General Info

File name

crackmes.txt

Full analysis
https://app.any.run/tasks/a8fa0d10-2736-4160-b1f5-af2ab9e92d1a
Verdict
Malicious activity
Analysis date
2/11/2019, 13:10:51
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

evasion

Indicators:

MIME:
text/x-c
File info:
C source, UTF-8 Unicode text
MD5

afa075cf26ba1b0a6e87d816e7d2cdc0

SHA1

05d5579f7d44043c2a58098bd4986a8c6bfaf24b

SHA256

e27f6ba4ea978d315831d02fd427c664077abc09ecb6af3765e4732ae44732b0

SSDEEP

24:qXPpDuPY2BCrm4mOKSsGe89T9u+rxrc90qOUzRwsMZp4DyUHN+SwsWQ:qOY2BCrm4mOKl89TcgcRznJKQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads Internet Cache Settings
  • chrome.exe (PID: 316)
Creates files in the user directory
  • opera.exe (PID: 748)
Reads settings of System Certificates
  • chrome.exe (PID: 316)
Application launched itself
  • chrome.exe (PID: 316)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

Screenshots

Processes

Total processes
48
Monitored processes
15
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start notepad.exe no specs opera.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs notepad.exe no specs chrome.exe no specs PhotoViewer.dll no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2948
CMD
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\crackmes.txt
Path
C:\Windows\system32\NOTEPAD.EXE
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll

PID
748
CMD
"C:\Program Files\Opera\opera.exe"
Path
C:\Program Files\Opera\opera.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Opera Software
Description
Opera Internet Browser
Version
1748
Modules
Image
c:\program files\opera\opera.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\opera\opera.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\devenum.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\quartz.dll
c:\program files\adobe\acrobat reader dc\reader\browser\nppdf32.dll
c:\windows\system32\macromed\flash\npswf32_26_0_0_131.dll
c:\program files\java\jre1.8.0_92\bin\dtplugin\npdeployjava1.dll
c:\program files\java\jre1.8.0_92\bin\plugin2\npjp2.dll
c:\progra~1\micros~1\office14\npauthz.dll
c:\progra~1\micros~1\office14\npspwrap.dll
c:\program files\google\update\1.3.33.17\npgoogleupdate3.dll
c:\program files\videolan\vlc\npvlc.dll
c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll

PID
316
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\actxprxy.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wpdshext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\winshfhc.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\notepad.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
2776
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x70fe00b0,0x70fe00c0,0x70fe00cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3928
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1484 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
2960
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=888,16735710460205270002,7706291803063756010,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=7774AF4CDCCDBC46A440F3818F2C1E90 --mojo-platform-channel-handle=912 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3468
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=888,16735710460205270002,7706291803063756010,131072 --enable-features=PasswordImport --service-pipe-token=37A0F9BD8683D45A46F418DC4AF4240F --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=37A0F9BD8683D45A46F418DC4AF4240F --renderer-client-id=5 --mojo-platform-channel-handle=1896 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1720
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=888,16735710460205270002,7706291803063756010,131072 --enable-features=PasswordImport --service-pipe-token=39ECD26C0C7CED01821DECA6334CB58C --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=39ECD26C0C7CED01821DECA6334CB58C --renderer-client-id=3 --mojo-platform-channel-handle=2120 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3188
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=888,16735710460205270002,7706291803063756010,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=961D29C5116D8FEEA69AB3D4EE84978F --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=961D29C5116D8FEEA69AB3D4EE84978F --renderer-client-id=6 --mojo-platform-channel-handle=1684 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1704
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=888,16735710460205270002,7706291803063756010,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=18EF663FFDB880F0423A6D01C08E6D7E --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18EF663FFDB880F0423A6D01C08E6D7E --renderer-client-id=7 --mojo-platform-channel-handle=3792 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1024
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=888,16735710460205270002,7706291803063756010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5799FE6FBF1487E59F874005B0FE8A15 --mojo-platform-channel-handle=4068 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1904
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=888,16735710460205270002,7706291803063756010,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=C4354893C9750D9D350FBDF6F85D6225 --mojo-platform-channel-handle=4156 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3988
CMD
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\173es7.txt
Path
C:\Windows\system32\NOTEPAD.EXE
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll

PID
2412
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=888,16735710460205270002,7706291803063756010,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=6E44BA82A94F37C4AA8D35FC209574A3 --mojo-platform-channel-handle=3828 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
3088
CMD
C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
Path
C:\Windows\system32\DllHost.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
COM Surrogate
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\shell32.dll
c:\program files\windows photo viewer\photoviewer.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\slc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\windows photo viewer\photobase.dll
c:\windows\system32\propsys.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\actxprxy.dll
c:\program files\windows photo viewer\imagingengine.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\psapi.dll
c:\windows\system32\icm32.dll

