General Info

File name

watchres2.exe

Full analysis
https://app.any.run/tasks/6eae9bc5-4c30-4a84-ad1e-9aec1d19c423
Verdict
Malicious activity
Threats:

Revenge was one of the most popular remote access trojans to be used in 2019 when it was featured in a huge malicious campaign named “Aggah”. This malware can take remote control of infected machines and spy after the victims.

Analysis date
15/01/2022, 04:05:49
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

trojan

rat

revenge

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5

7f0721f8f813f7cd7273ffa246b16d61

SHA1

e4530dafc98e1c2f3ba183f918ecea4b9b33b620

SHA256

d6983eb932a698783491cf1d4acfbb7ab9f65064b1fe8c842aacbdbec31b26de

SSDEEP

768:f+JvtToLvr+NQ2yCWDsOLlWyAVF/Zpf/a/US7MAboMdxnY2TczYcHe+ZR:fwtToT32yCWQeAVFHa/USwWoMnd+D

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes the autorun value in the registry
  • TexTInput.exe (PID: 3048)
Uses Task Scheduler to run other applications
  • TexTInput.exe (PID: 3048)
Connects to CnC server
  • watchres2.exe (PID: 4092)
  • TexTInput.exe (PID: 3048)
REVENGE was detected
  • watchres2.exe (PID: 4092)
  • TexTInput.exe (PID: 3048)
Drops executable file immediately after starts
  • vbc.exe (PID: 4036)
Loads the Task Scheduler COM API
  • schtasks.exe (PID: 3324)
Writes to a start menu file
  • vbc.exe (PID: 4036)
Writes to the hosts file
  • TexTInput.exe (PID: 3048)
Executes scripts
  • TexTInput.exe (PID: 3048)
Checks supported languages
  • watchres2.exe (PID: 4092)
  • TexTInput.exe (PID: 3048)
  • vbc.exe (PID: 4036)
  • cvtres.exe (PID: 3564)
  • TexTInput.exe (PID: 1208)
  • TexTInput.exe (PID: 2880)
  • TexTInput.exe (PID: 3360)
Reads the computer name
  • watchres2.exe (PID: 4092)
  • TexTInput.exe (PID: 3048)
  • TexTInput.exe (PID: 1208)
  • TexTInput.exe (PID: 2880)
  • TexTInput.exe (PID: 3360)
Reads CPU info
  • watchres2.exe (PID: 4092)
  • TexTInput.exe (PID: 3048)
Starts itself from another location
  • watchres2.exe (PID: 4092)
Drops a file with a compile date too recent
  • watchres2.exe (PID: 4092)
  • vbc.exe (PID: 4036)
Reads Environment values
  • TexTInput.exe (PID: 3048)
  • watchres2.exe (PID: 4092)
Executable content was dropped or overwritten
  • watchres2.exe (PID: 4092)
  • vbc.exe (PID: 4036)
Creates files in the user directory
  • watchres2.exe (PID: 4092)
  • vbc.exe (PID: 4036)
Modifies files in Chrome extension folder
  • chrome.exe (PID: 2640)
Executed via Task Scheduler
  • TexTInput.exe (PID: 2600)
  • TexTInput.exe (PID: 1208)
  • TexTInput.exe (PID: 2100)
  • TexTInput.exe (PID: 2880)
  • TexTInput.exe (PID: 4000)
  • TexTInput.exe (PID: 3360)
Reads the hosts file
  • TexTInput.exe (PID: 3048)
  • chrome.exe (PID: 2640)
  • chrome.exe (PID: 128)
Reads the computer name
  • schtasks.exe (PID: 3324)
  • chrome.exe (PID: 2640)
  • chrome.exe (PID: 128)
  • chrome.exe (PID: 3280)
  • chrome.exe (PID: 2580)
  • chrome.exe (PID: 2940)
  • chrome.exe (PID: 1152)
  • chrome.exe (PID: 308)
  • chrome.exe (PID: 2856)
Checks supported languages
  • chrome.exe (PID: 2580)
  • chrome.exe (PID: 2640)
  • chrome.exe (PID: 2988)
  • schtasks.exe (PID: 3324)
  • chrome.exe (PID: 508)
  • chrome.exe (PID: 1948)
  • chrome.exe (PID: 344)
  • chrome.exe (PID: 1512)
  • chrome.exe (PID: 756)
  • chrome.exe (PID: 3636)
  • chrome.exe (PID: 3280)
  • chrome.exe (PID: 1516)
  • chrome.exe (PID: 3948)
  • chrome.exe (PID: 1152)
  • chrome.exe (PID: 460)
  • chrome.exe (PID: 2128)
  • chrome.exe (PID: 924)
  • chrome.exe (PID: 128)
  • chrome.exe (PID: 2684)
  • chrome.exe (PID: 948)
  • chrome.exe (PID: 2672)
  • chrome.exe (PID: 308)
  • chrome.exe (PID: 2940)
  • chrome.exe (PID: 3488)
  • chrome.exe (PID: 2140)
  • chrome.exe (PID: 1432)
  • chrome.exe (PID: 2008)
  • chrome.exe (PID: 304)
  • chrome.exe (PID: 1028)
  • chrome.exe (PID: 2820)
  • chrome.exe (PID: 596)
  • chrome.exe (PID: 2856)
  • chrome.exe (PID: 3856)
  • chrome.exe (PID: 3992)
  • chrome.exe (PID: 2692)
  • chrome.exe (PID: 908)
  • chrome.exe (PID: 3708)
  • chrome.exe (PID: 3656)
  • chrome.exe (PID: 4072)
Manual execution by user
  • chrome.exe (PID: 2640)
Application launched itself
  • chrome.exe (PID: 2640)
Changes default file association
  • chrome.exe (PID: 2640)
Reads settings of System Certificates
  • chrome.exe (PID: 128)
Reads the date of Windows installation
  • chrome.exe (PID: 308)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Generic CIL Executable (.NET, Mono, etc.) (49%)
.exe
|   Win32 Executable MS Visual C++ (generic) (20.8%)
.exe
|   Win64 Executable (generic) (18.5%)
.dll
|   Win32 Dynamic Link Library (generic) (4.4%)
.exe
|   Win32 Executable (generic) (3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2022:01:15 04:59:15+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
52736
InitializedDataSize:
4096
UninitializedDataSize:
null
EntryPoint:
0xed0e
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
15-Jan-2022 03:59:15
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000080
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
4
Time date stamp:
15-Jan-2022 03:59:15
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00002000 0x0000CD14 0x0000CE00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.80168
.sdata 0x00010000 0x000000E2 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.33289
.rsrc 0x00012000 0x00000B88 0x00000C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.08631
.reloc 0x00014000 0x0000000C 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 0.0815394
Resources
1

Imports
    mscoree.dll

Exports

    No exports.

Screenshots

Processes

Total processes
99
Monitored processes
50
Malicious processes
2
Suspicious processes
1

Behavior graph

+
drop and start start watchres2.exe no specs #REVENGE watchres2.exe #REVENGE textinput.exe vbc.exe cvtres.exe no specs schtasks.exe no specs chrome.exe chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs textinput.exe no specs textinput.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs textinput.exe no specs textinput.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs textinput.exe no specs textinput.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2732
CMD
"C:\Users\admin\AppData\Local\Temp\watchres2.exe"
Path
C:\Users\admin\AppData\Local\Temp\watchres2.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\watchres2.exe
c:\windows\system32\ntdll.dll

PID
4092
CMD
"C:\Users\admin\AppData\Local\Temp\watchres2.exe"
Path
C:\Users\admin\AppData\Local\Temp\watchres2.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernelbase.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\91efd50cedcf22003233d52464c01816\system.windows.forms.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\32611a460efdd579a68a09bf3d065e0c\microsoft.visualbasic.ni.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\e10fc0c922927179f29b495cf47d62dc\system.ni.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\msvcrt.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\8f5842a3d4d666059db685b319e3a5b3\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\992b101b45c1e2e5563fee65ab5fd691\system.xml.ni.dll
c:\windows\system32\advapi32.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\23349d393ecff063c3152fcf5229b2ab\mscorlib.ni.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\sechost.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\94fe1557aab4bc059482da7d99e97641\system.configuration.ni.dll
c:\windows\system32\dnsapi.dll
c:\users\admin\appdata\local\temp\watchres2.exe
c:\windows\system32\mscoree.dll
c:\windows\system32\usp10.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winmm.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\napinsp.dll
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
c:\windows\system32\avicap32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\bda2113f273e7bf6eba84f3d0d1a66c3\system.management.ni.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\userenv.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\roaming\textinput.exe

PID
3048
CMD
"C:\Users\admin\AppData\Roaming\TexTInput.exe"
Path
C:\Users\admin\AppData\Roaming\TexTInput.exe
Indicators
Parent process
watchres2.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\user32.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\8f5842a3d4d666059db685b319e3a5b3\system.drawing.ni.dll
c:\users\admin\appdata\roaming\textinput.exe
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\23349d393ecff063c3152fcf5229b2ab\mscorlib.ni.dll
c:\windows\system32\msvcrt.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\e10fc0c922927179f29b495cf47d62dc\system.ni.dll
c:\windows\system32\imm32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\winnsi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\91efd50cedcf22003233d52464c01816\system.windows.forms.ni.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\992b101b45c1e2e5563fee65ab5fd691\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\32611a460efdd579a68a09bf3d065e0c\microsoft.visualbasic.ni.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\94fe1557aab4bc059482da7d99e97641\system.configuration.ni.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\bda2113f273e7bf6eba84f3d0d1a66c3\system.management.ni.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\winrnr.dll
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\clbcatq.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\shfolder.dll
c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\schtasks.exe
c:\windows\system32\windowscodecs.dll

PID
4036
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\admin\AppData\Local\Temp\8xuplhte.cmdline"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Indicators
Parent process
TexTInput.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Visual Basic Command Line Compiler
Version
8.0.50727.5483
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleaut32.dll
c:\windows\microsoft.net\framework\v2.0.50727\alink.dll
c:\windows\system32\sechost.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorpe.dll
c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe
c:\windows\system32\apphelp.dll

PID
3564
CMD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RES41D5.tmp" "C:\Users\admin\AppData\Local\Temp\vbc41C4.tmp"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
Indicators
No indicators
Parent process
vbc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft� Resource File To COFF Object Conversion Utility
Version
8.00.50727.5003 (Win7SP1GDR.050727-5400)
Modules
Image
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\kernelbase.dll
c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe
c:\windows\system32\rsaenh.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\msvcrt.dll

PID
3324
CMD
schtasks /create /sc minute /mo 1 /tn "Text Input Module for Windows" /tr "C:\Users\admin\AppData\Roaming\TexTInput.exe"
Path
C:\Windows\system32\schtasks.exe
Indicators
No indicators
Parent process
TexTInput.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msctf.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\schtasks.exe
c:\windows\system32\ktmw32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\sechost.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\version.dll
c:\windows\system32\sspicli.dll

PID
2640
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wldap32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\devobj.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\webio.dll
c:\windows\system32\netutils.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\wintrust.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\samlib.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\duser.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cscui.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\imageres.dll
c:\windows\system32\slc.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\dui70.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\avrt.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfreadwrite.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\wship6.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\qmgrprxy.dll

PID
2988
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6a87d988,0x6a87d998,0x6a87d9a4
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\winmm.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll

PID
128
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1328 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\rasadhlp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\webio.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wship6.dll
c:\windows\system32\psapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\ntmarta.dll

PID
2580
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1056 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cfgmgr32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dwrite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\mf.dll
c:\windows\system32\powrprof.dll
c:\program files\google\chrome\application\86.0.4240.198\libglesv2.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\atl.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\slc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\evr.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\webio.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msmpeg2vdec.dll
c:\program files\google\chrome\application\86.0.4240.198\libegl.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll

PID
756
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\crypt32.dll

PID
924
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winmm.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwrite.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\webio.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\psapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll

PID
508
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\shell32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dbghelp.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\psapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\webio.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll

PID
3280
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2844 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\slc.dll
c:\program files\google\chrome\application\86.0.4240.198\swiftshader\libglesv2.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winspool.drv
c:\windows\system32\devobj.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\webio.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\bcrypt.dll
c:\program files\google\chrome\application\86.0.4240.198\swiftshader\libegl.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\evr.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dxva2.dll

PID
344
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\secur32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleacc.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2684
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3040 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\version.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\webio.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\userenv.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\winspool.drv
c:\windows\system32\nsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msasn1.dll

PID
3636
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3112 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\shell32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winspool.drv
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\user32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shlwapi.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\webio.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\crypt32.dll

PID
460
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3108 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\winspool.drv
c:\windows\system32\lpk.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwrite.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\webio.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dhcpcsvc.dll

PID
3948
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3448 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\winmm.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oleacc.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winhttp.dll

PID
1948
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3460 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\shell32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\gdi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\windows\system32\lpk.dll
c:\windows\system32\userenv.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleaut32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wintrust.dll
c:\windows\system32\winnsi.dll

PID
1512
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3564 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winmm.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winspool.drv
c:\windows\system32\kernel32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\lpk.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\webio.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winhttp.dll

PID
1516
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3616 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\psapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\profapi.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\webio.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\nsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\lpk.dll

PID
2128
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3452 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\lpk.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\webio.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\crypt32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\version.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\secur32.dll

PID
1152
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\ws2_32.dll
c:\windows\system32\version.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\dwmapi.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\nsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\secur32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\dui70.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\mscms.dll
c:\windows\system32\slc.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\mf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\atl.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\mfreadwrite.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\firewallapi.dll
c:\windows\system32\wevtapi.dll
c:\program files\common files\microsoft shared\ime14\imekr\imkrtip.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wship6.dll
c:\program files\microsoft office\office14\mlshext.dll
c:\program files\microsoft office\office14\visshe.dll
c:\windows\system32\webcheck.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\credssp.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\windows\system32\samlib.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\program files\common files\microsoft shared\ime14\imejp\imjptip.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\colorui.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\syncui.dll
c:\program files\windows sidebar\sbdrop.dll
c:\windows\system32\stobject.dll
c:\windows\system32\cryptext.dll

PID
2672
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3192 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\winnsi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\nsi.dll

PID
948
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3336 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\webio.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\gdi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dwrite.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\dbghelp.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll

PID
3488
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3072 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\nsi.dll
c:\windows\system32\webio.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uiautomationcore.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\oleacc.dll

PID
2940
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\lpk.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\userenv.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\webio.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winspool.drv
c:\windows\system32\netapi32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\rsaenh.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\crypt32.dll

PID
308
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1744 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\winmm.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cryptbase.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\webio.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cfgmgr32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\cscui.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\slc.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\twext.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\syncui.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wer.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\synceng.dll
c:\windows\system32\acppage.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\sfc.dll

PID
2600
CMD
C:\Users\admin\AppData\Roaming\TexTInput.exe
Path
C:\Users\admin\AppData\Roaming\TexTInput.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\roaming\textinput.exe

PID
1208
CMD
C:\Users\admin\AppData\Roaming\TexTInput.exe
Path
C:\Users\admin\AppData\Roaming\TexTInput.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\user32.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\e10fc0c922927179f29b495cf47d62dc\system.ni.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\shell32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\lpk.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\8f5842a3d4d666059db685b319e3a5b3\system.drawing.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ntdll.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\23349d393ecff063c3152fcf5229b2ab\mscorlib.ni.dll
c:\windows\system32\sechost.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\91efd50cedcf22003233d52464c01816\system.windows.forms.ni.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\appdata\roaming\textinput.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ole32.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\32611a460efdd579a68a09bf3d065e0c\microsoft.visualbasic.ni.dll

PID
2140
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=536 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\version.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\uiautomationcore.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ws2_32.dll

PID
2008
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1836 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dhcpcsvc.dll

PID
2820
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1912 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msasn1.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\winspool.drv
c:\windows\system32\nsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dwrite.dll

PID
1432
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\winmm.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\version.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\uiautomationcore.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\webio.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dwrite.dll
c:\windows\system32\secur32.dll

PID
304
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1900 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winspool.drv

PID
1028
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\uiautomationcore.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\psapi.dll

PID
596
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winmm.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ws2_32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\webio.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cryptbase.dll

PID
3856
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\dbghelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\version.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\iphlpapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\webio.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\nsi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sspicli.dll

PID
2856
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\sechost.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\shell32.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcryptprimitives.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msasn1.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll

PID
2692
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3192 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\version.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winspool.drv
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\webio.dll
c:\windows\system32\msasn1.dll

PID
3992
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3676 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shell32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll
c:\windows\system32\crypt32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\webio.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winspool.drv
c:\windows\system32\psapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\cryptbase.dll

PID
2100
CMD
C:\Users\admin\AppData\Roaming\TexTInput.exe
Path
C:\Users\admin\AppData\Roaming\TexTInput.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\roaming\textinput.exe
c:\windows\system32\ntdll.dll

PID
2880
CMD
C:\Users\admin\AppData\Roaming\TexTInput.exe
Path
C:\Users\admin\AppData\Roaming\TexTInput.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\sechost.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\users\admin\appdata\roaming\textinput.exe
c:\windows\system32\shell32.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\94fe1557aab4bc059482da7d99e97641\system.configuration.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\23349d393ecff063c3152fcf5229b2ab\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\e10fc0c922927179f29b495cf47d62dc\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\32611a460efdd579a68a09bf3d065e0c\microsoft.visualbasic.ni.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\gdi32.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\8f5842a3d4d666059db685b319e3a5b3\system.drawing.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msctf.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\91efd50cedcf22003233d52464c01816\system.windows.forms.ni.dll
c:\windows\system32\user32.dll

PID
908
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\user32.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\webio.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winhttp.dll

PID
4072
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\userenv.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\user32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cryptbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\webio.dll

PID
3656
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\advapi32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\winspool.drv
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\oleacc.dll
c:\windows\system32\webio.dll
c:\windows\system32\usp10.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winmm.dll
c:\windows\system32\psapi.dll
c:\windows\system32\sspicli.dll

PID
3708
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,9282375425415817184,17280803956627504806,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wintrust.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\dwrite.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\webio.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msasn1.dll

PID
4000
CMD
C:\Users\admin\AppData\Roaming\TexTInput.exe
Path
C:\Users\admin\AppData\Roaming\TexTInput.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\roaming\textinput.exe

