General Info

URL

https://www.mediafire.com/file/nsn7i0ftf7dvfk2/JakeAdventures.rar/file

Full analysis
https://app.any.run/tasks/ad8d3c4b-aeb3-4ee8-9049-fdad4cb9d4a2
Verdict
Malicious activity
Analysis date
15/01/2022, 03:52:47
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 2892)
Checks supported languages
  • WinRAR.exe (PID: 3160)
Reads the computer name
  • WinRAR.exe (PID: 3160)
Modifies files in Chrome extension folder
  • chrome.exe (PID: 2164)
Reads default file associations for system extensions
  • chrome.exe (PID: 3456)
Reads settings of System Certificates
  • iexplore.exe (PID: 3496)
  • iexplore.exe (PID: 2892)
  • chrome.exe (PID: 3212)
Reads the computer name
  • iexplore.exe (PID: 3496)
  • iexplore.exe (PID: 2892)
  • chrome.exe (PID: 2164)
  • chrome.exe (PID: 1864)
  • chrome.exe (PID: 676)
  • chrome.exe (PID: 3212)
  • chrome.exe (PID: 1552)
  • chrome.exe (PID: 3456)
  • chrome.exe (PID: 1728)
  • chrome.exe (PID: 3440)
  • chrome.exe (PID: 3652)
  • chrome.exe (PID: 2956)
Checks supported languages
  • iexplore.exe (PID: 3496)
  • iexplore.exe (PID: 2892)
  • chrome.exe (PID: 2164)
  • chrome.exe (PID: 3212)
  • chrome.exe (PID: 3076)
  • chrome.exe (PID: 1864)
  • chrome.exe (PID: 3272)
  • chrome.exe (PID: 1168)
  • chrome.exe (PID: 1876)
  • chrome.exe (PID: 676)
  • chrome.exe (PID: 2292)
  • chrome.exe (PID: 776)
  • chrome.exe (PID: 3436)
  • chrome.exe (PID: 3220)
  • chrome.exe (PID: 828)
  • chrome.exe (PID: 3188)
  • chrome.exe (PID: 3456)
  • chrome.exe (PID: 3932)
  • chrome.exe (PID: 2336)
  • chrome.exe (PID: 1552)
  • chrome.exe (PID: 3272)
  • chrome.exe (PID: 3896)
  • chrome.exe (PID: 836)
  • chrome.exe (PID: 3440)
  • chrome.exe (PID: 1864)
  • chrome.exe (PID: 2836)
  • chrome.exe (PID: 1728)
  • chrome.exe (PID: 3652)
  • chrome.exe (PID: 2912)
  • chrome.exe (PID: 2956)
Changes internet zones settings
  • iexplore.exe (PID: 3496)
Reads the date of Windows installation
  • iexplore.exe (PID: 3496)
  • chrome.exe (PID: 3652)
Application launched itself
  • iexplore.exe (PID: 3496)
  • chrome.exe (PID: 2164)
Checks Windows Trust Settings
  • iexplore.exe (PID: 3496)
  • iexplore.exe (PID: 2892)
Modifies the phishing filter of IE
  • iexplore.exe (PID: 3496)
Manual execution by user
  • chrome.exe (PID: 2164)
Reads internet explorer settings
  • iexplore.exe (PID: 2892)
Creates files in the user directory
  • iexplore.exe (PID: 2892)
Reads the hosts file
  • chrome.exe (PID: 2164)
  • chrome.exe (PID: 3212)
Dropped object may contain Bitcoin addresses
  • chrome.exe (PID: 2164)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
70
Monitored processes
31
Malicious processes
0
Suspicious processes
1

Behavior graph

+
start iexplore.exe iexplore.exe winrar.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3496
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.mediafire.com/file/nsn7i0ftf7dvfk2/JakeAdventures.rar/file"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\advapi32.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\normaliz.dll
c:\windows\system32\version.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\webio.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ole32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\dui70.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\netutils.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\duser.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\bcrypt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ieapfltr.dll
c:\windows\system32\winshfhc.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\program files\windows defender\mpoav.dll
c:\program files\windows defender\mpclient.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\xmllite.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\mpr.dll
c:\windows\system32\linkinfo.dll

PID
2892
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3496 CREDAT:267521 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\winhttp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\webio.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ieui.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\usp10.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\secur32.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imm32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\fveui.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\mlang.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\winmm.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\netutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wpc.dll

PID
3160
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\JakeAdventures.rar"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.91.0
Modules
Image
c:\windows\system32\user32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ntmarta.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\imageres.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\winsta.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\drprov.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\slc.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\propsys.dll
c:\windows\system32\mpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cscui.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\secur32.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samlib.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\duser.dll
c:\windows\system32\webio.dll
c:\windows\system32\profapi.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\dui70.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrtremote.dll

PID
2164
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\user32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\advapi32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\userenv.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\webio.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dwrite.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wpc.dll
c:\windows\system32\propsys.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\samcli.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\dui70.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\duser.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\imageres.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\cscui.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\slc.dll
c:\windows\system32\mfreadwrite.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\atl.dll
c:\windows\system32\wship6.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\uxtheme.dll
c:\windows\system32\qmgrprxy.dll

PID
3076
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x719dd988,0x719dd998,0x719dd9a4
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\winmm.dll

PID
1864
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1040 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gdi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\evr.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\slc.dll
c:\windows\system32\avrt.dll
c:\windows\system32\d3d11.dll
c:\program files\google\chrome\application\86.0.4240.198\libegl.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\d3d9.dll
c:\program files\google\chrome\application\86.0.4240.198\libglesv2.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
3212
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1344 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winspool.drv
c:\windows\system32\secur32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\profapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll

PID
2292
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1676 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\winmm.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\secur32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptbase.dll

PID
776
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winnsi.dll
c:\windows\system32\webio.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll

PID
1168
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winmm.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wintrust.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ws2_32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\webio.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll

PID
3220
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\version.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc.dll

PID
3436
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\oleaut32.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\usp10.dll
c:\windows\system32\userenv.dll
c:\windows\system32\webio.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winnsi.dll

PID
676
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1024 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\avrt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\slc.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\atl.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\powrprof.dll
c:\program files\google\chrome\application\86.0.4240.198\swiftshader\libglesv2.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\mf.dll
c:\program files\google\chrome\application\86.0.4240.198\swiftshader\libegl.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\evr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\uiautomationcore.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\nsi.dll

PID
1876
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\winmm.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\usp10.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\profapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\webio.dll

PID
3272
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll

PID
836
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\profapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\cryptbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll

PID
2836
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dhcpcsvc.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\webio.dll

PID
3896
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3176 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winspool.drv
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\webio.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msasn1.dll

PID
2336
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\ole32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\psapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\msctf.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll

PID
1552
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\psapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\nsi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\webio.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\cscui.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\atl.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\avrt.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\mfreadwrite.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\mf.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\winsta.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\webcheck.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\microsoft office\office14\mlshext.dll
c:\windows\system32\wship6.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\shdocvw.dll
c:\program files\common files\microsoft shared\ime14\imekr\imkrtip.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\program files\common files\microsoft shared\ime14\imejp\imjptip.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\bthprops.cpl
c:\program files\microsoft office\office14\olkfstub.dll
c:\program files\windows sidebar\sbdrop.dll
c:\windows\system32\syncui.dll
c:\windows\system32\cryptext.dll
c:\windows\system32\stobject.dll
c:\windows\system32\colorui.dll
c:\program files\notepad++\nppshell_06.dll

PID
1864
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\windows\system32\webio.dll
c:\windows\system32\psapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3272
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\secur32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll

PID
3188
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\user32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\webio.dll

PID
3932
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\ws2_32.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msctf.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\lpk.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\sspicli.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\usp10.dll
c:\windows\system32\nsi.dll
c:\windows\system32\msasn1.dll

PID
828
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3808 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\wintrust.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\profapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\webio.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\shlwapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\userenv.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msasn1.dll

PID
3456
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cryptbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\user32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\devobj.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\apphelp.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\sechost.dll
c:\windows\system32\propsys.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winmm.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\duser.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\imageres.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\srvcli.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\cscui.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msls31.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\davclnt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\audiodev.dll
c:\program files\ccleaner\ccleaner.exe
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\installer\{ac76ba86-7ad7-1033-7b44-ac0f074e4100}\sc_reader.ico
c:\program files\filezilla ftp client\filezilla.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\videolan\vlc\vlc.exe
c:\program files\microsoft\skype for desktop\skype.exe
c:\program files\opera\opera.exe
c:\program files\opera\opera.dll
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\wordicon.exe

PID
3440
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2960 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\winmm.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\crypt32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\psapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll

PID
1728
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\psapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptsp.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\uiautomationcore.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll

PID
3652
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\shell32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleacc.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iphlpapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\secur32.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wintrust.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\usp10.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\slc.dll
c:\windows\system32\synceng.dll
c:\windows\system32\twext.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\syncui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ntshrui.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\rsaenh.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\cscui.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\sfc.dll

PID
2912
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=536 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\shell32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iphlpapi.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winmm.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\lpk.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\gdi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\uiautomationcore.dll

PID
2956
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1056,6973212348176508466,7855368231362846203,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2616 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
86.0.4240.198
Modules
Image
c:\windows\system32\advapi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winspool.drv
c:\windows\system32\webio.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\user32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\secur32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\version.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\usp10.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome.dll
c:\windows\system32\ncrypt.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dhcpcsvc.dll

