33F3C2FD9F52D185B78721675B2FDFF7AD2EEBAB017DC10F21E5BA3F6E8BE5B983DD467A4F87BE3FC9477EB5C685A23D8A1B3CBE0B42862023F89BE40850A168D50728CBFB1D52E5E3E9BAFD17EC1F8DB731E6B12289053EFE4B10DC17452A2FC7C89736C523AD55A73368106D2DC58CD62232BD66869A1B5227634DBCDF8A25FA3AB6CDCBC7A2EFB3F05106E880652486F010CDF7BC386ABF7F6705156847140E2609792F2E7898A80E399BA7FEFBB76656CDDEF5255436E5CCBA81431A8B81A3D5EBAF0F09773E27FB29D9CC9DBBFE1882D089802F9A8C631CA29B6654A7AE59761F338D474CE7CE7051E376287C2F3B2172C7B89B7AA6DBF76B259F27DB92D03162BBC705374C3F107235C5D566886EE5DB6CBECA7FCFEC0965FF0C717522A96B1E05DF520EFF1882E262D91CFFE053F1FA77B08275010000000E000000385835324E41646D516B412533640200000000000000
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
27
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
27
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E0013003B0010004600
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000B92344068FDFA24FBD3B4FA6DAFE96F7000000000200000000001066000000010000200000005E027BCA340759BB6F4AFFB3BC7925C1565E97168100B012106C40858F42BBDB000000000E8000000002000020000000A16F03E0138D6B74F4D1CD1A36A503009AAAA048692F4785C628EAD6DE54CB9F5000000056A841188BE74D41FC4D50A0EB880739B73411A1EF8CECF537E90B20F808B995CDF2A277B923BC190C1103CB1521780D114C31A639F9F30409BB6B398F23FE084BD3C200083512F7AFBCA197BD5AFB5540000000A43A4C75E6F531094D8A12C14B2D30B17C0078B1BEAED388990DA0FDF5DB57153778C54408863ACAB41FDF2C9D32065EC8140DE5E6AC6B9F042E8F6B54638ABD
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
27
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
27
2204
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2204
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
120
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersi