General Info

File name

Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe

Full analysis
https://app.any.run/tasks/3ea0a76b-4081-460d-9b72-1150937e93e7
Verdict
Malicious activity
Analysis date
3/14/2019, 17:39:33
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

rat

remcos

keylogger

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

09a1687bbdc01ecbc03969225d42320a

SHA1

abb70a9118bc91e1331632c72783fef6ae83e170

SHA256

db2e18a3efb5a1a4c9179b6932f0b186fde1ffec150bd9c9a424ba47da3c6b9a

SSDEEP

6144:Iycbg9mIr+LG/rroafcjdtRNwIJPs3n3Q7:IyoICLG/rsafcBtDRVgQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
REMCOS RAT was detected
  • csrrs.exe (PID: 2856)
Changes the autorun value in the registry
  • csrrs.exe (PID: 2856)
  • Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe (PID: 2748)
Detected logs from REMCOS RAT
  • csrrs.exe (PID: 2856)
Creates files in the user directory
  • csrrs.exe (PID: 2856)
  • Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe (PID: 2748)
Application launched itself
  • Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe (PID: 3444)
  • csrrs.exe (PID: 3888)
Starts CMD.EXE for commands execution
  • WScript.exe (PID: 3912)
Executes scripts
  • Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe (PID: 2748)
Executable content was dropped or overwritten
  • Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe (PID: 2748)
Writes files like Keylogger logs
  • csrrs.exe (PID: 2856)
Connects to unusual port
  • csrrs.exe (PID: 2856)
Application launched itself
  • chrome.exe (PID: 3664)
Reads settings of System Certificates
  • chrome.exe (PID: 3664)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable Microsoft Visual Basic 6 (65.7%)
.exe
|   Win64 Executable (generic) (22.1%)
.dll
|   Win32 Dynamic Link Library (generic) (5.2%)
.exe
|   Win32 Executable (generic) (3.6%)
.exe
|   Generic Win/DOS Executable (1.6%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2004:07:27 11:18:51+02:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
9216
InitializedDataSize:
12288
UninitializedDataSize:
null
EntryPoint:
0x315e
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
1.0.1.0
ProductVersionNumber:
1.0.1.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
Comments:
null
CompanyName:
NirSoft
FileDescription:
null
FileVersion:
1.01
InternalName:
ExeInfo
LegalCopyright:
Copyright © 2002 - 2004 Nir Sofer
LegalTrademarks:
null
OriginalFileName:
exeinfo.exe
PrivateBuild:
null
ProductName:
ExeInfo
ProductVersion:
1.01
SpecialBuild:
null
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
27-Jul-2004 09:18:51
Detected languages
English - United States
Hebrew - Israel
Comments:
null
CompanyName:
NirSoft
FileDescription:
null
FileVersion:
1.01
InternalName:
ExeInfo
LegalCopyright:
Copyright © 2002 - 2004 Nir Sofer
LegalTrademarks:
null
OriginalFilename:
exeinfo.exe
PrivateBuild:
null
ProductName:
ExeInfo
ProductVersion:
1.01
SpecialBuild:
null
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
4
Time date stamp:
27-Jul-2004 09:18:51
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000022F0 0x00002400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.94202
.rdata 0x00004000 0x0000077E 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.70677
.data 0x00005000 0x00001C8C 0x00001600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.94254
.rsrc 0x00007000 0x00071E81 0x00071E00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 3.58366
Resources
1

2

101

103

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    comdlg32.dll

    SHELL32.dll

    VERSION.dll

    MSVCRT.dll

Exports

    No exports.

Screenshots

Processes

Total processes
45
Monitored processes
16
Malicious processes
6
Suspicious processes
0

Behavior graph

+
start cobro_563492265_50936_1948_cta_ahorro_6533_pdf.exe no specs cobro_563492265_50936_1948_cta_ahorro_6533_pdf.exe wscript.exe no specs cmd.exe no specs csrrs.exe no specs #REMCOS csrrs.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3444
CMD
"C:\Users\admin\AppData\Local\Temp\Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe"
Path
C:\Users\admin\AppData\Local\Temp\Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
NirSoft
Description
Version
1.01
Modules
Image
c:\users\admin\appdata\local\temp\cobro_563492265_50936_1948_cta_ahorro_6533_pdf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll

PID
2748
CMD
"C:\Users\admin\AppData\Local\Temp\Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe"
Path
C:\Users\admin\AppData\Local\Temp\Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe
Indicators
Parent process
Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
NirSoft
Description
Version
1.01
Modules
Image
c:\users\admin\appdata\local\temp\cobro_563492265_50936_1948_cta_ahorro_6533_pdf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wscript.exe

PID
3912
CMD
"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\install.vbs"
Path
C:\Windows\System32\WScript.exe
Indicators
No indicators
Parent process
Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft ® Windows Based Script Host
Version
5.8.7600.16385
Modules
Image
c:\windows\system32\wscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vbscript.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\scrobj.dll
c:\windows\system32\mlang.dll
c:\windows\system32\scrrun.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\mpr.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll

PID
3236
CMD
"C:\Windows\System32\cmd.exe" /c "C:\Users\admin\AppData\Roaming\csrrs.exe\csrrs.exe"
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
WScript.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\roaming\csrrs.exe\csrrs.exe

PID
3888
CMD
C:\Users\admin\AppData\Roaming\csrrs.exe\csrrs.exe
Path
C:\Users\admin\AppData\Roaming\csrrs.exe\csrrs.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
NirSoft
Description
Version
1.01
Modules
Image
c:\users\admin\appdata\roaming\csrrs.exe\csrrs.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll

PID
2856
CMD
C:\Users\admin\AppData\Roaming\csrrs.exe\csrrs.exe
Path
C:\Users\admin\AppData\Roaming\csrrs.exe\csrrs.exe
Indicators
Parent process
csrrs.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
NirSoft
Description
Version
1.01
Modules
Image
c:\users\admin\appdata\roaming\csrrs.exe\csrrs.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll

PID
3664
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll

PID
2412
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f4500b0,0x6f4500c0,0x6f4500cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3760
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3680 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
2848
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=940,11392405786802010514,5905475506731567799,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=F8B2CDB12C08A4076FBFB05F8FC2461B --mojo-platform-channel-handle=984 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3476
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,11392405786802010514,5905475506731567799,131072 --enable-features=PasswordImport --service-pipe-token=A8E337E6944D68F0691289962C089B51 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=A8E337E6944D68F0691289962C089B51 --renderer-client-id=5 --mojo-platform-channel-handle=1916 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
908
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,11392405786802010514,5905475506731567799,131072 --enable-features=PasswordImport --service-pipe-token=E123D395E9C77C3FB1303518E9CC9977 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=E123D395E9C77C3FB1303518E9CC9977 --renderer-client-id=3 --mojo-platform-channel-handle=1524 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2612
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,11392405786802010514,5905475506731567799,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=9C08D72CBFC6A2551D3C7F5DADA52B78 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9C08D72CBFC6A2551D3C7F5DADA52B78 --renderer-client-id=6 --mojo-platform-channel-handle=3000 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll

PID
768
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,11392405786802010514,5905475506731567799,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=E48BC57D2AABED9B6C9D01B956AC51B3 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=E48BC57D2AABED9B6C9D01B956AC51B3 --renderer-client-id=7 --mojo-platform-channel-handle=3696 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1524
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=940,11392405786802010514,5905475506731567799,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=32A45FDB76E303F12BBB04C7A619457D --mojo-platform-channel-handle=3852 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2544
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=940,11392405786802010514,5905475506731567799,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=C280D631E1D7C75CC5E37E4873C7D4CC --mojo-platform-channel-handle=3960 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

Registry activity

Total events
576
Read events
525
Write events
50
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2748
Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
csrrs.exe
"C:\Users\admin\AppData\Roaming\csrrs.exe\csrrs.exe"
2748
Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2748
Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3912
WScript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3912
WScript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2856
csrrs.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
csrrs.exe
"C:\Users\admin\AppData\Roaming\csrrs.exe\csrrs.exe"
2856
csrrs.exe
write
HKEY_CURRENT_USER\Software\Supremo-T5M5GY
exepath
0C12403043CA6725F43AD2C8E7AA93EA5609CDADC1FF53D7E29FA6AE53F73E9FE11CCFB103BC310E8931EC13F5EFCC9C3429DCBD317FBE1DE69777F6B4788123E4CBBF7849342AB653436C16C3B3013868EAD374C1B2F2CFBBD2F373A3EADF764777E5B498A9
2856
csrrs.exe
write
HKEY_CURRENT_USER\Software\Supremo-T5M5GY
licence
03D168964823AB3DB16F68F70DB3990D
3664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3664
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3664
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3664
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
3664
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
3664
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
3664
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
3664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13197055243151375
3664
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3664
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
3760
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3664-13197055241354500
259
3760
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3664-13197055241354500
0

Files activity

Executable files
1
Suspicious files
56
Text files
66
Unknown types
9

Dropped files

PID
Process
Filename
Type
2748
Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe
C:\Users\admin\AppData\Roaming\csrrs.exe\csrrs.exe
executable
MD5: 09a1687bbdc01ecbc03969225d42320a
SHA256: db2e18a3efb5a1a4c9179b6932f0b186fde1ffec150bd9c9a424ba47da3c6b9a
2748
Cobro_563492265_50936_1948_CTA_AHORRO_6533_pdf.exe
C:\Users\admin\AppData\Local\Temp\install.vbs
binary
MD5: 78f57e85d2f8bf118660f6646d50c45d
SHA256: 93b8d06b59f0bf8bb39dc46b7bb13ae6ed121efabe04ae33bb9653d2cb4f1cfd
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: fba4d2c7b6871c1287ddcf9d80d5af1a
SHA256: 7d9b7cdb6a13999b99e37c038199cca6699b7e57c18778addefb459339aa0e42
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: 4e52066fc3d7eb1ffa3702e75c808bd4
SHA256: 10a7ab921fb3700a75d83ba29c6f7506d46d65271deb14b7acdec6358192c8f6
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs
sqlite
MD5: bbe37fc7f95c68f6889fed048db59849
SHA256: 2f51f194184c0500d3450f02e12ce20392e28989766f057fb14f0002bf6eea32
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: 093cf545cb18c06af8ac46dde2e1cc1b
SHA256: 0d3aa5c523e94a2eb5d3c5446f8d186ed65339c1ca94f664584cd2329729780e
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF1a7f24.TMP
text
MD5: 5addae25444384061ad82cb0cfaef148
SHA256: 1596e311d3d21b6944895d993ed85c571babf592b2698cf5635c31eee40c1914
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 5addae25444384061ad82cb0cfaef148
SHA256: 1596e311d3d21b6944895d993ed85c571babf592b2698cf5635c31eee40c1914
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1a7f24.TMP
text
MD5: 25d6167be098246242d8ebd8399fed98
SHA256: c46c823ccd8083be709f72a331aa284c03a752e40d581fcb313629146abc7c42
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e8b67996-b140-4040-92c3-9b23f3167b65.tmp
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: d932a31a0fb91833edb0325c6b434b34
SHA256: 8049465356163740d6e4c0bb56b9dcaa90149631646fa6bb56d01de223bd1f8e
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\55057ba6-3dd0-4661-967d-fffffda33fc0.tmp
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: 1068ff18053ac0f7116cf91d7eeaafc1
SHA256: 2277aef8b54a4b386661ba5199b8998a6ba6f8e38ba0c89ef9bababd1de53657
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: ed3d1c71e33729de7febf8fe5e6ec916
SHA256: 69c86a85adc870f4b414d529894f622580db21bbefb5e2c4da4ba14141c7b1fc
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF1a7f05.TMP
binary
MD5: 1068ff18053ac0f7116cf91d7eeaafc1
SHA256: 2277aef8b54a4b386661ba5199b8998a6ba6f8e38ba0c89ef9bababd1de53657
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1a7f05.TMP
text
MD5: 18757a18cb459a3905a49fdec242b6b8
SHA256: 7eb278f7c848428c4cd4d0d349ca86aac86266e4c1a9d2771bdfe82f1c9dd5ed
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
sqlite
MD5: 260fdeb2430809efdfb84175737b205d
SHA256: 881732f2c6f26f7d851da614989f16066848f0710160a57a8abf747061cff287
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 18757a18cb459a3905a49fdec242b6b8
SHA256: 7eb278f7c848428c4cd4d0d349ca86aac86266e4c1a9d2771bdfe82f1c9dd5ed
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
binary
MD5: 58336f1811ffa24e56df62e46228159f
SHA256: aa8bdd77b7ad4b5f11059f79e35894950fa197fb5f4772484043de88f1f80888
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
text
MD5: c4438243bac901fda61ae37068ec9903
SHA256: 7ec1e24b46d05a48aed5a32d6d566fe0c365bc1bb9e676be6c3fd5292c157cbe
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: e5e7fd70d4c30bcd86c0657a1b861688
SHA256: 5b6bccf8c888cb37e29248f6ce3c4e19d89456e707eb3dd80d01eb8f42d0dd43
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: 73bd6896325cd643cff994d7a19b4cce
SHA256: 99a569956195b833201496e0d59483cbcff33f341b23e409f47e1c359108c7c4
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
binary
MD5: f08637c7684a4a6711eb995e9f3ff3ce
SHA256: 25ce8240ceb35450dcd902e8e43084dc314c0ec273ce6e24345442f6f8dc44bc
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: ec382469515ed92111428a7e05cf4d1c
SHA256: 4b35f3e44da94eb6b9927137b151864ed4cd30dc35da21346ca02ae5a3c3f548
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: 4c6c53a952bf96d228d73a31cf4e185b