PID
3360
CMD
C:\Users\admin\AppData\Roaming\TexTInput.exe
Path
C:\Users\admin\AppData\Roaming\TexTInput.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\91efd50cedcf22003233d52464c01816\system.windows.forms.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\e10fc0c922927179f29b495cf47d62dc\system.ni.dll
c:\users\admin\appdata\roaming\textinput.exe
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mscoree.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msctf.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\23349d393ecff063c3152fcf5229b2ab\mscorlib.ni.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\32611a460efdd579a68a09bf3d065e0c\microsoft.visualbasic.ni.dll
c:\windows\system32\ntdll.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\8f5842a3d4d666059db685b319e3a5b3\system.drawing.ni.dll

Registry activity

Total events
14975
Read events
0
Write events
161
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
4092
watchres2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
4092
watchres2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
4092
watchres2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
4092
watchres2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3048
TexTInput.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
TextInput
C:\Users\admin\AppData\Roaming\TexTInput.exe
2640
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
(default)
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2640
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13286693234406937
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
3404ECF6BB80BE72D02BBC6268DACBD0D1C463B728A5C7B4E3FC73A853EE5FD4
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
911FE281CB88E8A6F8160E6417E4D83AF994824282798F4E7C2B33539ADC400A
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
E2FAFB5D51EEBE04A784740B11C6BA5B456D2A9E82CD008676C2D9453EFDE151
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
075D52643A72C98410EF2C6F5A06A10F9ADC44D50DDFF2CC2FFE32C81B77E67E
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
62C1A8BE68517759276CD5C4651DDE462F78AD56FF85C2E9473CB6BAC4BE2502
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
0E265BFED6F1C7D5F0A9BD790C50BB30E78E959631D51EEBB8BB0DE73E65763C
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
66D2E99AA8898940E49FE7278CF49621C6A74B34CB7C6DDC7F2A9F5AB065D54D
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
8F2892D07F5A7E08016D511C2CE6340132FC564675968393126070DFB7534F0B
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
861DF5F5976BFCA375A9DD46BF59D123CCC4FB3852002D565727909581F2F17F
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
CE055296C509D801
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enGB988
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\Events\C
C1S
1
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\Events\C
C7S
1
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\Events\C
C1I
1
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\Events\C
C7I
1
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\StatefulEvents\C
C7I
1
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\Events\C
C2I
1
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enGB988
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\StatefulEvents\C
C2I
1
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enGB988
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\StatefulEvents\C
C1I
1
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
Progid
ChromeHTML
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice
Progid
ChromeHTML
2640
chrome.exe
write
HKEY_CLASSES_ROOT\.xhtml
(default)
ChromeHTML
2640
chrome.exe
write
HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec
(default)
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice
Progid
ChromeHTML
2640
chrome.exe
write
HKEY_CLASSES_ROOT\http
URL Protocol
2640
chrome.exe
write
HKEY_CLASSES_ROOT\https\shell\open\ddeexec
(default)
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice
Progid
ChromeHTML
2640
chrome.exe
write
HKEY_CLASSES_ROOT\http\shell\open\ddeexec
(default)
2640
chrome.exe
write
HKEY_CLASSES_ROOT\https
URL Protocol
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Clients\StartmenuInternet
(default)
Google Chrome
2640
chrome.exe
write
HKEY_CLASSES_ROOT\ftp
URL Protocol
2640
chrome.exe
write
HKEY_CLASSES_ROOT\.html
(default)
ChromeHTML
2640
chrome.exe
write
HKEY_CLASSES_ROOT\ftp\DefaultIcon
(default)
C:\Program Files\Google\Chrome\Application\chrome.exe,0
2640
chrome.exe
write
HKEY_CLASSES_ROOT\.xht
(default)
ChromeHTML
2640
chrome.exe
write
HKEY_CLASSES_ROOT\ftp\shell
(default)
open
2640
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-1302019708-1500728564-335382590-1000
ADA5B75D2D342F00
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Progid
ChromeHTML
2640
chrome.exe
write
HKEY_CLASSES_ROOT\http\shell
(default)
open
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice
Progid
ChromeHTML
2640
chrome.exe
write
HKEY_CLASSES_ROOT\ftp\shell\open\command
(default)
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1
2640
chrome.exe
write
HKEY_CLASSES_ROOT\https\shell\open\command
(default)
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1
2640
chrome.exe
write
HKEY_CLASSES_ROOT\https\shell
(default)
open
2640
chrome.exe
write
HKEY_CLASSES_ROOT\.shtml
(default)
ChromeHTML
2640
chrome.exe
write
HKEY_CLASSES_ROOT\https\DefaultIcon
(default)
C:\Program Files\Google\Chrome\Application\chrome.exe,0
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice
Progid
ChromeHTML
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice
Progid
ChromeHTML
2640
chrome.exe
write
HKEY_CLASSES_ROOT\http\shell\open\command
(default)
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1
2640
chrome.exe
write
HKEY_CLASSES_ROOT\.htm
(default)
ChromeHTML
2640
chrome.exe
write
HKEY_CLASSES_ROOT\http\DefaultIcon
(default)
C:\Program Files\Google\Chrome\Application\chrome.exe,0
2640
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
128
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
1152
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2940
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
308
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2856
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US