Registry activity

Total events
1443
Read events
1205
Write events
237
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2948
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosX
132
2948
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosY
132
2948
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosDX
960
2948
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosDY
501
748
opera.exe
write
HKEY_CURRENT_USER\Software\Opera Software
Last CommandLine v2
C:\Program Files\Opera\opera.exe
748
opera.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
316
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
316
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
316
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
316
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
316
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
316
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13194360774144765
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
0
43003A005C00500072006F006700720061006D002000460069006C00650073005C0047006F006F0067006C0065005C004300680072006F006D0065005C004100700070006C00690063006100740069006F006E005C006300680072006F006D0065002E00650078006500000043003A005C00550073006500720073005C00610064006D0069006E005C0044006F0077006E006C006F006100640073000000
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
MRUListEx
00000000FFFFFFFF
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0700000000000000010000000200000006000000030000000500000004000000FFFFFFFF
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\7
MRUListEx
0000000001000000FFFFFFFF
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\Shell
SniffedFolderType
Generic
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Mode
4
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
LogicalViewMode
1
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1092616257
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
IconSize
16
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A0000001001000030F125B7EF471A10A5F102608C9EEBAC0E0000007800000030F125B7EF471A10A5F102608C9EEBAC040000007800000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupView
0
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:PID
0
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByDirection
1
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDSave\Modules\GlobalSettings\ProperTreeModuleInner
ProperTreeModuleInner
9C000000980000003153505305D5CDD59C2E1B10939708002B2CF9AE3B0000002A000000004E0061007600500061006E0065005F004300460044005F0046006900720073007400520075006E0000000B000000000000004100000030000000004E0061007600500061006E0065005F00530068006F0077004C00690062007200610072007900500061006E00650000000B000000FFFF00000000000000000000
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
ExpandedState
06000000160014001F8080A63C324DC29940B94D446DD2D7249E0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F4225481E03947BC34DB131E946B44C8DD50000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F43983FFBB4EAC18D42A78AD1F5659CBA930000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D0000000000000000002000000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F580D1A2CF021BE504388B07367FC96EF3C0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B00000000000000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
2
6300680072006F006D0065002E0065007800650000000000
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
MRUListEx
020000000100000000000000FFFFFFFF
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt
0
5C003200000000000000000080003137336573372E7478740000420008000400EFBE00000000000000002A000000000000000000000000000000000000000000000000003100370033006500730037002E0074007800740000001A000000
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt
MRUListEx
00000000FFFFFFFF
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
1
5C003200000000000000000080003137336573372E7478740000420008000400EFBE00000000000000002A000000000000000000000000000000000000000000000000003100370033006500730037002E0074007800740000001A000000
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
MRUListEx
0100000000000000FFFFFFFF
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
2
6300680072006F006D0065002E006500780065000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
2
6300680072006F006D0065002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080020000E0010000000000000000000000000000000000000100000000000000
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
2
6300680072006F006D0065002E006500780065000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FCFFFFFFFCFFFFFF04050000B802000000000000000000000000000000000000000000000000000080020000E0010000000000000000000000000000000000000100000000000000
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
MRUListEx
020000000100000000000000FFFFFFFF
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Mode
6
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
LogicalViewMode
2
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1092616257
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
IconSize
48
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A000000A000000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000A66A63283D95D211B5D600C04FD918D00B0000007800000030F125B7EF471A10A5F102608C9EEBAC0E00000078000000
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupView
0
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:PID
0
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByDirection
1
316
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307020001000B000C000D001600530000000000
316
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
3928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
316-13194360773394765
259
3928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
316-13194360773394765
0
2412
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3088
DllHost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
DllHost.exe
3088
DllHost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows Photo Viewer\Viewer
MainWndPos
6000000034000000A00400008002000000000000