SHA256: dedf16443402978577eab51f292ab0e9a6fcfaa7308ddbaf0a956808cae595e5
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 25d6167be098246242d8ebd8399fed98
SHA256: c46c823ccd8083be709f72a331aa284c03a752e40d581fcb313629146abc7c42
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\33d23b4a-9369-4ff4-9d95-f21b542fa136.tmp
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1a7ed6.TMP
text
MD5: 25d6167be098246242d8ebd8399fed98
SHA256: c46c823ccd8083be709f72a331aa284c03a752e40d581fcb313629146abc7c42
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 9409bab446b7204c6235dfddd6066e89
SHA256: 68c1cb50ec24ac5a1dbdc7d9c845e94a1e9d60f312cf92a694f0791cd7ea105e
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: a4be5e3eb20304975acdcdfb78eeca70
SHA256: 8eb51ab3a40e2c04112f4a0bed4937ddfe5a96dcfbdd362ceec6b0f597b03a83
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: 37441145c9b59ba2408ee1e8974a81c5
SHA256: 8091909e68429a4a949b0e055689d96bd5e300d730568094b89228d6ba963be4
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\877196a6-88f0-4a08-b045-df29e63f853f.tmp
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: 58d5a7fc87d7affe43af5abe7fd6c81f
SHA256: 70092b8b33abce68d473192d4edbecf3ff2131ef3d6864fe045fb0eafbc1a077
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: aadafadd5e0e61771c95fcad251b1bb2
SHA256: d92390a2ffc8e4cf7a695ff98081d4fe4372f08699d8148a70cecb38e75333bc
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG
text
MD5: 97fea7558e2cd9eea3ff7abd4fe81843
SHA256: 4468990c6202f2a0fbc2a1c36cc6f6d5decd5ef447e9a63708c97d35e448fb3b
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
text
MD5: 480cdc28440adddc46f98e49dba8b320
SHA256: fa52d92d2cde0ed958444635e24e237643a4469d98f014c7bed3a9ebe36ae11e
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: 294ffa3fef32aa3699cd23414f8ce53e
SHA256: fffc895d544a0049b09d122bd872d0691ff16c277e0dd74f4efb418835879e43
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
sqlite
MD5: a367a8684dd6124128ac7939706e30c1
SHA256: 884cec17d995672e3f41d36a16a0338c86dffb5aef032d11a4981b9db1beff00
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
sqlite
MD5: c3c41e849265038f11da240b90a5193c
SHA256: 42ed60b16ec44e9d568e004ca4c3ea65995e7c5ccfafd4e57d0107326f1dd8f4
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: 4a21e8d6083a3539c26c4f1ef7ecabad
SHA256: ca5769103ced186c6147951e4f519f6e89e2b5f7410c65f79ec1194a2ce22dac
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 54ad1e10b6b57bc9b9eed994e581dd5f
SHA256: 24d2a7516de320c3e91b1513cad94ce5ce2b964bbb8a3d1f66e8083b3205b19c
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: a8da33369148c60fc6d694da0e9598a6
SHA256: 2980675db6f1600f812458698a3358834fdc8ff77a1718bb162a6809ba790b55
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\e7370d3b-90a2-4168-a6d8-8c8b80cecd53\index-dir\the-real-index
binary
MD5: a5735de05a151ee6563b0fc274f5d9df
SHA256: a9d55d6c60f6679c5c9adf129e53bd891c1c90495f81b0a13cb9f158159b05ca
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\e7370d3b-90a2-4168-a6d8-8c8b80cecd53\index-dir\the-real-index~RF1a7020.TMP
binary
MD5: a5735de05a151ee6563b0fc274f5d9df
SHA256: a9d55d6c60f6679c5c9adf129e53bd891c1c90495f81b0a13cb9f158159b05ca
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\e7370d3b-90a2-4168-a6d8-8c8b80cecd53\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
2856
csrrs.exe
C:\Users\admin\AppData\Roaming\remcos\logs.dat
text
MD5: adc26ce0269a953d2a098f6f3eeea4f5
SHA256: 720f254c40abd64fbba92409f01ed70ac9659fc11db459d566150fa31e8cc186
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 0ba6a58a90658d67ba3afe03c9718a24
SHA256: 7728a548025377467493a24e6554e52167fafe98880955a4cf7c8134afb5c8fa
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF1a69b8.TMP
text
MD5: 0ba6a58a90658d67ba3afe03c9718a24
SHA256: 7728a548025377467493a24e6554e52167fafe98880955a4cf7c8134afb5c8fa
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\838b950a-25ae-4dc1-b5e5-9fafd115b1e8.tmp
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 0df2754e321983e3a0bc8b5c45e2a138
SHA256: 8b8505c86187bec51459103c3ff0e88c598d949cb44c82d1e111eb11a5681a6a
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1a68ec.TMP
text
MD5: 0df2754e321983e3a0bc8b5c45e2a138