Files activity

Executable files
2
Suspicious files
142
Text files
156
Unknown types
16

Dropped files

PID
Process
Filename
Type
4036
vbc.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TextInputh.exe
executable
MD5: cafb855f5491fbad10d075720c96f09f
SHA256: fcc1c7f45ec3be3ff1fa9ab40840a510ca5cde0d485e021dc3af7247470d8013
4092
watchres2.exe
C:\Users\admin\AppData\Roaming\TexTInput.exe
executable
MD5: 7f0721f8f813f7cd7273ffa246b16d61
SHA256: d6983eb932a698783491cf1d4acfbb7ab9f65064b1fe8c842aacbdbec31b26de
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
––
MD5:  ––
SHA256:  ––
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
––
MD5:  ––
SHA256:  ––
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1
binary
MD5: 6c165924fa0d1d44e5f96279459d0825
SHA256: 52e393379ec378f08211adafac1d50ab6b976acd5e43cd50acb52213a88e33cb
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a6679a30-178d-4475-810b-438fb72d0c53.tmp
text
MD5: 18f21cf3939073b91b40d40c8d9adafd
SHA256: 206818357c4f6ee0e00ec3f6bc71aee5c31feaabd0563e398cc1e60aa92a3bb7
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\000003.log
binary
MD5: 0407b455f23e3655661ba46a574cfca4
SHA256: ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
text
MD5: 3ae2fcf2e6151d950b510ffd12776403
SHA256: 99184539b6ab16ba95819f0fb1247e55ad5e7bd5793b0c96a64733509d7782cb
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
sqlite
MD5: bc669b31fdb5889b7fe69b350a50a046
SHA256: 43852ddba7c2c8bc6a0851968944a9befb19c1e82b6a792735b03aa6ef4fe0b6
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF14751f.TMP
text
MD5: d013fa52108fa41da7bc5d76de22fb84
SHA256: ffe79b82be30e2e7a891c84980e2b246295e23204703460eabda5efa0b6a773a
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
sqlite
MD5: 4f9560925612851f907fd4d60e0e253a
SHA256: 6baa0db6d71a5ecc2981cc186186584bbbfc43c4a1c0f99e41c5719f9c4a92de
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
binary
MD5: 31ff66798025884f1eaa6b3e86dfac61
SHA256: 70c6c443da8afcef3b72e9232564e76f61f3577e29fc0c3f685ada289822ce24
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: fb642563c836848453702e46ea8f7272
SHA256: 332064923dd545de121111bfe716f694ac20577e005fbe797cd09fbf7844d670
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000060
binary
MD5: 5702f00f119bb0dcccb7c1ecb800663e
SHA256: 5705a2eb7712163a2602ab9abaa9ce6174cc687890d2dc62738faef1b70bf5c1
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
text
MD5: a3e43db82a05f4d731deccac90d04e92
SHA256: d09674248a287d88925055936a967cecd94a5c76832987f785caa7834fcb3cb0
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 18f21cf3939073b91b40d40c8d9adafd
SHA256: 206818357c4f6ee0e00ec3f6bc71aee5c31feaabd0563e398cc1e60aa92a3bb7
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\000003.log
binary
MD5: 0407b455f23e3655661ba46a574cfca4
SHA256: ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: b8194f5f2617a954b46da471de374ba0
SHA256: a523ef75e6377a570dedd4baf6e5d6da01f34682a161a77cbb2f561f7a339d23
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal
––
MD5:  ––
SHA256:  ––
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1474e0.TMP
text
MD5: b8194f5f2617a954b46da471de374ba0
SHA256: a523ef75e6377a570dedd4baf6e5d6da01f34682a161a77cbb2f561f7a339d23
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: 1180432906293772c725603f07e500ed
SHA256: 4ed70f74089df558c3708b8fefb740846664aceeea3863e957f3d03594b06a76
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: 178430b30455cd310b1b0617df33e90d
SHA256: b178ea907e42bac9f4c7bafcfcce4b63862bd51376da4bb8ba7169777467173b
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
text
MD5: ad2f5e46b8d1dd2db35cf7fc788da795
SHA256: 7d6c1bba84a29791b7aba4354ffd5fdc446b2b39fbbc9a73761b0a9687e1a96d
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
binary
MD5: 849fe4d16141183cff89b64f91dfe852
SHA256: 33875972f4bb2b793ba28878084f027cc4aba416be2d4d791e64f129af6e2ab0
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1474d1.TMP
text
MD5: e4e84bbcc125465dc49c69c141a836f7
SHA256: 1cb193d4c49b66d1db9fbb774e9ea94a49e9e480b01d928cc82d166515835c35
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: e5992cc70ac260b23b806c1f947e2e28
SHA256: 762cd787124b55780e67f3815aa6e4a194bcfca67a70191c59c19b02e81fe044
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\c24af6b6-a807-4e67-92f0-1e2d6e20ec92.tmp
text
MD5: b8194f5f2617a954b46da471de374ba0
SHA256: a523ef75e6377a570dedd4baf6e5d6da01f34682a161a77cbb2f561f7a339d23
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
––
MD5:  ––
SHA256:  ––
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\7516ef53-b82f-493b-9754-4c96898b769d.tmp
text
MD5: e5992cc70ac260b23b806c1f947e2e28
SHA256: 762cd787124b55780e67f3815aa6e4a194bcfca67a70191c59c19b02e81fe044
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000008.log
binary
MD5: 7115bf9aeb87c4fb747da15a9907fad0
SHA256: 66f192169debe7660a1d7fec0c2a3131ffa494d7c9e349a7442b19919a65c1a7
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
bc
MD5: 36ae1954407f66426d7a59fbed3bff78
SHA256: 526ee965c4b5f54395d0e0dc0171d3bb7711bebb2cfc8fb560a679625a0e67b8
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
text
MD5: bac18b33f057ecdf70beb839b27944d4
SHA256: a9755cba1494f68abaddc27ff6e8a63f447229a56705b62eb0391b25e81fe516
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL
sqlite
MD5: 51e8b4ea5ca8b46c708f913b2e12d39a
SHA256: ca7681f6071200e3fc3909141ca5a395213594b3a28bac8a60c7695320d33eba
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG
text
MD5: 538d27899dd88bbc5776fb70058cd71e
SHA256: ebe73135eb8dac0b10fd97351eb99a26510b2ff472a6ff4888e0a0f5c0a253bc
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
binary
MD5: 018a3280bdb6388da77e8831959a2799
SHA256: 1cd1e30879039d9922f28f997b206274a408ae8886b1be4ad718cd401e89c459
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: 8cf935f72760866c6ebe68744f0c72c4
SHA256: 1c00c39d0a257aebd6c7edae473eb38ea15f413c408d9b591a9ae408f86149ad
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: 6dbf798641109a10a2424765df83c1ad
SHA256: ce18780f5a4464bfa94c7ac31fcf623962ce9f5a542b795faa55e712be238fa8
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG
text
MD5: 87240fc21ceb29e7b43ad4315c76418f
SHA256: ed2eedc109f2cc3036a2841851a832ce49e56bb0a06f452691541d4219534205
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: de8a41d9d8bd4b0a7e2d07450d0e568d
SHA256: d7ea7479dba47e724fa837655ffea327c6ae373664bcb2c6814e467c8d0fd79e
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
text
MD5: bfb4d863e52294de2cdaf633464c98e3
SHA256: 12e2bda97779410beec52e3b307199a5b4bb6e7841286920bfdfbc9bdbfd89c4
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log
bc
MD5: 9f7eadc15e13d0608b4e4d590499ae2e
SHA256: 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13286693234251187
binary
MD5: 63d62d28767ef36a786d8f4ded832de9
SHA256: 17fb8f162e6812a731892349a3a0dba2d322d5b6843782097054230c4ad0f12a
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG
text
MD5: 898fde039d598b8486832bcfe97b5650
SHA256: c7d0f9422073aef2ab6712d994d45698cabe8bdbde06fbb561f97aa3b3104b56
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
binary
MD5: bd801702ced176f23ba015b6cc8e6da4
SHA256: 102eae254047db640c2c5106bec330c3304106b6df9f4518c80d849d9a721199
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
binary
MD5: 5f9c953c3de2aad45098e6f646fe1890
SHA256: d2531b8e9c84e7b04bc9bf9f790266f2a6000c19ecbbdcac6b8239b197965722
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
text
MD5: 2958f3e608d087e7f6170b0c042575e4
SHA256: a3e0409374864f346e7100e5af0cfaab90578cbb1ff1d6c9c4496c4f3d94a332
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: cf5c7cfaec2063ad0d4f34df43acf486
SHA256: 438d8c22c93ac06be364413f18f5c5552eda23ad47dc533f78be269305ced153
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
binary
MD5: 549efd08b8208afc72d4f0ad9face1c6
SHA256: 7e023a5f33bdb9f2bbc2533acdb1c2221f6521739905da06d8870d033c40fdf5
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: c00e5b1bf48a116fb7bac8fb28ec3f21
SHA256: 03bb1ed61b2d2cb09ce43b67aaf1c8b6515e5bc0869e4d070f5faec74bd45e92
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
binary
MD5: fbe7019c87a334dddef9cbabc58ddd36
SHA256: 933afc1fd66370964663fbb5972cd71d64dc9a4315b57dc8c6011dd232d511dc
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: df7a8d404cd7044f605b9a4f6b498e31
SHA256: 41a9bbb26041e056bff5b17dd5678e603b17df0cbe9998fb8f2e6f6eac7a1cda
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF143789.TMP
text
MD5: 29489a25a7726737e2d4e8c68cb62415
SHA256: 94b56bfaf4b90c24c8d1596ee86e0338c2de8cb038c5c60b7f273d573ea72b12
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: 68bfb1c4ebce44f35803fb4425858215
SHA256: 50d9b22c9ff8b8b536097fee12b790d9209c0b2742f2195be35f14a24c65c8c2
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