Registry activity

Total events
30939
Read events
0
Write events
406
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935491
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935491
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{9B344739-75B6-11EC-A20C-12A9866C77DE}
0
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
F0B9A65DC309D801
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
9657A45DC309D801
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F000300340032002C01
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F000300340032002C01
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F000300340032002C01
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F000300340032002C01
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
367DCA5DC309D801
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
367DCA5DC309D801
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010006000F00030034003500E10201000000644EA2EF78B0D01189E400C04FC9E26E
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010006000F00030034003600ED0000000000
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A607000097404169FEF84FDBCD2B5497818226198AC0C26C2849A4B61FCB655BC2F07CB7BF7CC11886E4785D3189A9B2440792EB4349D76B054F469F32D918088366722885392F47604D0D7FB76FEAA597F394DFF4A288A053E25B6944402B9B53D28E1F211879CFF552E821017F4A85C0655097836D697F0A22B9B026A00D5AC1526A740EB73C2D331503CB5E5770BFBE7CEEBB1F49BF2F702F1880D098BE90FC0784FC19B77BABE3B4C52CE59807976658CF85EBD5A103782985FAD6CAFA966912877E8CB89A9B2A51EF6F38E372351419D48D7FB39CF853306ED0C0D5A764589160E8675AB5A1A40A2A57F3D7A24588DE57F45782FE4760645A8A9A591DBCD4A5CDDFF93D460E5701C22F6E131F25CBC9D3D2A6E1570A13E565A2F0F699DEC26EFC9C8C01F948BE542F910038B9A115F960030A7242ED11D31469E04C34D2460D6A174F477D4A2B2574EEB4E69547458E683276D4C8F1004EBAC308FBAA3841A0E28223AD0F28B892B7F434BE564167A8AE45BEA6453F1776F1AE2DA32CB7AD48111B03D40EAF63BDBDBFC05E5CC3F266F70F0A8A8408D56B5F9959E4E3EB6426CB42B95C310C89C4A4D57968CF0DF9EA99527B1F5C7DB74D538E4C5E81F26E5898EAA8E5AE8726C993FA107A6AF930538518C60458C9E13C7A2B6EB1E180F5FFFC54810F6C5193EAABD08635411554C1A05418DB902CFF589269867CE184873BDD1A7E7BD057104997462C3AE1578F538CD77F43061A84C1E2379261DF61612D298F76C728365505D4DB8127CB59962BA997D0DB786BFF978CDFF4FF20B474F33D676794342D8E3D61AC6D9E7A2908687E417445AEA1C5FA6842DAF65DA8DEAE3EB8E182DA2D38132A55EE3DF2A26F2A511D6620D83AC80AE6DCFDE6A1E1757F7544CC3165F2FBA55CA49BA5266460917645CE0B2F12AFE75AA3006F58EF3F84CD15BC41CD2A6F1537167C77B449BFBC592801A825D4B9B166A90931F755B2DEAC6C485313B8E381B82AF051577CCCCD9D5ECB95297FF488EB982ECC1C2189ADA9FB1E0513F4360BBB8021D5610E60E388CFD7747DF7AA8CD4FB1AE07D1053122C7320F87C0DDCD140CBE7A1FE2F061EBE2424E464A8CDDDFE55780D72481E2BA35E17CC8D7137F5E18E8A56FBE4959D198E8184E338829B9A0860F3909AD9196951DA21EE48BD95C1B33A957D5AF1825ED9B6F6E74B97E638129F31245F94FC1861A09744FE70D376E58EFCEAC2CDEC5CD10AD91754A9DEFE90E5697AD662F598F694CE60DC8BCDAEC2182D9CC348FB88F8EBCC497602A4F01CC93A8721FC2224E63067B2B611A578E1E6C6367572CF2489FD710A7C2456A1F1CA44B5CBFBA4BBDC220070A49C79B8989168FEEFA98792CB4067C6D4771542E7FF27EFDB749CFE1E0A3A80C91B6B51A91CB48A6BD3455FBA804DC0A85301CD375883747D01289B91E5B57D36969989A6A648DDEE4E28A1F5C4C536FE6F3A2F1A14F88337E269B51BEC11CAC9A025223D52C6848A6550740B026E5FE82AE0A22A4526ABB4F47F964C93EE77337E2E7F3FB6CC932C8FDC6406ACE7AACB5013D6A243ADFF12128B805D60ED46F9B9D3B48664FCA5FAB2EEA956EBD24FAF4BF37A616E2DEBD2E1ABF77B45AC1E95763645A60CF4DE42E5A5350656CEC4A131A0B0C39E450B488500576472CCD99EC3758D67A355F0F83821E93ABC7A96286C3A324EAA9771A359ABFE52CEEDCD0260B26C206DC008C53E82A00B1878B6C507E1B024FCC224855CCA183DAFAF8350B60B01CCD5D35DA590E7F8A70C673A863BB5C452DC666C28C67EAF5EB9B2051910A2670466308615877233C7B8E6A6A80ED65FE3FC239A159CE7CF16C0962C4DB39543B90375B4D54D4238720097374E0B64B0CBE699A16C6026451355FCEAC33D0683C8FF43AE3159771F147019543C067FB2A11668C4B71D595FCE2882BEBDB713295C243B7EE42631F0E1A20B2BAF0D47FF243130BA53ACA1AC5A0CC9DC843BDED717C4FBE682B08F358A020FEC3EF6DC8F964091A1677E1FB47FE87190118385211D7625F87DE4B3BC4068C46ACDEF5E53E5572BCA6823F15327A21A80CA092AB5DA0D5763AE7EBC010BDEC9BE8CE6ED3AA0629E9532D43833178664664B9EEBCAACDC32027449CA846C59C0E211FFA9D7C381898AAE8B146E025FF03B3E17EA734D2157DF6695FC08554D483072F0B2A14FE08EF00769A6CDDF6B5C104C5546BC14C164608F8D74BB67F6005B7D9A2831B2D34C5E72F80CBF9B2449AE11D21E4B0B6AFBF63A0A511B90078A98F8D62B66FDC463D883E067C512FF572B2B529462C8F5BAD2571CB354E66C855AF7DBDBBBF0D973451773D8455CFA262F51FDC6B32286420E6467BA49E1DF9045388B5826D4091C42C53E7DD769BA56528006D626B329343FEDBC857EDF214D889BB8C2BD1C36FEF9E9E67767F26E881234CBE27B23E52E4C9B8F36D6F6295AECA5BA3909E739B9F03AE6E6ECAD005AA6B4590C4A4C4CD2B3D203ECBB1DCC59C10EB5DDA14041ED64EE47EB89E33A6D7C6CD8724B2CE5BE4CE246C7879B64E98166AECEAB3D733A137225A4C0464261BD557636DEA1C993AEBFC6E654D09FA994C8842C24E4704068B2D3327E1F9AD61374A27684FF37F20958CD6B2546FC3B7B9D8F1754E39E9E61EC9DB570CBAA6C26612D545B6CA279776FEC7518182F3E016A8CAF291CB9F69119624E0C8898C300E2AAEEBE1048CABF093C24D3A69051B4B96D154AFAC9E726E6ED1B9E916B7C29986666010000000E000000385835324E41646D516B412533640200000000000000
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000003E1692B3578B744DA4C0CD85BCB93B6700000000020000000000106600000001000020000000941140C5E9B74BBE08AA20F12AD5FB8667F670314B514D06718BC8D0FE293732000000000E8000000002000020000000B8588CE8AC665177C9808449F5AEE038E2582F675B511238D3890BD34F00C47210000000270420166452D14C019542EE2B99156740000000976C6DC1FA57F73F8EB26A76FCB5D9E099B3A92D56884F1DC984CB31C859DA8FAC550846C1A4A4A3485537F2D187ED090C58E21659A6CFE77085EC5DB57547E9