SHA256: 8b8505c86187bec51459103c3ff0e88c598d949cb44c82d1e111eb11a5681a6a
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2614ee57-1bd0-411e-b080-78456eae289e.tmp
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1a6821.TMP
text
MD5: be4ab5155329d90e9e95f7c3cf1789e1
SHA256: 3bbbdb0320a794a4aef925c18bd495eabaffee4859d592bef42b310a182c05c2
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: be4ab5155329d90e9e95f7c3cf1789e1
SHA256: 3bbbdb0320a794a4aef925c18bd495eabaffee4859d592bef42b310a182c05c2
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ca7114eb-dab9-4ff5-9b0b-de1539a4c43e.tmp
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF1a6553.TMP
binary
MD5: 9a4c1b4709a6aa46f80b0db8b3309639
SHA256: 4432de78d27ee6d29b2b4e310975b0d04d29e8e79652e482fea62de5add7a774
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.tmp
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log
binary
MD5: 991641dbcc63a7eacba784846f16492f
SHA256: d402a1e89776f26565012ebd063638b57e09e58efc77105415906eebafc0fdd0
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG
text
MD5: f3f267ae646d2bd2e1d35290cceeae07
SHA256: b2975ce536fb14438814dbdc65651cc58bf2a540c7c25513e1c2746a7b789b23
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF1a5bdd.TMP
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
binary
MD5: 843f62614050508e02f12cecbac8ab1b
SHA256: 0087686960ef4fb2507604b9ae63c96f4b9fd98162357f3d6a4c08fb6c2f43f9
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\temp-index
binary
MD5: 843f62614050508e02f12cecbac8ab1b
SHA256: 0087686960ef4fb2507604b9ae63c96f4b9fd98162357f3d6a4c08fb6c2f43f9
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: 9a4c1b4709a6aa46f80b0db8b3309639
SHA256: 4432de78d27ee6d29b2b4e310975b0d04d29e8e79652e482fea62de5add7a774
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF1a5b40.TMP
binary
MD5: 9a4c1b4709a6aa46f80b0db8b3309639
SHA256: 4432de78d27ee6d29b2b4e310975b0d04d29e8e79652e482fea62de5add7a774
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
compressed
MD5: c56ae712affba11eaf7d2c39157578f0
SHA256: d0a3d50c65fc89bcac840567856ec2c8bc424b0b2ecf9314b369f1d38b9ae507
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
binary
MD5: 8c3efcb7d66bcb47cbb7bf206c413113
SHA256: 4e20055a028e7a63dfb54921467a02f9839f9035c9ea6ffb112e227159d951db
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\e7370d3b-90a2-4168-a6d8-8c8b80cecd53\65f25b9a843df642_0
binary
MD5: 13e0961efc90ab3385b417bf4bc4c65f
SHA256: 077bba89e13d781383e59d818618492906ca1d0a58840dc58cb64d808666b8f4
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\e7370d3b-90a2-4168-a6d8-8c8b80cecd53\65f25b9a843df642_1
binary
MD5: 93c6ae86b21e1a1347440e18ee97ee58
SHA256: 2225c345757ca318148e01b869dc4ce430c3e1362e267297279d15f4ddb2951e
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\e7370d3b-90a2-4168-a6d8-8c8b80cecd53\4db55b0a5eaa7ca5_0
binary
MD5: 0610496784811eefce43354168b6541a
SHA256: 89278b06f6ddf98a9ee2c0b63136f8a432ad7f2809bee86f9f9c5e428aef4303
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
flc
MD5: 8322d71eb8ab67b0c9b7f28a4d8612bb
SHA256: dd8d23b033fd89568d52fa633dfc1ec25f5cb358d01236da133800aca81d488a
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1
binary
MD5: cd14150094fa960e5b569d9506e29ae7
SHA256: 81db8b70462c98f7562e2eef0d4d778f8ac5dd302feb1e9fb13970c580211ea8
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: 642007694afbfc4da65b7a0884eed2b0
SHA256: 524d32cbfb5a085144f2ab6da9557c4ead5d59d2b0a70e1f5751223393fa7a54
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\e7370d3b-90a2-4168-a6d8-8c8b80cecd53\index-dir\the-real-index
binary
MD5: 02c29538be9b30ce6f1de6a389530705
SHA256: 33bd1235a92fb4090734c3d4dafe1237903e5d4ca35ff0bb2c2332057adbda00
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF1a5063.TMP
binary
MD5: 642007694afbfc4da65b7a0884eed2b0
SHA256: 524d32cbfb5a085144f2ab6da9557c4ead5d59d2b0a70e1f5751223393fa7a54
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\e7370d3b-90a2-4168-a6d8-8c8b80cecd53\index
text
MD5: 4f67aba5cb5b04976834ad6da18d2017
SHA256: 4476d281b3d119577eb8f19fd90e042e5a456cba30d0bb16d05654acc91aec5b
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0
binary
MD5: ef6bf1edda3d683084d4832a3e9eedb8
SHA256: 54180969948b0c8ce104ab8fa8b7d893c041aa8a8bf463868424992c00614a2e
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
compressed
MD5: add5bb80416c26f7c28719e958358b3f
SHA256: a306c0648ad5677440b32ea320034994f934eb02df8bdd75c27f6bf785fefc20
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF1a4b04.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
compressed
MD5: 5ec2373f987c5cfe9c87589a09ca0e2e
SHA256: 1fd38675f82701824ea35f327e1d127b92100ce6bf942bf6c98a67528c165321
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
image
MD5: 0515236318ac3251ff39eb8372a0c129
SHA256: 228cb9c602929e1a2fb17408fe812af3599ab9f734d0b7c499ab79e15c5b8dd4
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
binary
MD5: 03a69181566c02dd740c835b4cb515b2
SHA256: fe1bc27b5cb060451993a07a1e757f783072d9c1ea5e908e46411803ede6c5b4
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\40bba07c05914591_0
binary
MD5: ec7a5b2f3e44b68bc6d8b3ead6e0775a
SHA256: 3b83e6bac119e72723238ba23ddefeac335bf8dbff5d5b930f9782f5931521e8
2856
csrrs.exe
C:\Users\admin\AppData\Roaming\remcos\logs.dat
text
MD5: 99492f5ce18c35a51032bfc6b6351a6e
SHA256: dc6c034185e63c55ec41083996192bd9df614dba0b8b10332c606fc2416ae86f
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG.old
text
MD5: 65e3a899ee20811d157b572ffa34a607
SHA256: fdbc070214092df54b10dc06b2a40f0cc30ad00d410ba67de9f98a3d53f08a75
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF1a4816.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\65f25b9a843df642_0
binary
MD5: 5abdc203393505b7a1440d255941f598
SHA256: a2456f4210215f57d6735cbf11c817c2a2edda24c7963a56c062f63f4ddf78e4
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: 737096a391cc2cfbe167a01ba07c9ba2
SHA256: d7741f6d6c163689294530c2f3c9635ce5d26e18b715d14ec2dbe7fcd781db31
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF1a478a.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\50da1ec5d44a313d_0
binary
MD5: d3a039312695ffb7c43f3c89d0671074
SHA256: c00c0ca5ef86bcfbef83693fff75ec2ac92e2c3292e14c28e59cc1d8630743df
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\3a41e250d088c297_0
binary
MD5: 1f7d4f5e6e9bd4aa57fad4c1f434f306
SHA256: c7fdf7fcb8066c601d9c669d66c754bffb251621d8db698d84b4e34a02a1756c
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF1a46ed.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF1a4680.TMP
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
binary
MD5: f21cf0cea13f9f8e5e307aff0c89978c
SHA256: 475ebe23c7a04a431f0bfc6ad75edca50fcdc93d85764330b06d513bf05b4e3e
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: 5cde14175b322a99bc25dac4840422fe
SHA256: 6ce4808684ed83cb81ccc52cfb10ec9e35236c45338c4ead59b59bfe17999733
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF1a4603.TMP
binary
MD5: 5cde14175b322a99bc25dac4840422fe
SHA256: 6ce4808684ed83cb81ccc52cfb10ec9e35236c45338c4ead59b59bfe17999733
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d06e2f6f-eb83-438e-92d6-c36df25d7c78.tmp
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF1a4305.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF1a42a8.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF1a42a8.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4414cc4d-e989-400e-9eb9-b65540290bbf.tmp
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF1a424a.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF1a424a.TMP
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF1a422b.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF1a422b.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
––
MD5:  ––
SHA256:  ––
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
2412
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
2856
csrrs.exe
C:\Users\admin\AppData\Roaming\remcos\logs.dat
text
MD5: 41b611dcff9145d7d2f7c1b6ce1f81ca
SHA256: 54ce9a7320bd656f81d5378b6b6e955f150622ad9759d0e2b6ec9f970dcf40db
2856
csrrs.exe
C:\Users\admin\AppData\Roaming\remcos\logs.dat
text
MD5: c6f23d61bdeeb520bdb2a77c449450cf
SHA256: 11aba58aba6f0fd71188105189a2a1fb21e8f0e862d4b6073564e9cb30650075
3664
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
binary
MD5: 6e1af75470a403746470809143d1f3c1
SHA256: cbb8e247dfd820387674ca0feff5260dcc78988533db4827ad757dd8f3d1bd9f