text
MD5: 9063f8face14aac42f4e7b364d78b3ff
SHA256: a63b6555fa67be6bcb6b27d5c5684d7ee0a803748ae032ee58541b8e809a8ac8
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1474b1.TMP
text
MD5: 69946c449f94ac8bf5424b8ccd0d004f
SHA256: afbcf48c4f69c7ac3a1c6c6b14442d9ee303e7c8f95115fbf9f5fc699078c303
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
text
MD5: c9d800a492c64a66ff4cf320db18004b
SHA256: bab2d84844e305405328bcd63b3ca07da65c6bd5cd327af76db233f896573da4
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
binary
MD5: 6340a67001eec7e9085e77b313707df9
SHA256: 8f6fa11ded3dcd00867b3accfc809f3c875693ccdb99e03c7458d125103eb75c
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\b66f034a-4624-47cf-8919-5fefa8f23b8e.tmp
text
MD5: b8194f5f2617a954b46da471de374ba0
SHA256: a523ef75e6377a570dedd4baf6e5d6da01f34682a161a77cbb2f561f7a339d23
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13286693234173187
binary
MD5: 699c6f3c585e87b8249eaaf4ce6abe5b
SHA256: 46c8602e142c3bfde77b484ebb4ed7a515fdcb126237aa8bf573409b5dfe8ee4
908
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_88969247\_metadata\verified_contents.json
ini
MD5: 59640fa85554b6250c4ec0981a91c2f9
SHA256: 82fbe9b87e4413ec42bcb82d9c094abdb0cdebea93ecc30b98af0acb13dcc18f
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f508acc6-227f-4a67-8581-5ce9befd722b.tmp
text
MD5: e4e84bbcc125465dc49c69c141a836f7
SHA256: 1cb193d4c49b66d1db9fbb774e9ea94a49e9e480b01d928cc82d166515835c35
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\000003.log
binary
MD5: 0407b455f23e3655661ba46a574cfca4
SHA256: ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7
908
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_88969247\manifest.json
binary
MD5: 3fe38aebb85fb278ab6572dd26b50ef7
SHA256: 7590f010f679fb88a7981c8fa4419e60fdc87bcd24658e7ad593e74441ad6941
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_88969247\manifest.fingerprint
text
MD5: 2c7df72a4059f4e5a326049d5b07288f
SHA256: 119f6bfc74e3364ec0e066feb71a6d9eec8d7b83cb1bdab396bc21a02be1da53
908
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_88969247\safety_tips.pb
binary
MD5: 2700a3258bdd4475b698bb561e6ff6bf
SHA256: ca97d807693c791794eab7a09e65971294f00ec1a26be0e540867d1e34c84a3e
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF14662b.TMP
text
MD5: bab3ea4f93bfba7a7fe8ea2ae588626b
SHA256: d9f33e2da2ff89f601361006976a868cc154341cb60eb9db7af64ac32c916463
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\fd2c060b-22bf-4254-bd1b-f04de082b412.tmp
text
MD5: 69946c449f94ac8bf5424b8ccd0d004f
SHA256: afbcf48c4f69c7ac3a1c6c6b14442d9ee303e7c8f95115fbf9f5fc699078c303
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF13fd30.TMP
text
MD5: c53662a9203bc18aeec42171a8b8d6b8
SHA256: 4a01dcc6f5fb5083f0a99ee1f3f61d4df460ed02da8aefb72bfc1ffad2e900c2
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\3b4da5b4-5f42-4bb6-bafa-e3c9c305be36.tmp
text
MD5: 29489a25a7726737e2d4e8c68cb62415
SHA256: 94b56bfaf4b90c24c8d1596ee86e0338c2de8cb038c5c60b7f273d573ea72b12
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
text
MD5: a75faae040aa32b4b643690b738ad57b
SHA256: ec0e04caef294a8bc01b1c117dde088ff4ed58867e55d7ea960f54463da8c750
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
––
MD5:  ––
SHA256:  ––
3992
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_837727362\_metadata\verified_contents.json
ini
MD5: 2804b91ce25589a9c3a1605cf8fea802
SHA256: eead798a722d271c8ef84085322fd51c3380c8a0852fc5e57c8241f411e32a71
3992
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_837727362\Preload Data
binary
MD5: 121cc3f84dd543f7e99873c14cfee95f
SHA256: f8a2e0ff8064612bfda4a700643a4ca82a43c7ce89df0dd8087602568879f5e6
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_837727362\manifest.fingerprint
text
MD5: 0cc6ed07b15f167622a5630e9c1d41fd
SHA256: b3a187c96597fdb374711fcf181d292d2e4b83e8d4b69346f43f13b3027e67a1
3992
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_837727362\manifest.json
binary
MD5: 1552b58cfa8370ab6483d21edd1143f6
SHA256: 87ef6758795cc21bcba07b919b5dbe82ede333a5868e5ca3b3a8006e931f17b3
2692
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_975197044\Recovery.crx3
crx
MD5: 7ebbe06233c74d47bdb914d8afa24308
SHA256: 36a56323ca678c7070637c765fbe1c52eaccc8234afe126a9160246e1542e7a9
2692
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_975197044\_metadata\verified_contents.json
ini
MD5: 71ae0825f223c4fd74e379c7b44e30f9
SHA256: a07420e07e72334fb6d8dff4a45c7355d11b117e5833feaf22d00f2da051d91f
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: ff77f5509b41c682880fe672d39837e1
SHA256: 347dbccf3051df15b1f73d520e5e6bb49c97809e25e4ba7cddd393f62f8d988c
2692
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_975197044\manifest.json
binary
MD5: 18bf540793a76c42e591f91949a9c83b
SHA256: c503fef6c5ffcbeee90622e25d2479d3b7fdac8c3e62cf499bfb8cf93768b5fe
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF13bd58.TMP
text
MD5: 565e6e8bf2f45fd3ff71316a6350c174
SHA256: ea5aec3ff861ccc0713b6f52bf7f81d7c4e692ef060c510221df8263dcb38b1d
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\c73c34f2-c707-44fd-9022-6ff35164d050.tmp
text
MD5: ff77f5509b41c682880fe672d39837e1
SHA256: 347dbccf3051df15b1f73d520e5e6bb49c97809e25e4ba7cddd393f62f8d988c
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_975197044\manifest.fingerprint
text
MD5: a260b00d6505b0181308e6d573d813f6
SHA256: c0ff5475b3215abeafcea48d3798e342f84077a526b2f272beb3538880789f55
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF13b549.TMP
text
MD5: c53662a9203bc18aeec42171a8b8d6b8
SHA256: 4a01dcc6f5fb5083f0a99ee1f3f61d4df460ed02da8aefb72bfc1ffad2e900c2
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RF137f45.TMP
binary
MD5: 96c69813e9ba892c514f10eb21aa6924
SHA256: a7f341746e556aceab214dd998748688fc14fadd138f3e7be9b6154d87227e75
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
binary
MD5: 545118f0667f863517128cc6a9e9b55c
SHA256: 14b67bd35723117cd5411f41ccbef172ce1dc6f7c05beb22ff3bdd46077dc3e2
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\e4b73f45-3956-4a37-b7da-fe1f0683e047.tmp
text
MD5: c53662a9203bc18aeec42171a8b8d6b8
SHA256: 4a01dcc6f5fb5083f0a99ee1f3f61d4df460ed02da8aefb72bfc1ffad2e900c2
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF138168.TMP
text
MD5: 754eaf5a9250886bb4dec99ea2e40877
SHA256: ffe04e366cac48d4d156535496bf4887b4b492e1c32d7592e8f82f4e94133ba3
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\120b0a1d-4532-4e22-aa68-4a3bcecc2f74.tmp
text
MD5: d013fa52108fa41da7bc5d76de22fb84
SHA256: ffe79b82be30e2e7a891c84980e2b246295e23204703460eabda5efa0b6a773a
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\dbb88577-d3ae-4ed4-abf4-f1be0cd850d7.tmp
binary
MD5: 545118f0667f863517128cc6a9e9b55c
SHA256: 14b67bd35723117cd5411f41ccbef172ce1dc6f7c05beb22ff3bdd46077dc3e2
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\77f2400e-5c08-4086-9fcc-5853cf732db1.tmp
text
MD5: bab3ea4f93bfba7a7fe8ea2ae588626b
SHA256: d9f33e2da2ff89f601361006976a868cc154341cb60eb9db7af64ac32c916463
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1379e6.TMP
text
MD5: 9285eec19bcf20b0aec8fe7f021ebe95
SHA256: 08385d1ecc2582458ba37b0bde1760fd30ac092715a0e645cfb80d3e17484f3a
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF137979.TMP
text
MD5: 88eb3c64eb5255d094669b7eb604f0e3
SHA256: 26231c9968c3503ff2fa485af525a1971e4094a7f69f7fc29d4ddbd98a3185f8
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1dad1d5d-10dd-4996-b22c-9a750dfe3c96.tmp
text
MD5: 565e6e8bf2f45fd3ff71316a6350c174
SHA256: ea5aec3ff861ccc0713b6f52bf7f81d7c4e692ef060c510221df8263dcb38b1d
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\cf15a744-fa9a-490b-9cb1-58137d7e8fde.tmp
text
MD5: c53662a9203bc18aeec42171a8b8d6b8
SHA256: 4a01dcc6f5fb5083f0a99ee1f3f61d4df460ed02da8aefb72bfc1ffad2e900c2
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\1143fa3c-c41c-496d-a84e-b4fdee914776.tmp
binary
MD5: 96c69813e9ba892c514f10eb21aa6924
SHA256: a7f341746e556aceab214dd998748688fc14fadd138f3e7be9b6154d87227e75
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1366cc.TMP
text
MD5: c2608d00ab079e7b2a78636034a0fe04
SHA256: 338f9873db8d2ae85adf64fee1e6e70d15c5620c77d8c45d6d0499d389a2f5a8
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000001.dbtmp
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: 17fc6f4057cbe0a114ab1ca02fe5c874
SHA256: d0a60490f91290d468c450b2204336dc105240174871a1a59d7fef5f1d3bac49
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF12c8f5.TMP
text
MD5: 258fbce4885939dfc3de35ca60d5c9d0
SHA256: 3e5e4cbb34f277eaaeeefc58855e519b121d1ffc2f250f5807a43718c0abe00d
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\41f25fb5-3fc6-4ab3-acd7-e9630de1ec2f.tmp
text
MD5: 17fc6f4057cbe0a114ab1ca02fe5c874
SHA256: d0a60490f91290d468c450b2204336dc105240174871a1a59d7fef5f1d3bac49