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000003E1692B3578B744DA4C0CD85BCB93B6700000000020000000000106600000001000020000000E28C418EA34211CBB958813FE8539114D4D6E48C7289F5003CAEC3EFC8B151DA000000000E8000000002000020000000DDE69C302E57BE29A366BACBA02220C6CDE6FF9EE3269B4F580B11E37D5B01F550000000FE750E06F61093E16B9B8C19C1CE3B0E25F8C6B31FBB013B901B79E8991629FAFB9702C91B928A902A528380D87379DC00D23FE86F74A40F250FB72385ED486B621D8306426CB6794F8FB10027CE9451400000000D173ACFCC51A1E5EBF54C088B85A3C67FF8A9B32344BB8805FA355B91F10E7B840C3E1FFC1BF5E6678732A902C1041AF2C2B228FDAC3E1E6A2E55B27079E6A7
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000003E1692B3578B744DA4C0CD85BCB93B6700000000020000000000106600000001000020000000786108A23571B95D17B706D39C22B5DC0CE429BC6730EF0A267932E7047DA643000000000E8000000002000020000000E2BF8969DFC688DAF1CA693EE2194FABDB9F6C117C8998486296DF39181999E01000000002BDB8819DEAE2AE7E6246E8090F1EF14000000042F65A335ECC75F87BEE80B95DDFD721EE70426571E06C68B0949CFAE4DE821A9FB10DACA710EC92C3C9A92D28C70E71295ACFF07814F34CF992F30A0DB452F1
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C080000E41CCE5E17D814FA7A329323A0825046E984DF0C01B08DC7E07A085CB3361C3F2CAEDAA03F44BC4E068E4EBC8B8C950FE5FC4800D668D3E4D9F0766CA4F4F4F51914AE7E0931C0A2CF66D62969235FEA19D906E03AF2A56CFEF3C6F4CE0B9B21D06F1528E03F8B974ADC8DF7E8E2F8E7323B6F5970EDCDB6DCA34FEAC91B56046AE0AF89D20E526AF00EB1719D6A462A4D426CF6DBF8E745AD20E34718C41E181085DBE8BA3EAB19501E8223325CBC62A30D4FA920B56D3EAB8A5DB606A6BB1ECB7F76CF3770ABA79D2A162BFC5652DEA1BE279DD6C214E7E501C7067B6165B1E8EE3B4A1D42605E1B54745611FAC0242674485BE6C1CE3DEEA54E7A0395016A1CF3DE746555142C8DBAA315F4E67C28414F664024519596E796DFD95DE2419B04ACB3540B4990107C7EA73DDEBB9E03876E5F3EDD11974F83F48A5E62E86D93D73A6408CABE9793A8BEF4932F1A1748DBF3D9F4F5A3C8959BDFDB6C82464E75F4BDD93F815404512D9C3D32F7A1B5DCB3FD891206A6AC33C9777518919EDE9E73562F0EDAABA493E93635B74FF2106A09AC0A0CADB957762FDD51818C8F969EBD2392015D6477FF24AE1F45D4AB115E5120791E937EC51E0A2F17F9A5B988BAD445C492471DD24BEE224154F96D7A75D878E5A23B94EB66128EDEFD8DBCE1071CDDAFDF1B77AA0E06B4AB514ED9EDDCC1D6CEB78A9AE20D781AE7001B38DE0B4A093AB9F812AB96D182F810BA8D22DE04591230EA321A8352F380FE62CD47FDD9EA40FFCD8E77D5BBAE590B422BC92051215CDB50FB94127E39E7EB371B208087A0314CC18BB0586F571E72F2514E758C4D2117A0940329530C9DE54AC255025D4CB8F36AAA0159B09C640F60A11B36B7FFABB6E79F78A7528CD5436E62339EE10C5E4D5A89B8D0669FE6F100B9CB36FC56FA3556BB254230D93C698A9ACE95A9013C5138C96DA6D27E92F3AA3AC73E3572143CA18787F83D13B270800C5F54734CC885F30ACAE7085B11075CC5A21B6C73867414A55C951A5A91A4A4575A08340B5C3A92ECBD16DF54D8589BF8E33E857802B057B4D43D35CE41C7FD1B10C8CD5F2515BF0FC780438BE13D4F75C9E9FAA38959F6530019278FBE29CEF8A94ADE681FF08F137EAAFB1E49F734DA61EF40138D3B7C24F900CABD4298ED8E98294047BB031D9965C9612F1D40AEC8150116E8809372C6BA421578B60E0E7DDEBD111A85643C3FC050B7DC86B022E01A8E3F425379FED83C7409E04E433465C37FA70294CF23A65F892C477EECDAC08630EE40288E19FCC254BF15C7FE78E695025820B4C7EF6E6E3D838EC3A1640AD0ADE404F40755D1D9BFD837694418A05179119281FF9537B0725CD3ED5E095C558265AD2BFFFEF68CAFA266A74A1D3325CB3C796D1987A18B348234882DDB571E030F5BFA19140D6451B4C2C6449C3ED93D83F5B6B0744D377113D3F3073A9C520B892DAC7868B51D239D6B8CF8E063D0A85F2727B85ED939DF65CFDC13E5C97239C245E803C08D542D8C81152BB741013D492D8E2622E612FCDD47AAB7788016BE1BC222F71937393DCA24CFD4EB780FDDEE2837F2B214F715535D5C7AD35FC4BD72C40CCE7352E43E8774372CD0A81F003439215EA403F4633E2F6CB08107163A7C6BA572917D0399ED91747F0A716E2B627E1495B6535D3441DF5E013219E394BDD601C5205A7CA6AB9BA3D8067319F6AB18D9993AA50A23DD8BD9B4D833679AFB27A76EAF876031A0B2487D3E4ED6A4FA27AB7D5D97AB680B55CBD364F7CE23337DE707C2A67E0BB9F6442F77A2D0485CCCBAF311CABA2FEC5B4419B403EA446DF886891F567DADB0874E4A6D0FC87C5125D5273ADEEB0376BF2CB3E5F8400750B756179B36BAEA9E855DAB3F35C1A79B53F7EDD0738A48E09FB9D230771EBDDFDCBD0DF8E85CB49F100A679EB368D69D76FD3DAC296FC8691DE80CFC1E53DEF386796A220B79E99948A455812B771D36AF7E0084A03848F8578F885B8F417475D5097FAE3ECE3A514E9168DC3C7A94EF1C0F2A5D79453A1E6F1605D768111C42E9C9F8AE23F91F4F400CD5F186D4D986DE712B3752A871D38321A3BC4AAF94E8E1202F2E5949D4403EAF0AE5A97B2A6816D8A755CC4EF159B5FA8B11D681D98EDFE2CE8A7F846E7D6B267D1645A10609E2A286E687B8C39323E15BE7AA69D71B02B5C8F3378C0153E41B3C38FAAA6BD5630E4EC42379E7E3EFA26743686FA3586A159B562055CD47CAA45D3868F69699B957D09540A8466B38BBCBA4AEBD4F94369FE2B5D9CA82473DED334A2F3C5D41050C26627FA1C6EE1DA54A681E2A48B4885F41BE046897535DCC552FEFF613E5656BFE607E065D7AC077000156003FAE7FAF8F444071A52A4AC57A9447A202A4FA983662DE1A3ECF3F4ADFEBF700AE3F3B63669B2CFEDF2324D11F8DD9F16F69E502CDF43FA8144DBC470550A27EE376DCFBEC1E6AA094350BEC01B944AF3027447417CA41314EC555E1D8C2F50B9E8981A7024D99A4BF3F1F1E64D2284BD5D038D151F1845F74712CFAF944929543E14C57B2855810AC3180032DBB25055B8FE1A67CAAA85C98F75F8A037117AC95705C09F3734937A7504EF9C9D0DB3B7751605887544E8DCC2F108E1CB425CE0656D195C35A0B74C402A91AE80CEA16681DD3D5CC031445B1B55D9B562D5DEA956FCBCC879F3D92AB13B15A0227F26461B75B0FE0119BC50A02688BDFC75DC63DAD6999C00581B082F68667B27893E87C7C1924ABF0836B70834FDF014DC75AF4F5CD6E12657673D9E94808DE566D9D45542B58D7C76C65036E3452F40D39DB362816F29394BBEAADF5178BAF23201ECDF5B2148C9DF66B3E8535137C87549D2A0E64FA780CF23F81B513DF5B824B92508DCE597D7CC230C84174D65D20B9AC4B83D6B9014FBA1C78965C7DBBEE90877019A0CF42196E256667103E99D606FFA8D18E05C4D6B2C88CD112BAB4A48EF9F61346EE0A069B00F2EB2811803FDD22B31BAB573C377C13D38F55A773DEE5092CDDE18290EAE9EF6673DE2793E4DC1C9F3D4DCFB160B7C0CAD445C971E735C3C277924E6F8AF830F7FD50173287A475507A94CB6ED802E5BFBF022A4E010000000E000000385835324E41646D516B412533640200000000000000