Files activity

Executable files
0
Suspicious files
94
Text files
92
Unknown types
15

Dropped files

PID
Process
Filename
Type
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
binary
MD5: 1b4c5f59025f89f3a1f4931a02d73e68
SHA256: a237dee0da23e1cb6446bd3289189d522bb5953146c49ae43895db12d3bc1302
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: f2c2e3f2d71a9d94550a27275c10b4bb
SHA256: d802c028943b19c3fad98246267ef0e9ddf8d5bbac15238b4ebdd26dd3984e94
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF26c700.TMP
text
MD5: 902c6a07b1066079c420d201728afdb4
SHA256: a960b6eb86070b4884fd8162fad7e57a7a829a52d87897b59e4e3899b8cfcc78
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: c9371bf17cfc253c12ebbc2d62aca228
SHA256: 0c5eb4e08cffa00edf9370a509cae3aefa36fc0b4d47e00efe9c0a9f9c85af48
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF26c6f0.TMP
text
MD5: c9371bf17cfc253c12ebbc2d62aca228
SHA256: 0c5eb4e08cffa00edf9370a509cae3aefa36fc0b4d47e00efe9c0a9f9c85af48
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 1a39a76503dbda9416e7b9831ff6c3bc
SHA256: a864b5eb05d118250fcb5bbff837491f181edd998dcbd56677dda96175c48705
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ee0e8fd9-6f98-42d9-8bfc-e306a7805d1d.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f1bfe0e98396baf68c83246cd693f363
SHA256: fa1a10a24c10540a6bd31fc17e77276822848b4de241a04fd88ab8a4eb6c9775
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF26c6e1.TMP
text
MD5: 1a39a76503dbda9416e7b9831ff6c3bc
SHA256: a864b5eb05d118250fcb5bbff837491f181edd998dcbd56677dda96175c48705
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2df307fc-145a-4bba-997b-4775382664e7.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: df8ed579f39c6823277fa10a674a6370
SHA256: ae4d5cca48fc026800bb7db8b21869f7d57f822f82e02f104ac691b9f630f155
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: f5d3c5ce4fe6390d607d20bb47ebf617
SHA256: 73058a8db0660770deb9dbbe669779416a78316276417b49490dd7de26b5260f
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a587014a-68b2-4594-83f6-5f67e35fc141.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF26c6d1.TMP
binary
MD5: 7a4971ac43cbb3019082fc5ea72998f6
SHA256: 27e902a495d20780f0731e7c6d760528f3c9f3a11b170fd1509379d2c6c68e9c
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs
sqlite
MD5: 3dac9b8c2941fd99fd543c0f65549ef5
SHA256: 53fa7197f7ccc3c56a0af0def057b911982006e137224d9b8b3b4055d666c66e
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: 5b5f4bd85dac419f109fe11f52b78dce
SHA256: 5f7895f50455857770c3794e20a6dce6e1003d6ce177863cd4ebf99eaf341124
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF26c6c2.TMP
text
MD5: 902c6a07b1066079c420d201728afdb4
SHA256: a960b6eb86070b4884fd8162fad7e57a7a829a52d87897b59e4e3899b8cfcc78
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 9409bab446b7204c6235dfddd6066e89
SHA256: 68c1cb50ec24ac5a1dbdc7d9c845e94a1e9d60f312cf92a694f0791cd7ea105e
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
binary
MD5: 41be32eb124eb426d77e32df8b216085
SHA256: c8cfb726c6cde561e89ea98a31f12d93dd9a4fc956823b016458b5b26711ee93
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: 7a4971ac43cbb3019082fc5ea72998f6
SHA256: 27e902a495d20780f0731e7c6d760528f3c9f3a11b170fd1509379d2c6c68e9c
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: 0975fad17898aeb3b5194ad061eb614e
SHA256: eed67570f3c22f0477716269539cc33fe4f875dd5d1d50ac7fe201166840b944
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
sqlite
MD5: 75f1b7336fcef02bd54f429e6e8d3747
SHA256: ffef9aba2e6f71853d0b6110a4aa0d090869a2e99d36458a9406b0f40e5aa62c
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: a48fc7c87c3ddb11e215c25302eeac69
SHA256: be767feb44b6f0e733552f087a3c495f52c27002cb8bc10974a4977516df844a
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: 2dfeb7b90752c5f98b267bfd9f4fe854
SHA256: caa574f48b7ce2f505b7a78c6422f99aeb693a417c6210e2ce30832483471f39
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: ef6b6a91e02513589c2e886cea0d1dec
SHA256: 6a2cb2ab2703e14a1b6c40df7f97b7d384ec3bd924a547e6544d8030428ea853
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: f0733e9a1b8dcf8bfa1c73347f3bbaa7
SHA256: 976d8dfbf62fded5bf424dd3032f54f71ec367c4d5760c0c5d77026e6d670c3e
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
binary
MD5: 11a7365ff2a04d0d343bf08dea821c06
SHA256: 7c634aa99473e447c093689e20191ce521bfac12906fb440ee8e65027da49b03
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
text
MD5: 82901868c84d5570d67633e27b771d9f
SHA256: 7fc384821963c5b1f989ddd187bffe840f5ec2af0877b4e8eff7d33a3e758192
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
binary
MD5: 1fed53ff83297d174ada1d4c06379871
SHA256: f534de13c0f6c480e9671a6c12ea8d0b7147d8d32beaa008a92d48234848d1ad
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
text
MD5: b08ca6733dcd6f647c00e3ee5bf2fad1
SHA256: 8530f83ce7521ff8b0a1eda8e0f9bbf3a0637eba2377e88b8f4c932fce8f1c11
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: cf6cf984cc809dcb297aad0a5c460cb5
SHA256: e9f269a69c83905871cf06cb2bc5241ee56594da1b726d2ea05750e62cd043c3
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: 27b7eed237609dda8e5e5851c130510d
SHA256: 95d8c8aa683543adad9327a9787a7bf16d2246159b97fb2876ad09f8aa912e86
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG
text
MD5: f17622bb71f3586ef3031c5446dcf517
SHA256: 87eb2cef068c15e11022c7f00d3ef4e8c8092bc2758d2f31ef2c1ec261b7b9f8
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 902c6a07b1066079c420d201728afdb4