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF132bc6.TMP
text
MD5: 4465e92ed48ef6a31b75db15b6428c81
SHA256: a73bef512a1fc0c5556643163af3dae96539a8d430b3415a24d69948aadff92d
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\f9c14a5d-c0ba-45c3-ac09-518a683f31f3.tmp
text
MD5: c2608d00ab079e7b2a78636034a0fe04
SHA256: 338f9873db8d2ae85adf64fee1e6e70d15c5620c77d8c45d6d0499d389a2f5a8
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RF132bc6.TMP
binary
MD5: 0334423651e5d49144bd622d858d0805
SHA256: ddbe25380eb36152bfb643799c30e39792a5c7c81cf2a0498f23e01f4943c168
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5855b8cd-03b6-49bc-8e0d-11e6707b1ce6.tmp
text
MD5: 9285eec19bcf20b0aec8fe7f021ebe95
SHA256: 08385d1ecc2582458ba37b0bde1760fd30ac092715a0e645cfb80d3e17484f3a
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF1304a7.TMP
text
MD5: 7698bf9150baf31946fde312fc4e1b14
SHA256: 9b69fa774fd7400f55f403842d8be8341c5f4efc8ee7cc28a9e70f921bb7d2ce
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1304c6.TMP
text
MD5: d61f382f13811e616fe710d5f335a426
SHA256: 310b013cdef717a29077f39e9024a1dc5e96d5b9b159f68ad21344c049f3255d
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\1709961f-f373-4701-bdcc-ec09476e0846.tmp
text
MD5: 4465e92ed48ef6a31b75db15b6428c81
SHA256: a73bef512a1fc0c5556643163af3dae96539a8d430b3415a24d69948aadff92d
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF12c8f5.TMP
text
MD5: 33538d5ffa7f34d464a51d2e2a4dd017
SHA256: 6e4944c2c41916bdefcd76273f04d2874f3e10cef29ea13a7071c4b6028c358a
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1ddcadec-3799-41af-b43e-88f8a70dbf8e.tmp
text
MD5: 7698bf9150baf31946fde312fc4e1b14
SHA256: 9b69fa774fd7400f55f403842d8be8341c5f4efc8ee7cc28a9e70f921bb7d2ce
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\b361d165-1496-4cc1-b9d1-ae5d2086a14f.tmp
binary
MD5: 0334423651e5d49144bd622d858d0805
SHA256: ddbe25380eb36152bfb643799c30e39792a5c7c81cf2a0498f23e01f4943c168
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RF12c404.TMP
binary
MD5: 1f43f45b55dbabb100adb79306757fa3
SHA256: 4bea05cdce49969a177d1a3dd0657979061b3ace5bfcd251327205dfae254864
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RF12c0b8.TMP
binary
MD5: 6fdf73939b99afaf0dc885dc84462478
SHA256: cc37efcec0293964ef7d1d6ef310dd08ee07a6c784902b1ebcb52a50dc7f73c6
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\afabdcd8-57b2-4ee1-be88-ef1308dd2e48.tmp
text
MD5: d61f382f13811e616fe710d5f335a426
SHA256: 310b013cdef717a29077f39e9024a1dc5e96d5b9b159f68ad21344c049f3255d
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\Chrome Web Store Payments.ico.md5
binary
MD5: 61b979eca159ecac9c7f8f1d6fd43e9d
SHA256: ab05e0a6ff7e8fff89f924b279d93afc72acce817c4d250c60bb8059cc534303
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
binary
MD5: e91da3a764f715bc12dcac4d841c9314
SHA256: 1cd5bdc331f78b8dc32b7a4a998156faea464d3b2ebbafbf434469ea3ef50884
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\Chrome Web Store Payments.ico
image
MD5: 6c53108c981c84582b760dad57e31d37
SHA256: ac7bff1ae4531a65d6cafbea3b3b1189af82e98e1bb535494b66c404dac89f52
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF12bce0.TMP
text
MD5: 962fcaa22c2b962c4ec16974ca9de2c6
SHA256: 870365b462b704ec5ff25ce5a649e0294842ae8e1ac75a738a1e6523c49aa2bf
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\000001.dbtmp
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\1d0f0635-4c71-4999-81e8-8e8dfde09a9e.tmp
image
MD5: 6c53108c981c84582b760dad57e31d37
SHA256: ac7bff1ae4531a65d6cafbea3b3b1189af82e98e1bb535494b66c404dac89f52
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index
binary
MD5: 54cb446f628b2ea4a5bce5769910512e
SHA256: fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index
binary
MD5: b7b02fcd51cc054badac853bf51327b0
SHA256: 66a31c732a5a6c83bcc63835bf527c718b2e36d86dee4010a75e051b2f6b4b32
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
binary
MD5: e91da3a764f715bc12dcac4d841c9314
SHA256: 1cd5bdc331f78b8dc32b7a4a998156faea464d3b2ebbafbf434469ea3ef50884
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
binary
MD5: 90f880064a42b29ccff51fe5425bf1a3
SHA256: 965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG.old
text
MD5: 23fe827c759c66b4bf79534f0382b7f5
SHA256: 8aeb5a8d1604e253bd3545d587604ed5d1899950c7fd82c4b809a9d04d296f2c
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\temp-index
binary
MD5: b7b02fcd51cc054badac853bf51327b0
SHA256: 66a31c732a5a6c83bcc63835bf527c718b2e36d86dee4010a75e051b2f6b4b32
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old
text
MD5: cb7250236eb5beed080d36e442095200
SHA256: 717eb0ac0830309a339ac7c7dbd3260b435db0c870e38bdd11336787791087d4
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old~RF12a1d6.TMP
text
MD5: 6fe92100838f65d6cb564d68d48c0659
SHA256: 469b11de5e2a5742926b6e04d22e03bac570e0d365eaffb09300d93a0f0e2834
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\vi\messages.json
binary
MD5: 7ebb677fead8557d3676505225a7249a
SHA256: 051f96ed874c11c4a13589b5f68964e4f5b03b52dda223d56524f2ca23760c04
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\th\messages.json
binary
MD5: 83e2d1e97791a4b2c5c69926efb629c9
SHA256: 2feca577f43d97baeea464741d585892103585208fd0a935b810a03bdce83c88
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\sv\messages.json
binary
MD5: d372b8204eb743e16f45c7cbd3caaf37
SHA256: b8ba77e0089b0676545ec16d32468b727812b444f90b33a7a5b748e6c36c4388
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\zh_CN\messages.json
binary
MD5: bb73bf561bb79f89d9bf7c67c5ae5c65
SHA256: d804f2a040d21d7511efd5213d8e1721d64964a1a0dbb48e21622ceedc9d967e
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\sl\messages.json
binary
MD5: 3943fa2a647aecedfd685408b27139ee
SHA256: 18aff072ee0df7c3495045435c752a805606e6d5d462ef2321c443f1773f4b3a
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\lv\messages.json
binary
MD5: c5ce2c51391eafd3da9e4c71549a3c28
SHA256: 1fa1df2ca8516def490fb8484e9aa498acff80eef5c9258ffe42d3678e6c7ded
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\id\messages.json
binary
MD5: eab2b946d1232ab98137e760954003aa
SHA256: c6e8800450602de0f39fe9f6854472383813fb454b08abae7e25a9167ce004c3
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\ko\messages.json
binary
MD5: 9f6b4d82a70c74ca751e2eae70fab5cf
SHA256: d1467b8d037114403e8f4efc52e88c4a7feb96126be4cff883feff1084ef7e68
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\uk\messages.json
binary
MD5: ab0b56120e6b38c42cc3612be948ef50
SHA256: 68aba284751eb9c856032062ef9b1651e2a1e5ce5fda0977ffc97d63ba7bed9e
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\zh_TW\messages.json
binary
MD5: 5ff50c673cc0c661d615f0cfd0e6dca0
SHA256: c6f8c640f3353a7b9b1432a0c139c1aeec40133800e6c9b467b63991ad660308
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\sk\messages.json
binary
MD5: 8df215d1efbdabb175ccdd68ed8dcb0a
SHA256: 7fa16af97e6cfc52ec6008eb679d3f30e7e0c24f9ef2d18a9228eaf4ded9d63b
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\nb\messages.json
binary
MD5: 93c459a23bc6953ff744c35920cd2af9
SHA256: 2cd700aeb57d89c2e73333d0702556ee3ff3863516170f85669bc680fcbdc4e0
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\sr\messages.json
binary
MD5: d485df17f085b6a37125694f85646fd0
SHA256: 7ffde34c58e7c376c042de64def6481dae32be8b70f0b18edf536290cbe0c818
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\ru\messages.json
binary
MD5: db2edf1465946c06bd95c71a1e13ae64
SHA256: fbaf22ce6e16de174ced8cb5ea3098cca1c3426a2111ff33bd3e64da64ed67ab
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\ro\messages.json
binary
MD5: 98d43e4b1054a65df3fa3cc40ab6fb6d
SHA256: 113a13900cba62fe8aed06751971c23a80a99b47f9be219cf884d57db19611d9
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\lt\messages.json
binary
MD5: 4ca644f875606986a9898d04bdae3ea5
SHA256: 7c311ab751d840d750c11553c083785813e079c1d464fe568a98c9e3ef3db96c
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\pl\messages.json
binary
MD5: 0e6194126afccd1e3098d276a7400175
SHA256: e2699f98c511b18a2afb82eae9a4804b646c4ff1077d80e77c17a3943a6373c2
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\it\messages.json
binary
MD5: a328eef5e841e0c72d3cd7366899c5c8
SHA256: cd891c45f7586fb4a2514205a11f260e4a6d4482fa03d901909dd9f57be0536d
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\nl\messages.json
binary
MD5: 7a8f9d0249c680f64dec7650a432bd57
SHA256: 92be7c2dc9cfbe5a65e9ce6488d364c8d7ec19e7b67a31e4d43c1cb2b169671c
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\tr\messages.json
binary
MD5: 2ceae0567b6bb1d240bbad690a98ca3b
SHA256: a7cb86f30c9c31fe5540282c308ba96adb4ec16ef98c87129eb88105e5bef5fc
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\pt_BR\messages.json
binary
MD5: 86a2b91fa18b867209024c522ed665d5