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
22
DNS requests
14
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
2856 csrrs.exe 190.66.186.56:48604 COLOMBIA TELECOMUNICACIONES S.A. ESP CO unknown
3664 chrome.exe 172.217.16.163:443 Google Inc. US whitelisted
3664 chrome.exe 216.58.208.35:443 Google Inc. US whitelisted
3664 chrome.exe 172.217.22.35:443 Google Inc. US whitelisted
3664 chrome.exe 172.217.18.10:443 Google Inc. US whitelisted
3664 chrome.exe 216.58.207.45:443 Google Inc. US whitelisted
3664 chrome.exe 172.217.22.67:443 Google Inc. US whitelisted
3664 chrome.exe 172.217.22.14:443 Google Inc. US whitelisted
3664 chrome.exe 216.58.206.4:443 Google Inc. US whitelisted
3664 chrome.exe 172.217.23.131:443 Google Inc. US whitelisted
3664 chrome.exe 172.217.22.10:443 Google Inc. US whitelisted
3664 chrome.exe 172.217.16.131:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
cobroserfinansa.com 190.66.186.56
malicious
dns.msftncsi.com 131.107.255.255
whitelisted
www.gstatic.com 216.58.208.35
whitelisted
clientservices.googleapis.com 172.217.22.35
whitelisted
www.google.de 172.217.16.163
whitelisted
safebrowsing.googleapis.com 172.217.18.10
whitelisted
accounts.google.com 216.58.207.45
shared
ssl.gstatic.com 172.217.22.67
whitelisted
apis.google.com 172.217.22.14
whitelisted
www.google.com 216.58.206.4
whitelisted
www.google.no 172.217.23.131
whitelisted
fonts.googleapis.com 172.217.22.10
whitelisted
fonts.gstatic.com 172.217.16.131
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.