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000003E1692B3578B744DA4C0CD85BCB93B670000000002000000000010660000000100002000000086E6CD53465A0237202F98009C76FE84A07C6280C9C26A781DC2836A5037A11F000000000E80000000020000200000004667942D2EDEDA69059ED8362B910F90FFD57DDC0F953D0C8E755270C4DE32DE500000003AB31C9BDE6F1446F52431B74245B34D9B10EC019A32DD4C9EFBA90BC07129384245F96EBCE21CED8C21171C96BE4821C099E3C00C6748CDE3831594848686AE02C0A7DA0AF4DE18CFF5F3D6381FE0D4400000003B48CC10BB3A7CD228EE133B6EEF0601E293F12D6B4A4F7D4F26EB9DE6B68F5993D994B37D4CDDE78884CF0F3F5C628671B284AB1498C1954EDC7CC25C77B115
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C0800004355A8ACFA6A9CB0D1C5A9BBAD1C3437F60A2A0AD419772D6B49536826A7061EEBC84C8B02B0850EBD16E97FB68E35F34A2318DB0371E44CE262E86471FB8EE3FEED2CB064E2744BE4A0A4A0A490077A263C24368FC55162B58435D4BB33351D57633BA17D21BAFBD103F3EC7508E6BD1DF67D360537DF4A07504795FC7140D38DC96C5E7F8D57D91BDF1B1510144411D2F1E89E8EE50879A6647B130DD45874D7C11A81474621582BD45AE8CFD56F89CCCD97C6F5F1C33750629985537C641B6CEAF6741A6C7D1376824E13B16B52A3DE2A5A93237A41B6AEE89CC0CE889B21EFE37BB2001F31010089417E0CF75D4649A91F81D39F92EC3598508FF61A2706BB4E1018087FD67F2689A42CF997300D5EE8F6BF7182B84B6C10E7A5C85108A043CA394A36AC0129C72176BAE36C6EE42888535B88416D3CB8F1341E374DEAA2B0F63D2427C6198183F36A5C629713F4E4297B7840FEA86F50DCFC87772E71747374593D1CED7B68B69E82796A3697E19C6BFB9CF3D7AB01926FF183A4132C5114E38A7977419A6882C2B7D3C26A415596EE100C78EEFF67244CBEF6991EB6BFFAE28AAD20E2B6CBDFFFF338A953AEDCBE522030C6611C3271112FC5706E9B557313F14F6AF0B68385F526CE3412781327383D154E52129BD95F4C2138235ECC1B156D3C068B77E51D4446E453C50A222E3EEEF2BFDFEBEB23D7A26B6E5DD467ED87A38415D3502D7A8C765FB78D38891B0534C73F2AC2A4D91716A0F73B51A41E0B9A56F0E80BDC006D6DAA7F8BFB3EFE2D2C0285516F8645C1E655E2DF7B42604089EBACEAEADD44870B413FDD6B19B356FD3F15762B5C1873614A3F687A97DAC5D08BF7F9C87E2B7A68C7FDA4D08D9820D31092B7F0A189CE6A845BF6DC32063CFF9FF7356B3A8DE545A98D0086BB632C01D70336C0ED3B7308009FA802D36E4415D5C5BE8D4DA96AC35857124CCA5A1835B174124838C600C5EED5A0A8AAD47CC850DEB40025E3A8DB1111F82C921385F870E16A78E65117BE8111FD65F23386ADED8F372091C43F932D86D3479EEA1399A862607EADEE56C64E08DFCFCE6A015495D267AFCFE8CF690F42C45674E562BBC7A312E842AC5E5C395B66D986998CBA9CB264CC6540F8749409E90933EF12584029A2BEDCF1D06EF3B8B1560627C9193AF04E73C64A5A2A1EE363378029C4F6C4C72EE182DE4AC70CFBE201B19656FD07A145DECC2C958429BF52BAC1101637910BD8BE2C526E808F0118688CC0D519938E691C0347490B7357D779AD71A9DAC7CCBE4AB6B4DAC4306D7309AC1FE5A80392DAC5BD78165AAE19108E210B1D07D80002599CA32F1C0BCD128BFEB625ECC9B8B8DBFE379C19CBC41E8B579A12E7FC8BC2C88E690E62F3A817DB5C3B370A639A23EA34997ADECFC621A65AE028F1C32120AFD2EF155551E9A1E5EF24BAC72C993BC3BDB852D13A373ACED596FF18A9BD3AA06F16E67B9175D0D8E4984D034663211543DEC3D3FDD8874D326D383FC415320832B71F2F2162C44473AE92BA824FF3DEE1F66D92FFB5293D022471B97DAC26F17C81614B019E9C802F6928A46C2FD28220C8F096374E4151BE5D4B845D0638F5E55C4D90DFE57AB6B1D3AE025809DE3BBBD5ECBF4F0CED60D1E36652E4C486EBAAE681D9C81F7D9885A5C6BD834B378B383A01ACDDCF4E7BF4D262FC74F53241F0509FC56453C5B3750C0FF54E17FD475636CF492895840FDC84DFB2505A5BA1D0EB455EC78B71A919FD28A47640506F3D10F6AD7E79B04F375C7EE7A1F7203A3F6215D0CC82A3FABEFBB3026F7C50BF8C47161E1FB9F000F672DDF9924AA335B63BAD8609F87AEC99164FC9BF071DEB33CDCE23ACD865ADEBFF9D8C7DCE021FB9A5AEFB486A16494DFC9BA6783DD7F916CBC0E5337D3015B7E05E98224D5FDB2454B9F4986B9714BE1A394EB6319E4F89F28BC2C5616FEE03DCC06BF5D7D8474EC26C5FEDB41C5B3751C8DA302992EC9793CF2C9BD6433110EA635A747B8FDBF55A696C4AC9C779DDA8E76BE120D3621EE52C6FCCAACCB490ADE72896FBA2D806344E4E8424B71A74213862B21A81D2B1B842E595712B61D817ED4B445B33B6258BBD8E8E500C5B756F5AF04448BCCA5842B1B8300C7E685561134DE2BF60C9142654455A63E66770AEEC0CBF0BA494133819E239EAE6545E04FA6CEB264B83E0D8B46544AD649EC1129043B3F9593B35581AFBA47E846450F742139B831292E37C7E4E12EDA83B997EE5220FF8FB078A40543A4669767FF8AB8BE2AA00D776950C5015843FD1F149C68A2D1FFFAA6F54756788E8F5DDCA519B75A316CBB89F2888CB1E711AFF10F10221A9A0CD86D30E91F2F1F38CD9819231A1CEFE11D788012190BB758151DE6D634900E69FAF2A0BB497DB9F168BAA8850AD6F8C4E53FBF1D83D0C32D8E92E9ECEA11E08D945ECD7A6F57DC11D11CF43093A0DEEEB4B66487E74DC1A0CE617FB20CB2C27D7685076DEACA91ADF8CD113E6E8A46478E17DB5E4D3F9D327684D7877665AC09C389468DA5CBD46491D92D5FE579F59D0335DF9BAFBC9212E8F8AB9C811700D97D5B4854CA56E2C4CE2608FDF274E8C266357646B8DED67857AFD9A366EF879B95F92A30427EF05F9FC435C69F9244CEF8F8627C92733B5F94B0DFD9A1BCB229EF6AF0F2E8288F6B08BA1A8406B6FC26AD9AF77486BB1651221E8F4D0BAE16BBCBA82D669563B354AB020C1321E2C4BD05F4579FDF74D4D6D1C40343BEA1C9F8DCB82DE784350BD3089B9AB1AB259E53043E303926C5D79835B1CD8F34AB6A3EA49D6CE05E91197C037D956D7C73CA6E1A320323E6B8B7C96006578F27C04BA8054B5C39EE792B19ADAFA13E1FDFB4839A15EC3EE920E51F72A478B2A1F0155910CDFE1EADFFA442D939B649CF466C69A5BB0491D834FC37BF9C11DDED271F824927AA4DC70DFC8EB804E1A7E4D5A0103F37A2CEADC4B72718D96D5F437902A6B049408C03A037EF2C25DBC24A6B77F8287C777C43E5F5DAB053C465AED727C7783128AE8DDC784797AFD4912A0133615391F7D0F4A0F03D283F89490934494272FFDE616F90B7E0AC6ED43E5DB56618D27EC45B49EF711010000000E000000385835324E41646D516B412533640200000000000000
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000003E1692B3578B744DA4C0CD85BCB93B67000000000200000000001066000000010000200000004E4BD6304071A8C637543697FBC6A4AC4B480B8ED10037F6364030B39AF3C559000000000E80000000020000200000003C4C3FA08C393D660179D3870AFE773142D8D8EAB1D21AA382CBF330EDDC1CA310000000BFA24070887BD3B117F90DFAC66AE8DD4000000005DC1E8C9EE1F23DF6138CE1F85FAE4701660E38D60288CC654368F688A0EC8E0FC984E13D039D2223612091366BF6D8C50B4FEB6399893CF14088EEA46D6487
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000003E1692B3578B744DA4C0CD85BCB93B6700000000020000000000106600000001000020000000C5D5BA7DB0A1BBD54385166A4964EFF942C4EBAD827E7E4FA1712033AA271A41000000000E8000000002000020000000766B95E33174C5E15563198765D797FFD92594569F62DCEE6A43B2765390831A500000009E8844DAE5BFEA37DCEBEF77276F612F1E04C1A23FF1D3B5E4253A29D6F762A455E4DAC5DCF93F0BB85B3B27905815D6AF1D644F622C317DE68FC5B42CA64BDF061CD1F678D36DE130F99E2729B3556A40000000920C4F7BAAE9FA11FA15E37E2341453B48B55A59C2DA47DD4E58A245C32204059277E361926EE381AE5C0F7AB9A2EEF20B9DFC1098F73F8611B3C1C37D7F9319
3496
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010006000F000300350005001003
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
26
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
26
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
26
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010006000F000300350005001003
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
26
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
26
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
26
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
26
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010006000F000300350005001003
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
26
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010006000F000300350005001003
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter
ClientSupported_MigrationTime
8F696067C309D801
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E607010006000F00030035001100F100010000001E768127E028094199FEB9D127C57AFE
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLHighDateTime
50
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLLowDateTime
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
3496
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
DownloadWindowPlacement
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mediafire.com
(default)
0
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mediafire.com
(default)
111
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
51
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mediafire.com
Total
789
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mediafire.com
Total
0
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
789
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mediafire.com
(default)
789
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
106
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mediafire.com
Total
106
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mediafire.com
Total
111
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
111
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mediafire.com
Total
51
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
0
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mediafire.com
NumberOfSubdomains
1
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mediafire.com
(default)
106
2892
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mediafire.com
(default)
51
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3160
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\JakeAdventures.rar
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
1
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
2
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface
ShowPassword
0
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C800000000000000000000000000F40103000000000039000000B40200000000000001000000
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C800000000000000000000000000DA0103000000000016000000640000000000000003000000
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
3160
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C800000000000000000000000000EC01030000000000160000002A0000000000000002000000
2164
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
(default)
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2164
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13286692421913656
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\Events\C
C1F
1
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
3AB6387A10384CCDCF851295DFC2B09D0F500798EE8396C627B8522C6A1C2614
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
66D2E99AA8898940E49FE7278CF49621C6A74B34CB7C6DDC7F2A9F5AB065D54D
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
0E265BFED6F1C7D5F0A9BD790C50BB30E78E959631D51EEBB8BB0DE73E65763C
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
62C1A8BE68517759276CD5C4651DDE462F78AD56FF85C2E9473CB6BAC4BE2502
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
911FE281CB88E8A6F8160E6417E4D83AF994824282798F4E7C2B33539ADC400A
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
E2FAFB5D51EEBE04A784740B11C6BA5B456D2A9E82CD008676C2D9453EFDE151
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
8F2892D07F5A7E08016D511C2CE6340132FC564675968393126070DFB7534F0B
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
075D52643A72C98410EF2C6F5A06A10F9ADC44D50DDFF2CC2FFE32C81B77E67E
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
A60BC8FB091D657A8DA4380D5B04F8E25E50D62CF0DF13950A315D4CEA3EEC65
2164
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
3212
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
1552
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0700000001000000020000000D0000000C000000000000000B000000060000000A0000000900000008000000030000000500000004000000FFFFFFFF
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0100000007000000020000000D0000000C000000000000000B000000060000000A0000000900000008000000030000000500000004000000FFFFFFFF
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0
MRUListEx
0100000000000000FFFFFFFF
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\186\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
IconSize
48
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\186\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
GroupByDirection
1
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\186\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
FFlags
1
3456
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules\GlobalSettings\ProperTreeModuleInner
ProperTreeModuleInner
9C000000980000003153505305D5CDD59C2E1B10939708002B2CF9AE3B0000002A000000004E0061007600500061006E0065005F004300460044005F0046006900720073007400520075006E0000000B000000000000004100000030000000004E0061007600500061006E0065005F00530068006F0077004C00690062007200610072007900500061006E00650000000B000000FFFF00000000000000000000
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\186\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\186\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
GroupByKey:PID
0
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\186\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
Mode
1
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\186\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
LogicalViewMode
3
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\186\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A000000A000000030F125B7EF471A10A5F102608C9EEBAC0E0000007800000030F125B7EF471A10A5F102608C9EEBAC040000007800000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\7
NodeSlot
186
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\186\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\186\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
GroupView
0
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\186\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
FFlags
3456
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
ExpandedState
06000000160014001F8080A63C324DC29940B94D446DD2D7249E0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F4225481E03947BC34DB131E946B44C8DD50000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F43983FFBB4EAC18D42A78AD1F5659CBA930000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D0000000000000000002000000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F580D1A2CF021BE504388B07367FC96EF3C0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B00000000000000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000
3456
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
4
6300680072006F006D0065002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007B0000001900000095040000B9020000000000000000000000000000000000007B00000019000000FB020000F9010000000000000000000000000000000000000100000000000000
3456
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
3
6300680072006F006D0065002E0065007800650000000000
3456
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
MRUListEx
0700000006000000050000000400000003000000020000000100000000000000FFFFFFFF
3456
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
4
6300680072006F006D0065002E00650078006500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007B00000019000000FB020000F9010000000000000000000000000000000000000100000000000000
3456
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
MRUListEx
03000000020000000100000000000000FFFFFFFF
3456
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe
0
6E003200033D97032C54F0BA20004A414B4541447E312E4558450000520008000400EFBE2F54AE1E2F54AE1E2A000000743E00000000100000000000000000000000000000004A0061006B00650041006400760065006E00740075007200650073002E0065007800650000001C000000
3456
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
MRUListEx
0400000000000000030000000200000001000000FFFFFFFF
3456
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe
MRUListEx
00000000FFFFFFFF
3456
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
7
6E003200033D97032C54F0BA20004A414B4541447E312E4558450000520008000400EFBE2F54AE1E2F54AE1E2A000000743E00000000100000000000000000000000000000004A0061006B00650041006400760065006E00740075007200650073002E0065007800650000001C000000
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
LogicalViewMode
2
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A000000A000000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000A66A63283D95D211B5D600C04FD918D00B0000007800000030F125B7EF471A10A5F102608C9EEBAC0E00000078000000
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByKey:PID
0
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupByDirection
1
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
IconSize
48
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Mode
6
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
FFlags
1
3456
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
GroupView
0
3440
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
1728
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3652
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2956
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US