SHA256: 6374880fdd1f8af1ee8aea6a06b73be0ab265afceb4fe6f08bde3b3989264b21
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\pt_PT\messages.json
binary
MD5: 750a4800edb93fbe56495963f9fb3b94
SHA256: c1c94f65fabaf17def98a8587711a56d61b1e5607500e9b01f2824db109f9e83
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\ja\messages.json
binary
MD5: 9b3a5d473c3f2bbfaeece94a07a940b8
SHA256: 706312a4a2aef3317223f141eb2b82685345b7eed444f16bb4df3a272716da1f
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\et\messages.json
binary
MD5: cff6cb76ec724b17c1bc920726cb35a7
SHA256: c85800bf45942fcc7fd6b1df929c25f9cc2a977a6678966bd03d4b6b69889afd
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\hu\messages.json
binary
MD5: 85609cf8623582a8376c206556ed2131
SHA256: 32a249749f12adb6a220bf9adc272c7e5d9ad5497a38b0086d961e3aba17fbc6
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\de\messages.json
binary
MD5: 6b3e916e8c1991aa0453cba00fedcaaa
SHA256: a62ffab910e31531758eee48b2cc71a8857bec3021dead50b668cba3c8667053
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\fil\messages.json
binary
MD5: 57af5b654270a945bda8053a83353a06
SHA256: ec002ed92359f67818b49455dfc579e140368e6a004080af022fd4f57f6b03f2
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\da\messages.json
binary
MD5: 238b97a36e411e42ff37cefaf2927ed1
SHA256: 4977d4a053542ff66967faed6b06585dd70e68e20bfeb533b66fe3287f9655d9
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\en_GB\messages.json
binary
MD5: 91f5bc87fd478a007ec68c4e8adf11ac
SHA256: 92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\en\messages.json
binary
MD5: 91f5bc87fd478a007ec68c4e8adf11ac
SHA256: 92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\el\messages.json
binary
MD5: 05c437a322c1148b5f78b2f341339147
SHA256: a052c32b4fcac61152eb0adb2c260fb6a8256ad104aa0013db93e9798d41a070
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\es\messages.json
binary
MD5: 82719bd3999ad66193a9b0bb525f97cd
SHA256: 4db9b2721e625c18b9e05c04b31af5d9694712f1caaf6219abe34bb08e5db1c7
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\hr\messages.json
binary
MD5: 8185d0490c86363602a137f9a261cc50
SHA256: a2b2ec359a9dd9dccce02859ce1e738bd30faa4a05f1dc522893ffdf722bbc15
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\fi\messages.json
binary
MD5: 3a01fee829445c482d1721ff63153d16
SHA256: 0bde54b20845124113383b6eb81e43a0f05e4eb0c44bee3c1dfac4cc5fec2836
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\cs\messages.json
binary
MD5: 76dec64ed1556180b452a13c83171883
SHA256: 32290d69a90e6baac428b10382c99221b12773bb9a184f3b93dfb48a4f6d7a40
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\fr\messages.json
binary
MD5: 8d11c90f44a6585b57b933ab38d1fff8
SHA256: 599491f8c52b945c16c441adf45bfd45afae046da07757d97c56af4de75ed3b5
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\hi\messages.json
binary
MD5: e376d757c8fd66ac70a7d2d49760b94e
SHA256: 8106d98c4f8da16db698444409558e29cc96735e188bfa303c333a5d99231c1d
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\ca\messages.json
binary
MD5: 1fdafc926391bd580b655fbaf46ed260
SHA256: c67898b67f9c9209eafda6532b62d5789863cfb855998dd6a70e7775316cec20
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\es_419\messages.json
binary
MD5: 6b2583d8d1c147e36a69a88009cbebc7
SHA256: 6659bc3705311d7641a73995dcfea80c7734f2f4ebbc3787b3892a240348324f
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\_locales\bg\messages.json
binary
MD5: 6f8e288a9ad5b1ed8633b430e2b4d4ca
SHA256: a114e2783d0e9b12155017323ba70838f0f82a71c7ee8dc1f115ae36991241f8
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\images\icon_128.png
image
MD5: 4dbc9f9e6f5a08d299bac9e54df07694
SHA256: 91c2718dd23b4356d71f88f6146868369033291086df327534546dfa459beb0e
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2640_1583785451\CRX_INSTALL\images\icon_16.png
image
MD5: fb9c46ea81ad3e456d90d58697c12c06
SHA256: 016ca659ba080e194fbfc0929602b16506ed60aa6019faa51410c4fd93b583e8
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
text
MD5: 450c94d66ba5c3ac0e3acb0defbf5b65
SHA256: 222b9724ab37d5b003c200c82b504dda92939c20ea7501e701c515a4a0f89747
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\manifest.fingerprint
text
MD5: fd2735a192cc8f477e246787039a0128
SHA256: 8d5308c605a6d16c18f8c4170b30177992669477707383f53c9fd6fb0e5a5be7
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\images\topbar_floating_button_pressed.png
image
MD5: e0862317407f2d54c85e12945799413b
SHA256: 5c10ce0589eb115600f77381130b70ae0b7b3752614d86d4c89e857658aa222b
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\images\flapper.gif
image
MD5: 398abb308eebc355da70bce907b22e29
SHA256: 2b73533f47a99ffea9cc405ffafa9c4c53623f62487aebfba415945120b22040
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\images\icon_128.png
image
MD5: 30899b6c4e4a757b8ec6dd2208acdfb4
SHA256: 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\images\topbar_floating_button_close.png
image
MD5: 0599dfd9107c7647f27e69331b0a7d75
SHA256: 131817cd9311c03df22d769dd2ad7fa2e6e9558863a89f7e5e1657424031a937
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\172fa4f4-8740-43c9-b13c-eb6ae6459abc.tmp
binary
MD5: 5058f1af8388633f609cadb75a75dc9d
SHA256: cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
binary
MD5: 51a2cbb807f5085530dec18e45cb8569
SHA256: 1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\images\topbar_floating_button.png
image
MD5: 8803665a6328d23cc1014a7b0e9be295
SHA256: d5f9234dc36e7ffa85f35b2359a4f82276f8395efa76e4553507ea990b27fc6c
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\images\topbar_floating_button_maximize.png
image
MD5: 232ce72808b60cbe0f4fa788a76523df
SHA256: afa4ea944cbdec8543242e627ef46d5bfd3766dcac664e7e50cdeef2b352740c
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\images\topbar_floating_button_hover.png
image
MD5: 7cb6b9dc1a30f63b8bd976924b75ad96
SHA256: 721b7aaa9a42a54a349881615a12e3a26983aca48e173fd2f66e66aa0d725735
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\css\craw_window.css
text
MD5: 67bf9aabe17541852f9ddff8245096cd
SHA256: 10dfbd2d98950b79ee12f6b8e3885aabe31543048de56ad4fc0a5e34d0d9d4ec
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\images\icon_16.png
image
MD5: 344554d96e418120bd80ef5de5194697
SHA256: 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\html\craw_window.html
html
MD5: 34a839bc40debc746bbd181d9ef9310c
SHA256: bb8742615e4cd996ae5d0200e443ae6a6f0b473255f03affdb8fb4660de4554d
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\zh_CN\messages.json
binary
MD5: 393680a09dee0cb9046a62bdc0750b74
SHA256: d5fb52c2897fd5c294784db63c933ac77c609d10ac91431ccb295d87452cbee6
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_metadata\verified_contents.json
ini
MD5: 0834821960cb5c6e9d477aef649cb2e4
SHA256: 52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\zh_TW\messages.json
binary
MD5: cd30d132a7213fc1b7e03c6d0a49ccf7
SHA256: 5717f13d10e63255947f750c79cbb6bd04a6d97a08261e8d5764af5eb0561a28
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\craw_background.js
text
MD5: 6eebed29e6a6301e92a9b8b347807f5f
SHA256: 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\manifest.json
binary
MD5: 6ca25f3ef585b63f01bcdf8635120704
SHA256: 49d9de983f7436ba786e6e04a5a20c10f41687ae06b266b1b6553f696719563d
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\craw_window.js
text
MD5: 1709b6f00a136241185161aa3df46a06
SHA256: 5721a4b3f8e09c869a629effd350b51c9d46f0ac136717d4db6265c0ee6f9ac8
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\vi\messages.json
binary
MD5: 7d52e9357ab847b4cc8dbc8cc4da93f5
SHA256: 313f71f3ffdcefc76fc746ff2029fbf8fbe38bd83dcf952fc3ddcd8aa96d5cfb
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\uk\messages.json
binary
MD5: fd1c9890679036e1ad914218753b1e8e
SHA256: 39d19cc3387ffce13a8f11dad72e2fcbb7cd1a4367ec699ad7c40d6f52ece717
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\tr\messages.json
binary
MD5: 1bf2aa4bb904b406c9c2b7df769bb540
SHA256: 0f2e8285ba3e2bdba6b16435fb941b07159aacfac80196ad5941b79ab52b712a
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\sl\messages.json
binary
MD5: f45de58765a37fd095319d7deb0f2fb6
SHA256: 8366774aa582035bc7d949f4e28faec371c305d01404df56fff5a78b4f6ecdb7
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\th\messages.json
binary
MD5: 283d5177fb2fc7082967988e2683ec7c
SHA256: e8d5820bde31b66a7641068fdedd1a5f20c1a783460b98887a670f38422099cf
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\sv\messages.json
binary
MD5: 6e1be9cee29818e54e3d1c7d483dd6f7
SHA256: e348583d8c53f4a5dec4551da93785c17108466e427e06f84708aa383ea0e326
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\sk\messages.json
binary
MD5: 4bbaa10fd00aadbba3ef6e805e8e1a62
SHA256: 906c4f7fdde15de4c841e7910bbf14d9175e894bcb244b56e8447a5adfa5b7ab