SHA256: a960b6eb86070b4884fd8162fad7e57a7a829a52d87897b59e4e3899b8cfcc78
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
sqlite
MD5: 387f8da67440568af2e72db5fcb4e817
SHA256: fdeaf0e202ae6cc6739ba524fd6cfa7b03be1bc4fb9ad3b32a878052375b4de0
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
sqlite
MD5: f6f2c8bf34b452900a4b65f4e9140cc1
SHA256: 9f9d305c3c2bb24922ddfdb702b9f9a26dbeb664a1b1ba59c9b83bddb0d2854f
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: 05c9516e3ee8288eabd2dde91ff50543
SHA256: 927ce3dffbe531278bd4403cba33dc28037b5e3ac29efcf52ebace1efe289b98
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
binary
MD5: 6bb9fe89e5183d3be712d166f8ad4a1b
SHA256: cdddb1be20017b0a77d46429512ea3e426cc50957b2b8166837c052e02aee03c
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\cae7ed66-6ecb-4d94-bcd2-da1f9e15e414.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: bf475562aef943620e4098f4635f8ae5
SHA256: c47d646775ed9d539bf1c335c0e31cfb8593f9ab65b6f082aec2c4fa5b16e0d6
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: 28e2971845fa8e681bb4236912047d08
SHA256: b46ff9aae2952db0a33984989ae984effb3aaed330c9acd24e4c363be2a25c34
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 54ad1e10b6b57bc9b9eed994e581dd5f
SHA256: 24d2a7516de320c3e91b1513cad94ce5ce2b964bbb8a3d1f66e8083b3205b19c
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: 0c767d800304a7da88c364d3a189146f
SHA256: 83c4c24410a0341c70dc368bdca79db1a03fc018caf42218efcfcb5d91b7bcc8
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: fcf80b6b0d6510fbe1ed2450081f2889
SHA256: e8dffb4a8cc193617f8157b1f6b8494419d09a9fafdd8d719ad407ef96d3823a
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: ba2159c332d19b0b7cee4627b5aa6819
SHA256: 07ed87e0b7807fb7c0b42e0b825e4ad2a8f1612adaf7797f3eea2dbd7f6fd632
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF26b240.TMP
text
MD5: ba2159c332d19b0b7cee4627b5aa6819
SHA256: 07ed87e0b7807fb7c0b42e0b825e4ad2a8f1612adaf7797f3eea2dbd7f6fd632
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4ac6fac7-ff16-451b-84f0-63d4c620dc0b.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 33b6ebee67d84a3a59cd916fab63f96e
SHA256: d57bf6d7c7382724a2e6ec90368fa5d22a544eb1e9d87cb68ad1dcb18dee0e4b
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF267d45.TMP
text
MD5: 33b6ebee67d84a3a59cd916fab63f96e
SHA256: d57bf6d7c7382724a2e6ec90368fa5d22a544eb1e9d87cb68ad1dcb18dee0e4b
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\74d52e04-9f1f-48b0-96fe-faebc88a1221.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF2673a0.TMP
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5aa1ec2c-ca25-45d5-b8b8-5307e55d6723.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\Desktop\173es7.txt:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
316
chrome.exe
C:\Users\admin\Desktop\173es7.txt
image
MD5: ec6aae2bb7d8781226ea61adca8f0586
SHA256: b02fffaba9e664ff7840c82b102d6851ec0bb148cec462cef40999545309e599
316
chrome.exe
C:\Users\admin\Desktop\173es7.txt.crdownload
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF266c0f.TMP
text
MD5: 82ecce88cc8765e2ccf275fd1760137c
SHA256: 2685aba762993495338bae6777c45e389aada00f457a0dbce937d95dc205401b
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\1ad18a7b-18ba-4b97-b5d4-3db22d9ba6d8.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: 096ad348836b0b7fd101073fe99e22fe
SHA256: 682e1ab86cc2dc412ca9d6b1741e770d9fdc5e84ae913b2a121ac64310da6907
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF266aa7.TMP
binary
MD5: 096ad348836b0b7fd101073fe99e22fe
SHA256: 682e1ab86cc2dc412ca9d6b1741e770d9fdc5e84ae913b2a121ac64310da6907
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store
binary
MD5: 8fbc2e8b5412166c2bda67228d277a5f
SHA256: 84cf0279ae4f826ecd35a08cd713639cf3c87dfba4a470bc820f537e15b6d6a5
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\in_progress_download_metadata_store~RF265422.TMP
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\Downloads\7051ffd4-488a-419a-9687-d260e339c6c4.tmp
image
MD5: ec6aae2bb7d8781226ea61adca8f0586
SHA256: b02fffaba9e664ff7840c82b102d6851ec0bb148cec462cef40999545309e599
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2d0f35ec-030e-4f63-a607-3776b4e3ac96.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF26479f.TMP
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: a237924ab0ad8e234060519d6327b697
SHA256: 522c15870a8daacfe3204462dec5aede9f3522eed193b1f14ebca38c5ee6689b
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF26478f.TMP
binary
MD5: a237924ab0ad8e234060519d6327b697
SHA256: 522c15870a8daacfe3204462dec5aede9f3522eed193b1f14ebca38c5ee6689b
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF26477f.TMP
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\520ee1d8-7b4d-44ee-9374-24dcf29d354e\index-dir\the-real-index~RF2637a1.TMP
binary
MD5: d5d6e2d7de7a804047cfe829ae04ed0a
SHA256: c0d800089a868491c782e76eb1997abf90e4f1af632afecbf08360977e3b0491
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\520ee1d8-7b4d-44ee-9374-24dcf29d354e\index-dir\the-real-index
binary
MD5: d5d6e2d7de7a804047cfe829ae04ed0a
SHA256: c0d800089a868491c782e76eb1997abf90e4f1af632afecbf08360977e3b0491
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\520ee1d8-7b4d-44ee-9374-24dcf29d354e\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF262ea8.TMP
text
MD5: e0265637078373d15ecc1c8d4797fc04
SHA256: 17b0e2eec532b62f4c6caad84cddd028076b659b790074abe921c958bbb7e9ec
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: e0265637078373d15ecc1c8d4797fc04
SHA256: 17b0e2eec532b62f4c6caad84cddd028076b659b790074abe921c958bbb7e9ec
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\7b28202c-fe62-476d-ac8c-31a0c7aa8a9d.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 29a8394f68b05915f34a12ad54e67e8f
SHA256: c85bb035795784c53538cff8322064db212584a2c930fd32175d527423738a16
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF262e3b.TMP
text
MD5: 29a8394f68b05915f34a12ad54e67e8f
SHA256: c85bb035795784c53538cff8322064db212584a2c930fd32175d527423738a16
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f041171c-09ac-4b81-afc7-7061cb99a653.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 82ecce88cc8765e2ccf275fd1760137c
SHA256: 2685aba762993495338bae6777c45e389aada00f457a0dbce937d95dc205401b
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF262dbe.TMP
text
MD5: 82ecce88cc8765e2ccf275fd1760137c
SHA256: 2685aba762993495338bae6777c45e389aada00f457a0dbce937d95dc205401b
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\9d5b7995-810c-4e38-81c8-20ceaec747a3.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: d3898345a7b83918c1c7210ded63c269
SHA256: 45b13304256037041f9943d194c332e555871fc5c7e92621533ffa6ec22fc580
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF262c76.TMP
binary
MD5: d3898345a7b83918c1c7210ded63c269
SHA256: 45b13304256037041f9943d194c332e555871fc5c7e92621533ffa6ec22fc580
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
compressed
MD5: 7a3cb9df72697034f7a9b99af59983b6
SHA256: 61770cbac81339f8cd850a20321bfc4320d03b29711b8991d47f6b34a6528b08
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
binary
MD5: 7f51732d08215f10f06f9c64647e32eb
SHA256: f794dcfd0db25390834c5793f4b0018c055e045ba4cda66dcdb9a3ecaaba1edf
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG
text
MD5: d415e4336a381b1efc94ecd301b3d1c1
SHA256: 2a72a341a6cf8a602440a556bd89eadefd6bcb154105551dab36f18d29fd00d4
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log
binary
MD5: 991641dbcc63a7eacba784846f16492f
SHA256: d402a1e89776f26565012ebd063638b57e09e58efc77105415906eebafc0fdd0
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\520ee1d8-7b4d-44ee-9374-24dcf29d354e\e64f4a26267430e4_0
binary
MD5: a6e583e162681b262062fbf819f2fc36
SHA256: 66877499f0dbe3f1522b1ba09971a7eaedc85236a341d3902c171307b757e191
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\520ee1d8-7b4d-44ee-9374-24dcf29d354e\e64f4a26267430e4_1
binary
MD5: d8b9a70018e1034ed847666fa9230e30
SHA256: 0abd53c00e5fcc2fe18ff185f7bc4128b97e5041b1d8fefe448e5592f3589cf6
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\520ee1d8-7b4d-44ee-9374-24dcf29d354e\4db55b0a5eaa7ca5_0
binary
MD5: 0fc43e7efff09e30de29fa567a415761
SHA256: 49c8a537a01f7eee455cfedb21756e6be519d03bd1f094e19cf6f0525d4521cc
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
binary
MD5: 0eb0e2a69b2b911c0f2d497732e16132
SHA256: f39d6ff7f2c9e0f14943baf99a37f4c97ed795c9549b28e73b360366f550a9d1
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\520ee1d8-7b4d-44ee-9374-24dcf29d354e\index-dir\the-real-index
binary
MD5: ddd54ce076e3d67972f19979b30c159d
SHA256: 67ef000f2ac3c99c80c1cdebf4f824d64429789c50859ee47ef2934030beba1a
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF2617f4.TMP
binary
MD5: ecfd8e912cfc3aca259921fdeeffdf2a
SHA256: c49d052cd0ee1617d0097f65a499bf00f49c9d9535fff5655d19a0d8924a8130
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: ecfd8e912cfc3aca259921fdeeffdf2a
SHA256: c49d052cd0ee1617d0097f65a499bf00f49c9d9535fff5655d19a0d8924a8130
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0
binary
MD5: 8ff03eaf535aad735d679167bcde06b0
SHA256: a46fab8916992659758e34e7082a32f18eff31baef67271057365a1965ce7eea
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\520ee1d8-7b4d-44ee-9374-24dcf29d354e\index
text
MD5: 4f67aba5cb5b04976834ad6da18d2017
SHA256: 4476d281b3d119577eb8f19fd90e042e5a456cba30d0bb16d05654acc91aec5b
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1
binary
MD5: 268346608b4f2b4825b49a6f46ad9e22
SHA256: 06c08b3b2cb514f56bef9923cc4bc6aa75c1935af08a4e31314fc0e61f9e17a8
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: 92eb0a02f4e9290eecaf736f63c73a11
SHA256: 806f4f8836836ea01bcd747bd62daee51192331773e5e159dad675279062d0d9
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF260f2a.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
compressed
MD5: 52084fa108193d5b2c71a12c410b5652
SHA256: ad2853845c2e83d33e4618d72f881f5fbdcd3a2dc605d3e217ebb0552624410d
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
image
MD5: 0515236318ac3251ff39eb8372a0c129
SHA256: 228cb9c602929e1a2fb17408fe812af3599ab9f734d0b7c499ab79e15c5b8dd4
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
binary
MD5: 47f64e326e7862a251813fe372e41ba1
SHA256: 8451947a9dec43f1fda1b3abd17df8929677412babe6a3981d71d633a5474af9
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\353ab5148181f0c4_0
binary
MD5: 95f4007f708141edda6beb71ef9f5e8e
SHA256: 02e0de30335f07956de1e36883689c6229d561904ad3070ede4acc4c5912bfb4
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\40bba07c05914591_0
binary
MD5: ca8d2d664a83e683dc62e02e53baeaff
SHA256: 28f4b17e54aecebb671061423b3749a558236c7a41b14b9868a2ba4d398ffffc
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG.old
text
MD5: 65e3a899ee20811d157b572ffa34a607
SHA256: fdbc070214092df54b10dc06b2a40f0cc30ad00d410ba67de9f98a3d53f08a75
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF260baf.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF260b80.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\e64f4a26267430e4_0
binary
MD5: 2d938ddee79ed8c70c48aa8431efe3a4
SHA256: 433ffe8b93a10f0e371a7261b8b385e1543f0a1e1dbef904a43b0679da763a33
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: 1a2e809ef04228cd18e3e2158c073614
SHA256: 1dc3f335d9bbc0fbea412449a63d1b96e4e610468b61f04249c9193e1ab46d48
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\50da1ec5d44a313d_0
binary
MD5: 5ac0ef08620dccfc3f734e0a27b3ac49
SHA256: 31cfc0e2002f2aef7ef24674005a7550fdae9c9dcd42c25c4528b1f5a82b3532
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\3a41e250d088c297_0
binary
MD5: d982d239049781df619055140ef57be1
SHA256: 52434e2199a159d72fe3423a6776ad113af613528e305debef09be043da24ddd
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF260b13.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF260ac5.TMP
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
binary
MD5: ac06ca7c2cc571d96e29a97b86187151
SHA256: 2bd8ba8e620f78d6dc26224a835f6b5b6fd7cf89bdcb594ef75d56b8f3b6238c
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: eeb37d261334e607773ae37164460998
SHA256: 914192eb0682bb072f048587105d25b805a5f112feb2941d169783d04458a690
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF260a28.TMP
binary
MD5: eeb37d261334e607773ae37164460998
SHA256: 914192eb0682bb072f048587105d25b805a5f112feb2941d169783d04458a690
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\38638973-2f7f-4949-b06d-88e7a182baf4.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF260805.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF2607b7.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF2607b7.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF260788.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF260788.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF260788.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\69e768c8-4c9a-4332-b58c-0cd006a37a3e.tmp
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 7a82e0662f55fb38ea5588a5910f841b
SHA256: 9ebaa2c5e8398635eaa04e4bcce23be95b6bfaf5950e68478fc9fdd70aa17e18
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF26075a.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
316
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
2776
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: 9543068b6751e1f3e11f91d72ee78d95
SHA256: d060ad21ae6e04cb58668caa52adfca573e018102cc07554d2ed3eae11ab7785
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
binary
MD5: 73f47e6afd537254be297c114fd52fee
SHA256: c0d38a7c5e0702cf1de42aaea7462851bd4bcf60219992203af6417ac960f6cf
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\dcache4.url
binary
MD5: 269abfcdb8eb1886306172aad82c919b
SHA256: 6e5005153bf4250978bd0f260f94b47abfa8b8676b36d7e8b8b1703c36c47f59
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\dcache4.url
binary
MD5: 4cec406a91ea882277078dd45618397c
SHA256: 7926e5d76390b1e57c2170f18649581ec7dae66269b4ac50583052f7aaabfabe
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\dcache4.url
binary
MD5: 7572a8e9425b6ca304ee98344aa30f2b
SHA256: a1fc1bf1c3de333a85565629b94752419a72cd1216fb6b322346f0781cc5d5f8
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\opcache\dcache4.url
binary
MD5: 6af247dfa2ff1cc748589f1f42fb12e7
SHA256: 21e4c138739948f4a33944d6f3272369b34678869a51720b716de4f249ba506c
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat
binary
MD5: 0e0f096bb3dc14d371456dac8c7b6f02
SHA256: dbcf7aee427298129142c89d05c2807c8157cecad9c18f78276b813bfd738fba
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
binary
MD5: 80f2b1c459da280e7408fe7b3f486ca1
SHA256: fb087a8afa28116fd14a875e1a5584aae0e7e15edc85364fdd43bf710f92c0e3
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprFB7C.tmp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprFB6B.tmp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\oprFB7D.tmp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\oprFB7E.tmp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
binary
MD5: 8c4789f070c2df8a7d32d9e201777eaa
SHA256: 973db9a2959fbeef2e16279a4285c12d62646295ef4ee2e20f71313bda23ab7e
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\w.axx-d
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\md.dat
abr
MD5: fc8d1beb7da57d3006a043536437d6b3
SHA256: 49200edb9745eb105ccc60f7121a312be41ff43ed0ca37b2b03f27e676f4de55
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\w.axx
abr
MD5: 2864e53ad33da29e5df61be171bbfc7c
SHA256: 7aa9cfef94d3d375dc0a34fb1ae6caa6ec12358a23f4536eb49220bc24914e9c
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\url.axx
abr
MD5: 17f7d33026e838fd859151d15c4bdd10
SHA256: 6b7a58c9feb93b08156fca3c9ec467074c61307c53cc7fbd0a5d24e1c1a8b881
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\adoc.bx
abr
MD5: 6f1bbd0e5c50a92c4ed8ded78a4a883e
SHA256: 16f13b0cc7018a4ba655b7e0a3586d723d0eac6c5324edfe8a5ca5d8a9451e97
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\wb.vx
abr
MD5: 580a4fbd580b044551b2720e241a97e8
SHA256: a5260a3f5c46c99e5e5b10c70f7b1450522cd21ec50f4752242751ed7b6c7eaa
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\url.axx-j
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\md.dat-j
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\wb.vx-j
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\adoc.bx-j
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\w.axx-j
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\cache_groups.xml
xml
MD5: 0c3d13ca7a1b93960f71a49613f4aa5c
SHA256: eb9eaf372a1df1d4d3f389bb09f05b0cd8a1dbd838ae1247f34b36fa7566bb5a
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
xml
MD5: 8f9bc25082526679d20832e134280689
SHA256: 0fede19a884e68af700217770d350b22bfe9cee4cf87ba9438d50f2341a85b2c
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\mail\omailbase.dat
abr
MD5: f52d18b1988d60b85f3df3b422e67906
SHA256: e8c7c39ae1a30e455ceea25c20267ef6d3035cc2dbbaa80c62650ae6610710f8
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
text
MD5: 378946a66814bed3e90d8b14e9d94180
SHA256: e3fabf8e0007a8a229c143f8ea11af31a52ee9a51297a692d8c3cb5217f76d85
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
text
MD5: d79b34a550d2bef045cdc5c04b3e02c0
SHA256: e5b0116a7bb25cae7bf0b601b155ce412f9c997eed060ca991f11bbce29bee6a
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprFB3A.tmp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprFB3B.tmp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
text
MD5: 37a00cbd57e8cca3156bb3e4e771c91d
SHA256: 2d64195dea2c895e5cc6af5d7b9f93925348a4735ff3ebed42f2cd542b10de55
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
text
MD5: 4cde2fb3429fa52928ddb5fec3139a76
SHA256: 4563bf2f22b17b7c53fc62a3e3b51d7a95ad96f1971fa00d22ddb0c3e92a0afd
748
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF25fb25.TMP
binary
MD5: 86e185deca505cc26e3cd6c9c96d619c
SHA256: d4f5beab5d738897f606485b31d89f773c7b0a59dd85f56bf243de406fa8cf1d
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprFB2A.tmp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\08QMOF0DVT5O2U7EYENQ.temp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000X.tmp
image
MD5: ec6aae2bb7d8781226ea61adca8f0586
SHA256: b02fffaba9e664ff7840c82b102d6851ec0bb148cec462cef40999545309e599
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000W.tmp
html
MD5: 9377838b0621b6eb6018b244586af2f9
SHA256: c477bda8237a5799bf520bc7ca317da8811a903837030748cf7c16c404cc4297
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat
text
MD5: 4f5037ffdf909a6b489e923483d2c44c
SHA256: d85eb2e25eb9d25a4bd7f43170c224bad610a2b64ee110f26151e8963f2a52c1
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
xml
MD5: 7e2669c2fe5f86685b42c69cccf19903
SHA256: d09354f5a38d5d7a2d0d8ef1240af18e7aec4532e77fa2d2eeca5d0c8b436ad1
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
text
MD5: 37a00cbd57e8cca3156bb3e4e771c91d
SHA256: 2d64195dea2c895e5cc6af5d7b9f93925348a4735ff3ebed42f2cd542b10de55
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr50EE.tmp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\iplogger.org.idx
text
MD5: 4b01808bc7d72a4c457f2bdb0e18fd0b
SHA256: 35cd199bf52dc11688d0cf8ab6ef962a684463c3b44d3299aee751c4db3c59ee
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fiplogger.org%2F173es7.png
image
MD5: e7d31ac53d124242b574c8090362ffc6
SHA256: a901afae7bdb66678f08a39b32f8a46da9864c8a64fabc0e77a7f12b93df12ba
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
text
MD5: c6bb9f4ecb7995e1c8bf8d4b2b5e0369
SHA256: aff3ccae88267386aece32d6c93f89e91b9705b3852c4dbd057eacf2bf0c9292
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
text
MD5: c6bb9f4ecb7995e1c8bf8d4b2b5e0369
SHA256: aff3ccae88267386aece32d6c93f89e91b9705b3852c4dbd057eacf2bf0c9292
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr4526.tmp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\dcache4.url
binary
MD5: 4d691b5a9bb37b2f27b73afea8b01d9e
SHA256: 32c0fde1f4a5e1ea9a97b60c70ee5110d37825e33458019418589417dcd98ff1
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\opcache\dcache4.url
binary
MD5: b946f7241758fdbb172cee937a54fefb
SHA256: fa384cc878ee4991ba73d44e1df9e0a9946ab0148459de344dba163b2867104f
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprA088.tmp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms
binary
MD5: 86e185deca505cc26e3cd6c9c96d619c
SHA256: d4f5beab5d738897f606485b31d89f773c7b0a59dd85f56bf243de406fa8cf1d
748
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF249432.TMP
binary
MD5: 86e185deca505cc26e3cd6c9c96d619c
SHA256: d4f5beab5d738897f606485b31d89f773c7b0a59dd85f56bf243de406fa8cf1d
748
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GO0ZFNXCJ7DW0KERAU0Q.temp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
binary
MD5: 7f5dcbf9f067f258078d5071195d5c51
SHA256: fec0be3946fe4780375cee50eb647bea4fb130af228e473fe442b39ff19d0492
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
748
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000V.tmp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
binary
MD5: 59761e989f564f76a3a4b778db7abcf1
SHA256: af879942d234d85c0ce75921dbdda50e2f6d135bd961f259106131751359052b
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
binary
MD5: 82f1a2b1176a5ecc457d32301e2ad833
SHA256: a783052804dd4c232be2ed3dc00c430cb67a20370890e235562ed2b27b5a602e
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
binary
MD5: 539974f135faf3b688dadf0bc15632c8
SHA256: e3e4ae7cd8bbc6ad911a8a1227e057a00df3aa82e6332c15a889f51c8f04645b
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
xml
MD5: 8e3a99f51742027a7595b19cf423f5fc
SHA256: 63ada8ab2d9e34ca087fcf19324a5e3f69f7509f0ee0591257f6b92b3ad31c12
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr88AA.tmp
––
MD5:  ––
SHA256:  ––
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
text
MD5: b43eaa283182c4dd0b8678d385f53b1f
SHA256: 7117b72553719acd800df9ba47ccd0e8a19a401d7fb3ab48d491e9ffa21b3f4c
748
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr886A.tmp
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
9
TCP/UDP connections
29
DNS requests
21
Threats
5

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
748 opera.exe GET 200 66.225.197.197:80 http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl US
der
whitelisted
748 opera.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAOXQPQlVpLtFek%2BmcpabOk%3D US
der
whitelisted
748 opera.exe GET 200 172.217.23.174:80 http://clients1.google.com/complete/search?q=ipl&client=opera-suggest-omnibox&hl=de US
text
whitelisted
748 opera.exe GET 200 172.217.23.174:80 http://clients1.google.com/complete/search?q=iplogger&client=opera-suggest-omnibox&hl=de US
text
whitelisted
748 opera.exe GET 301 88.99.66.31:80 http://iplogger.org/173es7.txt DE
html
shared
748 opera.exe GET 400 185.26.182.112:80 http://sitecheck2.opera.com/?host=iplogger.org&hdn=v2f3ETtwIf5etKJ2aHlvYg== unknown
html
whitelisted
748 opera.exe GET 200 104.16.92.188:80 http://crl.comodoca.com/COMODORSACertificationAuthority.crl US
der
whitelisted
748 opera.exe GET 200 104.17.104.175:80 http://crl.usertrust.com/AddTrustExternalCARoot.crl US
der
whitelisted
748 opera.exe GET 200 2.16.106.50:80 http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQD%2BofQtYJP0vg6JS%2B4x27Bg unknown
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
748 opera.exe 82.145.215.40:443 Opera Software AS –– whitelisted
748 opera.exe 66.225.197.197:80 CacheNetworks, Inc. US whitelisted
748 opera.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
748 opera.exe 172.217.23.174:80 Google Inc. US whitelisted
748 opera.exe 88.99.66.31:80 Hetzner Online GmbH DE suspicious
748 opera.exe 185.26.182.112:80 Opera Software AS –– suspicious
748 opera.exe 88.99.66.31:443 Hetzner Online GmbH DE suspicious
748 opera.exe 104.16.92.188:80 Cloudflare Inc US shared
748 opera.exe 104.17.104.175:80 Cloudflare Inc US shared
748 opera.exe 2.16.106.50:80 Akamai International B.V. –– whitelisted
316 chrome.exe 172.217.16.195:443 Google Inc. US whitelisted
316 chrome.exe 172.217.23.163:443 Google Inc. US whitelisted
316 chrome.exe 216.58.205.227:443 Google Inc. US whitelisted
316 chrome.exe 216.58.207.74:443 Google Inc. US whitelisted
316 chrome.exe 172.217.22.109:443 Google Inc. US whitelisted
316 chrome.exe 172.217.23.174:443 Google Inc. US whitelisted
316 chrome.exe 216.58.206.4:443 Google Inc. US whitelisted
316 chrome.exe 88.99.66.31:443 Hetzner Online GmbH DE suspicious
316 chrome.exe 172.217.16.138:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
certs.opera.com 82.145.215.40
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
crl4.digicert.com 66.225.197.197
whitelisted
clients1.google.com 172.217.23.174
whitelisted
iplogger.org 88.99.66.31
shared
sitecheck2.opera.com 185.26.182.112
185.26.182.93
185.26.182.94
185.26.182.111
whitelisted
crl.usertrust.com 104.17.104.175
104.17.106.175
104.17.103.175
104.17.102.175
104.17.105.175
whitelisted
crl.comodoca.com 104.16.92.188
104.16.91.188
104.16.89.188
104.16.90.188
104.16.93.188
whitelisted
ocsp.comodoca.com 2.16.106.50
2.16.106.113
whitelisted
clientservices.googleapis.com 172.217.16.195
whitelisted
www.google.de 172.217.23.163
whitelisted
www.gstatic.com 216.58.205.227
whitelisted
safebrowsing.googleapis.com 216.58.207.74
whitelisted
accounts.google.com 172.217.22.109
shared
ssl.gstatic.com 172.217.23.163
whitelisted
apis.google.com 172.217.23.174
whitelisted
www.google.com 216.58.206.4
whitelisted
www.google.at 172.217.16.195
whitelisted
fonts.googleapis.com 172.217.16.138
whitelisted
clients4.google.com 172.217.23.174
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.