Files activity

Executable files
0
Suspicious files
210
Text files
168
Unknown types
44

Dropped files

PID
Process
Filename
Type
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
––
MD5:  ––
SHA256:  ––
3212
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
––
MD5:  ––
SHA256:  ––
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: 6db0b04b2350211a84aa72b9ed85bdf5
SHA256: 82533a84ef0ab10aa5c79e531fd3f3e33f9d1bc44af19162b43157c144f505a4
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
text
MD5: 294964f5b5ceda08763a33cb94b18fda
SHA256: 7bd47e58baf40e8de11090e8b672391dbf4c1ab03a12d5e41d6404c3b493cedc
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
binary
MD5: dd18c9a2bdb0242681dbf4da899d53d1
SHA256: 2ef6c177cfd631f0323bd5e829ccf4523180cf51b70a48ee974801ebb53a5efe
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
text
MD5: b94b5a21609113298141666aa1202f0c
SHA256: c4367017c2646f37d68e5563a311000391710aa35914b4114aa4bac49e0d1617
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1
binary
MD5: 520eaddd8748e92e67ba87beb60162f1
SHA256: 4df96773eecf039eaff409fbe6b65cbd0b8e360bc37427ea8e3104bf2ac08bd3
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\000003.log
binary
MD5: 0407b455f23e3655661ba46a574cfca4
SHA256: ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
sqlite
MD5: 8c63abd2f445b52d963e842d04c97853
SHA256: c2b30c9fcf3beaf3c043277a61a213c9296084004022c4d9d6bc7d49d8b74716
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\000003.log
binary
MD5: 0407b455f23e3655661ba46a574cfca4
SHA256: ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF15c618.TMP
text
MD5: 2a22980b195d07945f126d9aa03c057e
SHA256: 81a6b2f3dd77eb2abf04e08ac0ae73976030856b20c2b9709d7918f67930fa59
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: 40a51b3a021b45e0d69b860d9164d76e
SHA256: 0fb1b138447230b11ab909e21d61d15a58283093e1435ebd1c811189708e9739
3212
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 3cb4b425a06efa48977f2f3f07067f3f
SHA256: e99e3352e52b619e8c96006b8dd96e1f080ed4147ea9dacbaf413f0b42467486
3212
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d88a3630-36a7-4b38-bf3b-e76189d62e85.tmp
text
MD5: 3cb4b425a06efa48977f2f3f07067f3f
SHA256: e99e3352e52b619e8c96006b8dd96e1f080ed4147ea9dacbaf413f0b42467486
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 3b4e4d1e205edccd9814c81e719e654c
SHA256: 9d1c726b96a0139dd93039d4de38d9cfc50a4bb3a22b462ac2ce07dbea319ac4
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
sqlite
MD5: e7741339a5550f33ca9ce1f21c332276
SHA256: e5d3f93bd4a459b656e2f45b086418a875fca9788545303fb4204ad4c056ef2a
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000060
binary
MD5: 5702f00f119bb0dcccb7c1ecb800663e
SHA256: 5705a2eb7712163a2602ab9abaa9ce6174cc687890d2dc62738faef1b70bf5c1
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 2a22980b195d07945f126d9aa03c057e
SHA256: 81a6b2f3dd77eb2abf04e08ac0ae73976030856b20c2b9709d7918f67930fa59
3212
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: 7c2af8c0793013e40df5a57df74d51ba
SHA256: 6791b46bc253ce8953e2d00c2dbfd4cc2bdc1cde485782888f9e4a00969a38b4
3212
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF15c647.TMP
text
MD5: 754eaf5a9250886bb4dec99ea2e40877
SHA256: ffe04e366cac48d4d156535496bf4887b4b492e1c32d7592e8f82f4e94133ba3
2164
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
––
MD5:  ––
<