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\sr\messages.json
binary
MD5: 92c1fac62eb7f92ec3794d4a141bef32
SHA256: 9df154c93b02695af1cc39f085d9d178ec6af131a62c2afc65f125f8f9a5b7ac
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\ru\messages.json
binary
MD5: 22f9e62abad82c2190a839851245a495
SHA256: 9fc1167626c97bcbfdaff23c6033a44252f89a501af1df41c43cb3a994feb09f
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\pt_BR\messages.json
binary
MD5: 1f4bc8a5efd59d61127abeecd4b6cae3
SHA256: e1950cbbf056f068ea56160ddb318f3e6232bfbbe096d221c7ca6fcaace2a8b9
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\nb\messages.json
binary
MD5: 8f0168b9a546d5a99fd8a262c975c80e
SHA256: f03fa7384df79eba6e0274d570996030f595a3bf6b781929dd9db6593262e41f
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\pt_PT\messages.json
binary
MD5: d80ece7e4b3741cd9cd29b89d006b864
SHA256: c8ff9acaea1d3b6f8483339cb40f66bc563cca8dd87f2337f813c492b20f451b
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\ja\messages.json
binary
MD5: 96c8cbd161d3ce9cb1a46cb2cd0c6583
SHA256: 81d8f1d9f72b3139bc5d9845bcf82990308fb6175d07514d8238b1e6d5d02e8a
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\hr\messages.json
binary
MD5: 9cf848209ff50dbf68f5292b3421831c
SHA256: ea1744c3cfbaa684a31a00067e8493ed114eff3e878c797c9c55a7b122d855cd
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\ko\messages.json
binary
MD5: 3caf23a8ea2332d78b725b6c99ec3202
SHA256: bfe72bbc492b9018a599cb6575366696e431e6a38400e4b2ed06eae3340d3ae5
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\ro\messages.json
binary
MD5: d63e66b94a4ea2085d80e76209582fb1
SHA256: 91a5aad210c3e0241106e8821b3897edefec9d85033c94db2324ff3a5fde5ac7
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\pl\messages.json
binary
MD5: e16649d87e4ca6462192cf78ebe543ec
SHA256: eb435f7460a63576ca1ecb51948e7a3ad5168d2f175ae2b5836d469672923d84
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\lt\messages.json
binary
MD5: 41f2d63952202e528dbbb683b480f99c
SHA256: ff7c083cd1e6134dd8263c634336eb852274bad1bfad18762814c42bc65309d8
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\lv\messages.json
binary
MD5: 1d21ed2d46338636e24401f6e56e326f
SHA256: 434a375c32b8a21c435511c551f740fd4d170ec528a8f4efc3d798ea4a07b606
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\nl\messages.json
binary
MD5: e7f74dce7b6411e4e0d95e9252cf74fa
SHA256: 3564aef46c01602b19cc29fd8a79676c543427ede98206d0c91b33af0ccf3977
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\id\messages.json
binary
MD5: 9008516aa1d8f8c2b8ece70b7e4963ad
SHA256: 89cab0af2b53c6abeb93c8c628ddcbdd286a7a2672fe03440411bb654e3a0675
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\it\messages.json
binary
MD5: bb9c32ba62dda02f9471c64b5f9cf916
SHA256: 43a0b113d3773ba78f82bb9e42ddc46f6892d0fbbb351f94a7c105e4a146e9c1
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\hu\messages.json
binary
MD5: 4ad92afde3408fbbe43b0c3c71677650
SHA256: 61258fe04c23ae14fdc99ee846cea71cc703990cc0f80c3934299646e86c475e
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\fr\messages.json
binary
MD5: 1e32a78526e3ac8108e73d384f17450b
SHA256: 80f6ee69f1e022812bccc1de1cdc53772cdf90f4e93224161b23fa607d45136a
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\fil\messages.json
binary
MD5: 658dad2af2dc3ac1567d84e8b95f68b0
SHA256: 978ba6d814cf290016833bbac22dc7c05c2c575b1d6429b9bb14f8c2156bcf29
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\es_419\messages.json
binary
MD5: 1fd5daf46c4d7c4f571c263ec37b943b
SHA256: bcc2cf06f66e9e3bb4b7887d0ee0ae4a72a6c49f4b2a578a7733b78208984417
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\hi\messages.json
binary
MD5: b739e3b798d3eeb8afb3e368455a8e97
SHA256: ba7a53a1398168719f2acd58cc5fe06ab0b769eca896d70e7208b18085b42ffa
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\et\messages.json
binary
MD5: 0293a7bae6eee62c4067a80e262d6a2d
SHA256: d06f20d4d68d1dbb89ef7d8e405d9499cb2eb2560217cd5b4a51ab1dd50cab44
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\fi\messages.json
binary
MD5: e5bbe7dbbe75f45bdcd49db8c797106e
SHA256: bffb2248b4c66306133fa6ecbb1541f44b3be22cc8d9a338d690e0b1d0c85532
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\de\messages.json
binary
MD5: 7639b300b40ddaf95318d2177d3265f9
SHA256: 356a9d4adfec484da824e7a72059b724b1686fc90082f4a4b667630436d593b0
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\en_GB\messages.json
binary
MD5: dbedf86fa9afb3a23dbb126674f166d2
SHA256: c0945dd5fdecab40c45361bec068d1996e6ae01196dce524266d740808f753fe
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\cs\messages.json
binary
MD5: 43161effa28a0dbfc67b8f7dbe1b5184
SHA256: 3a04421df5218e8abd3b0e2afe11e8338d7bdcbcd1adb122416944b102bc9696
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old~RF129c77.TMP
––
MD5:  ––
SHA256:  ––
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old
––
MD5:  ––
SHA256:  ––
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\da\messages.json
binary
MD5: 31264ddbf251a95de82d0a67fa47db3a
SHA256: edb51898a6c73d0090d6916b7b72ebac71e964eabb5ba7cd68e21966024f0d23
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\bg\messages.json
binary
MD5: d7a97183bcbd5fb677aa84d464f0c564
SHA256: 76efad74eb8256b942727c42261147eb9cca48da284db3cdce5dc6a3b4346f02
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\el\messages.json
binary
MD5: 3026e922b17dbee2674fdaee960df584
SHA256: 876845b5a061fab3cf2a1466e01015dc40df8449f1cb4205f575cebed8717bad
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old~RF129cf4.TMP
text
MD5: e33f74d1e35fb99c1644c43f3ed0afd7
SHA256: 069104171e482c24b0d33cb121437599564a519005e2c3212a34773065bbd71d
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\000001.dbtmp
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\es\messages.json
binary
MD5: 3f4b0f56c2839839fc3e3270ed4cb7b6
SHA256: 1912ea5e0a62bbc669dc14ab5a5bd5514b0502c483ee1f27c3f8834384187079
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\ca\messages.json
binary
MD5: 58ba5f65ed971591d1f9d81848ee31d0
SHA256: cdd91587f5af2c865776b36a5e9a07b10d21b9d911de0b814b7a1e94b14ae885
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old
text
MD5: e6a3408aa37852852a8028197a697bd3
SHA256: c214ec5ee62abe38c1aa154f98c59988b6535b8d1512b28fb1ecff978cdf4bc7
2672
chrome.exe
C:\Users\admin\AppData\Local\Temp\2640_1413092121\_locales\en\messages.json
binary
MD5: dbedf86fa9afb3a23dbb126674f166d2
SHA256: c0945dd5fdecab40c45361bec068d1996e6ae01196dce524266d740808f753fe
2640
chrome.exe
C:\Users\admin\AppData\Local\Temp\chrome_url_fetcher_2640_1586394336\1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
crx
MD5: 541f52e24fe1ef9f8e12377a6ccae0c0
SHA256: 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
text
MD5: 127179b7b6612ec3f7521b44f1ccd969
SHA256: 4281117bb71d1c8d5571e7db5e8493e4dd3f9e60670678ab8cbc6c685ee443ba
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
––
MD5:  ––
SHA256:  ––
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF129b4e.TMP
––
MD5:  ––
SHA256:  ––
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
––
MD5:  ––
SHA256:  ––
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF129a25.TMP
––
MD5:  ––
SHA256:  ––
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF1298dd.TMP
––
MD5:  ––
SHA256:  ––
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
––
MD5:  ––
SHA256:  ––
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000001.dbtmp
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF129cf4.TMP
text
MD5: 65f7bee92771101b63d90e31db82105a
SHA256: a0b0d20056d7798ba6cf228f8bc1d7b7fc894ddb01343158368f80ada145e622
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\000001.dbtmp
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\000001.dbtmp
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Browser
binary
MD5: de9ef0c5bcc012a3a1131988dee272d8
SHA256: 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old~RF1298dd.TMP
text
MD5: 4f7aae850b0f55ddc8cab17285e0d8e9
SHA256: d05f4daf70faca1e9bcc1e2b14ac972d76623a5a4cd287ce8187a80ccab0af30
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old
text
MD5: 6a39437279c0a015f6913a843a96c74b
SHA256: e2dc12d58075f50e95f0f98cf06d667b77385d18c87be66f03cb59c6322c2373
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF129812.TMP
text
MD5: e07c42d7821c8f460a8fc0c66ba65220
SHA256: 83cb24ee8b10ce9367f2788b95f21213c9c3ac7e50f068ac02439ccbb6eb7664
2640
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: b0ac49fe387a1bed707f5aff6f5f0412
SHA256: 9f9119402bb9b1d4f0be1b26a43cb8233020c3fa7e6a1920d49284ffc6b543a4
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ed8c3864-d933-41f1-ae9c-133361b15dac.tmp
text
MD5: 88eb3c64eb5255d094669b7eb604f0e3
SHA256: 26231c9968c3503ff2fa485af525a1971e4094a7f69f7fc29d4ddbd98a3185f8
128
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecu