Analysis Overview
SHA256
5cf4427b2ae3a6787776fbd91274228562b8ff2777bab4573916b4d042ab9926
Threat Level: Known bad
The file googletalk-setup.exe was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Loads dropped DLL
UPX packed file
Registers COM server for autorun
Reads user/profile data of web browsers
Executes dropped EXE
Adds Run key to start application
Checks installed software on the system
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-11 19:58
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-11 19:58
Reported
2024-02-11 20:10
Platform
win7-20231215-en
Max time kernel
690s
Max time network
617s
Command Line
Signatures
Detected google phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\googletalk = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe /autostart" | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Google\Google Talk\ | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Talk\gtalkwmp1.dll | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Talk\uninstall.exe | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Talk\testperm.txt | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Google Talk\testperm.txt | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70014784255dda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AE966511-C918-11EE-AD90-F6BE0C79E4FA} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "4" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02223E21-C919-11EE-AD90-F6BE0C79E4FA} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = a80cd18e255dda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE6B90E9-C918-11EE-AD90-F6BE0C79E4FA} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{62d14448-68ff-4c37-a7f2-31105a1be427}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{0507EEDE-3AE7-49C7-BF37-0EB4A62D8638} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{4c9dc108-c73f-11da-95ab-00e08161165f}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2}\Google Talk\InstallType = "1" | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{4c9dc108-c73f-11da-95ab-00e08161165f}\ = "IMUCTalkPlugin" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{38FDD2C4-9164-4eaf-8C74-24D764FF613E} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ = "ITalkFriend" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\FLAGS\ = "0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ = "ITalkFriend" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\ = "ChatRoomContact Class" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ = "IChatRoom" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gtalk\shell\open\command\ = "\"C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe\" \"/%1\"" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\FLAGS | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ = "ITalkPlugin" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ = "ITalkTunnelExp" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Typelib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\ = "TalkFriend Class" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{7a9d1480-c6a1-11da-95ab-00e08161165f}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{7a9d1480-c6a1-11da-95ab-00e08161165f}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gtalk\shell | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{65D12388-C5E9-468c-83B9-60AEA2E658DF}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ = "ITalkTunnelExp" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe
"C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Program Files (x86)\Google\Google Talk\gtalkwmp1.dll"
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /register
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /startmenu
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com/support/talk
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x7c
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com/talk/service/NewAccount?FromClient=Talk
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1552 CREDAT:275457 /prefetch:2
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com/support/talk/bin/answer.py?answer=41191
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1200 CREDAT:275457 /prefetch:2
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/accounts/ManageAccount?hl=en
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://mail.google.com/mail
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1496 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /startmenu
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe"
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /diag
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /diag
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tools.google.com | udp |
| GB | 216.58.204.78:80 | tools.google.com | tcp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 172.217.16.229:80 | mail.google.com | tcp |
| US | 8.8.8.8:53 | tools.google.com | udp |
| GB | 216.58.204.78:80 | tools.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| GB | 142.250.187.206:443 | support.google.com | tcp |
| GB | 142.250.187.206:443 | support.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | talkx.l.google.com | udp |
| US | 8.8.8.8:53 | talk.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 142.250.187.206:443 | support.google.com | tcp |
| GB | 142.250.187.206:443 | support.google.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 172.217.16.229:443 | mail.google.com | tcp |
| GB | 172.217.16.229:443 | mail.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.178.3:443 | gstatic.com | tcp |
| GB | 142.250.178.3:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | tools.google.com | udp |
| GB | 216.58.204.78:80 | tools.google.com | tcp |
| GB | 216.58.204.78:80 | tools.google.com | tcp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 172.217.16.229:80 | mail.google.com | tcp |
Files
memory/2292-0-0x0000000000400000-0x0000000000440000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsd1151.tmp\UserInfo.dll
| MD5 | 2b006bbf7c9295683eddfad40008be85 |
| SHA1 | b3f42a8e2ff172d51418c72811586b11ed589909 |
| SHA256 | 9e4440baf56d47ca4cc1f29e7a62d407d1f9524986160b30de5f825a3fedee88 |
| SHA512 | e1cfd739b7f8de442e2fb49c83569e8051492180780d92a4bfaa9c90b1444fd0020f9f596c12820642dd33cbee2c81ec793acb1c8dab1d1bebbe25b33c51efe8 |
\Users\Admin\AppData\Local\Temp\nsd1151.tmp\System.dll
| MD5 | 61151aff8c92ca17b3fab51ce1ca7156 |
| SHA1 | 68a02015863c2877a20c27da45704028dbaa7eff |
| SHA256 | af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d |
| SHA512 | 4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e |
\Users\Admin\AppData\Local\Temp\gtalkwmp1.dll
| MD5 | f341a096bbc785dc39e0170ff725a7d5 |
| SHA1 | 75b233a2fc20ff4a748c65b80c17188f63b9cd53 |
| SHA256 | fd23273a36db53e1da88e2b4ec84ffb720e54f9c6ab8820bf8937e870d64e44b |
| SHA512 | fe4a237a9b7b100e0b4ae5a2daf30989b3d6744ee7e7ba0a8a3c6322cf390a93fde3cfed79e4593e06f7ff072e1c207b9182623ccdb1b9da02cb412c8096b77a |
memory/2292-17-0x00000000003E0000-0x00000000003F2000-memory.dmp
C:\Program Files (x86)\Google\Google Talk\testperm.txt
| MD5 | cf41c3a04147fc650486a80e85f2444c |
| SHA1 | f98fcb580c775b8d902f6bf76f52a559af43d445 |
| SHA256 | d632b0b91898356488302714bebeb771cd765fa045f7a16ae925d2e99263671c |
| SHA512 | 4d24cac88a0baae5426577e18152d9a404cb525aaf3830cb75f0f1bbe868b635206f9f3e5468255b1cbe0ee761a24dc46b9aae6e0ed17aa4fff5c7090c8c8ed8 |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\Classic\Contents\Resources\Incoming\NextContent.html
| MD5 | 70e3aa6ea6428c65e2c99fb67cdf3c38 |
| SHA1 | 65cdb1fd2901446df663190a3ab381b1969cce00 |
| SHA256 | 773c0f0b634ec3106c09645484bb08cb2f18d316a6b6f805463feb3f892470c8 |
| SHA512 | b913c91987f68943487e6fac363d3abfe1a43d80ebc9838dac0fd2a06b14f0c2594a2abfb893a1f170a8d3b22272ec2e118b52c2d8492b94f1b4b6e3d520858a |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\PingPongPicture\Contents\Resources\NextStatus.html
| MD5 | 4a75b7ffdd13bc07628b23a1340db9bd |
| SHA1 | 80b6f0db8880ae484d5e016077b174a702550b38 |
| SHA256 | fe5006e8ad1e3dcc44588712ea4a6e5723a4cf6bbf5be7db9f04d25d91f62327 |
| SHA512 | 498b6451ac4cd3a7a598001a8486358582bce29479a6cc14e1fd3038d5751b81f5662340936b7e7594268662ac794482869f799de9144eae0a5c930820a83c01 |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\PingPongPicture\Contents\Resources\Status.html
| MD5 | c1659928c4171dcee82ba065549d80a7 |
| SHA1 | 6887fcdccea434cfc4247faee95662e201b9bcf2 |
| SHA256 | e2d9fa6e3e1044265356afc6369147a8a7dd68e030ba3d68e83473b375f1ee65 |
| SHA512 | a1a71b238e76089c5a4087e8451180057b0c32a0c6b2ebb6234d9d317630aa5d58df63d0e0b60b11218724b0ffa0fe023de31dff3fe83f95a58ea013fbbd0194 |
\Program Files (x86)\Google\Google Talk\googletalk.exe
| MD5 | bcd9cbf0621f9a6767276a2e0bf1dd15 |
| SHA1 | 802daf7cb7823ce7f36408f0fba01e2e75fdde90 |
| SHA256 | c0748aee57a79d1ad8a4307d3ecb03a517464d047cd5cc64bad299e0bfaefb60 |
| SHA512 | 0dd7dbb13c84e111b6c3a10629498724c4879f3b94a7d786b03009347186c8199791d0cc519d11affb89ff1ac3a1151d532bb9540a23bb0ad35bccea6327be96 |
\Program Files (x86)\Google\Google Talk\uninstall.exe
| MD5 | 53e18d8b7eaa839ee2619c73ce7fdfb0 |
| SHA1 | e2e94dd4ba76de214262080e1098497685c63b73 |
| SHA256 | 205577c95f4c2a9aa0aefb082e12ef98c865042feb2f396299fba338f302db59 |
| SHA512 | f3bb144158b7fe7253956fe3b3d87e353db2b2bab0f2c146f03f3d201cd8557c183fec09b76bb5354988e0890071f9fc23461aa23c0698b9b830fb93994a2f26 |
memory/2292-139-0x0000000000490000-0x00000000004A0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\2a76fc6f39dbbb2da6ee8064c08ce6d8ad6cbd01.original.avatar
| MD5 | 91d5e3de0a48f1d28d4f72050a99ea02 |
| SHA1 | 2a76fc6f39dbbb2da6ee8064c08ce6d8ad6cbd01 |
| SHA256 | bce7a8f3a90e7b484abeceabb81c932a01856cb825350b7fa5bf4c81beb246e6 |
| SHA512 | 0757eba0fa6bd44d6de804ee5799e379e059cd15acef84897b4c32a7a7d48220d9d870a4637de0a79a7872439ecb321d312aa32f9917021ebbf3c3e8f520c683 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\250915850e9017edc6e503c2c83b75715917592b.original.avatar
| MD5 | 46363431e0b687e017e5d5614181aa5c |
| SHA1 | 250915850e9017edc6e503c2c83b75715917592b |
| SHA256 | 1cbf77384a0af8d1f6ed54c3f7411d7b63a682e6d27b51c7def512642d037eb7 |
| SHA512 | cca8ffef787a4f4dc88e4d562d0ca8e824cfdaa2dd3d26ddc730ed12f15508cc6360ab3f454e6a6c36eec35800f79451fefa00a24c2bef012aff3fbb9a6ebe9c |
C:\Users\Admin\AppData\Local\Temp\nsd1151.tmp\ioSpecial.ini
| MD5 | bf878ef9cdc2291c18a6c28e6e4bed51 |
| SHA1 | 3355f518682a34e4a3ea613bcb8f97a4603dd1a2 |
| SHA256 | 19d584fa6d9a34a631ce4c654ec22b3611d77b481d157b1ae4d88c62e571537b |
| SHA512 | ddd99e822d950944a139c9ae23bcd1415311987b52b594fbec66e15dbe52ad33a162b22b01a7d9d56d3d0bc37844e296c9507aa0933261eb95a8db462ec6d529 |
\Users\Admin\AppData\Local\Temp\nsd1151.tmp\InstallOptions.dll
| MD5 | 08c82a46416a5e2b471d457968f53816 |
| SHA1 | 3e3897c20b9e89b279b4764a633f67955bf8f09a |
| SHA256 | 435baf3b7282c9110697a4916834ef9371dd29fae6b4cb8e19c19eb126562dc9 |
| SHA512 | 91e2055b91d04b2348a923cb298ac6ba3637de5038dc4f849c4d2f1665d17de9cd6eb6a97d42d0f894d65348c8fd8e79cd61b667ea5a78e8960347e8cc8db81d |
C:\Users\Admin\AppData\Local\Temp\nsd1151.tmp\ioSpecial.ini
| MD5 | c13556a3ea9413a1dc0e28ba82095bb3 |
| SHA1 | 3bc721440af674ab7bf0f8b3a73b7661bac0cefe |
| SHA256 | 05045a784034bfba83f93b22bd98f8c965c2d9754228e5382a1a558b0b24e6ac |
| SHA512 | 9acd67f0a5bee7c51812c2c8c0f017cf7d2c250b2c9a094a744b838a6538ee3d7d3575b18aea076b466c86088fd51d21e25e1ef0fc40c76ccaab08b03f823713 |
C:\Users\Admin\AppData\Local\Temp\nsd1151.tmp\ioSpecial.ini
| MD5 | 03b9632f5c96c0600dc9896890df2e14 |
| SHA1 | 01fa06a8773d9f55c16498fe568c169cd02ce829 |
| SHA256 | c2159279029737d8f1372b2ba703c6ac6ffcce616237840351db714ce7cbab50 |
| SHA512 | e64936e0039edc2652249415fda77a9d924e74e97ab1b61f79b8500fab95db2d7e43478bd32bac0edb7ed515867905018448094b014e3736b6f9073a89b2f942 |
memory/2292-376-0x0000000000400000-0x0000000000440000-memory.dmp
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SMJEMA44\www.orkut.com\gtalksettings.sol
| MD5 | 8cf6c45f7b59f309c141e9f6121efd2f |
| SHA1 | 7393fc0097f75336e5770fa737baf8ea152bc947 |
| SHA256 | e19b5c67a1741de87a1866dda95f615ff094d3eeaba7ac9543d4ba30e77aa3ba |
| SHA512 | 688360108329d82a51738cee59c5979ee5193cbb9094bfb82759de8d60e16ea6acda247d15058ea8e15e753a45b81fbca1d20187b9404f8f7dfd49920243591b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\analytics[1].js
| MD5 | 575b5480531da4d14e7453e2016fe0bc |
| SHA1 | e5c5f3134fe29e60b591c87ea85951f0aea36ee1 |
| SHA256 | de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd |
| SHA512 | 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\favicon[2].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat
| MD5 | 8ed27fe225c04668d8d0537cd76f92a8 |
| SHA1 | 8040d6ba3eaa9ab003c9bba6271e65df005592e2 |
| SHA256 | 99c95786081a472aff34ec958da884ac126ab5b4cde4101488edea79a39f4063 |
| SHA512 | 0f444089ec2dc7519ef9052691e38399fc25190e9f47c1f2c0f9ead9cf3f35ae2757bee1f720476b09ad79b3ecb21e4a04ede634f249092e2bb2aa944d76c1df |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\ClassicPicture\Contents\Resources\Outgoing\Content.html
| MD5 | 7d9b47b308c3468b0316dbdd0d0239a3 |
| SHA1 | 27ee361639343ab60756ce5ff3910b0cfc5203f2 |
| SHA256 | a9ed8d666f8df506e6e98a4d69f9eec127ba5f5b5d7c3ccfcbfe0490c0485c3b |
| SHA512 | 6154daebe24fcee79bc97a51f3b596f7c9094280c80ff488c3c1a3a6e4b5008f6f37f172211ed44cbbac4f4829f8f9871a10dfcbfee6c3bcca6403b900be76ae |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\ClassicPicture\Contents\Resources\Incoming\Content.html
| MD5 | 0bdd7958a29467d9d7d9dac173564552 |
| SHA1 | a6eb82a69a5e5b6c449d8f4bb6493fed50d414e1 |
| SHA256 | 9e3023315fb2184a4e15aa5721d00bfbcffd6fd83177ba7206781f7103166f8e |
| SHA512 | 44915cf5baa081cf592cc562106a93755a1c562b2e040d8b93d5d1b650dd36e048c5b20622afb4e3c801f687b118e6e72a5c1af5d550bf45741bed3157cfeb5b |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\ClassicPicture\Contents\Resources\main.css
| MD5 | e38f05caa4f6d86fcc9ab2763ac09c15 |
| SHA1 | 82ce5ea87e92805b25fed57a5f3d7bd9aef470a6 |
| SHA256 | 09e2620c3e93a9e7de8072970f85549d37f26a70c13a1a4bb50b19baa602378a |
| SHA512 | d535fb39c885a5225a91539c2cfaa0b7127867683237f87b0beb99e7a254674739bf88d7cde29d3088ca55672afe7365f5cad9e24625d67317ab0bffe64db153 |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\common\images\blue_ghost.bmp
| MD5 | 583c72dae3b1f5f21b2134e12f9e47ea |
| SHA1 | e8fd12370268e499e5f1f6cc0250573f29dca08f |
| SHA256 | f5f319ca39f354d9f12e26de9ce85c0d9b916f56df0b9bbded770ba2c47e10d7 |
| SHA512 | 4d053f3f432c75d1661973d6cd26ae3d5b00fc5473561dee72845ef3371712e3ddb594691d134f0da3fe3e5d8980d01f7d03e16b7632485060a5ff04d9c7f21f |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\common\images\green_ghost.bmp
| MD5 | ce8a2c297cb25282a49617dbaefa1257 |
| SHA1 | 8f1a31cd9d92a14d073504164d2bec6c02cde235 |
| SHA256 | 40d92d82e62638a920dca835f8d3938f110c59a49b4c55f0a9fabd10cccb6fc8 |
| SHA512 | b403027a62e5caf129dd4b9e8678c5f97966d5d666fd1b4c5a77eb9084b5b66034d43f2db66a902775dca33335651928a1c754815b761943412977d7c262d45c |
C:\Users\Admin\AppData\Local\Temp\Tar2ADC.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab2AD9.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22f9432b6ffea6893c18485ac0f3eb2c |
| SHA1 | 3a304d43f8a43721115adb6b18559f7528fd2a24 |
| SHA256 | 7b79039102ff45563531a2c3e79ac0795e4aeda20d91d07620db44c2567ffd21 |
| SHA512 | 2121323b461d9c02ae6fb9416220209323ce3b3a99c4fec12ea1705e6d52a8b3781c5c9b26512813d89ef4d675e4e158e5b3339da6ccbb32fa34b497367bb481 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f90af4066ee700e26ae12ceedfe637e6 |
| SHA1 | bae28e4a1834a2059a05a3b4f3004fab00fede2c |
| SHA256 | 7709c5fe61ac98c1b5b270c23c820223a09aecab07921c32a0caed1e83941340 |
| SHA512 | ace9fcac7d0e998741034cfd27249c17d2f8f81f5c6186c44371906cec30598396698cd10751fa55512379457c3a6b853b12c2930023eaf3c9444efbff6d33d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb39e0083fc3b4bcc51bf0646194e7f6 |
| SHA1 | 524a65bb626be5ec7de2842ad10845bc0ad874ba |
| SHA256 | 87a00984a049b1f8ef61ce288c9d3ae9377cbfb8f624558e39ae314a8659b764 |
| SHA512 | 2f55096968d75d7d454392907dd3bb73052e67f1fa2a767d5189a4b3881f04fa2f5806c5aa183b645c71388000aced4f9078e16908de8239d9094a6f79de7990 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38caf83c4d4df6e61b7b648a5e8da673 |
| SHA1 | f97afd679efdd153a72e6d3b46a051432391f0ac |
| SHA256 | 5240123c69b31ef8e03470a8ac256d409e96e0d0da2feb904360fab8fc4d1401 |
| SHA512 | 8c0571bffeaa308097bd3c103dc43fd2f9a0e399286a2ebf8739cda629517c08f4f3ddb97bf0312c7ae1a424fc9cbbccac9b8b9b78d924fe9a537d72a07c73f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e486ffb52a5a6d5177be1c586fb77b32 |
| SHA1 | 4a7afc81b5c2483fb16cf19d86fc62cc8f3306df |
| SHA256 | 8a934bc2b68f6bd44f1e66579d7b79068c93b229638720f3707283e9ccfba69b |
| SHA512 | bced85992060dd3baae716017bdeeb178ae71911d664b10822366c6fc44515bd956db0d2774c8151a4f2e0f613600dc552055e273c7c5e60d37ff2f2f7792592 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 395b82ea3518bae54c150331a4286577 |
| SHA1 | dbb84fd272efa881bb4a2ad5c5479a6340cd9977 |
| SHA256 | 1b6c779652cc8a23706782642fe0ae28c05e6bc11471fb171115243ddfc0573d |
| SHA512 | a4cf2f3cdf8245b29e9c90e03e69aae33e0e1fa858980618ac83cdccdb1471bb32b3d07ef46ac75ca9550b2ca8618f9ccabb9e5549768c2df611bd6b44e7c222 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fc16edf0c17e6cccfbd700c35a46b53 |
| SHA1 | b2b97bbed97e21e8316a7fb92f4cc15e6ddd6832 |
| SHA256 | 03a261129b4669ca9326f189611b45e551992325c5f877a6ce4322aafbdbd333 |
| SHA512 | d10d66dea1ab13ea01c39d7473d3aa80ef2fb4863fdb72d3e771c87aa9c8dfc43a0e7325f6409f4a9c3dbf87d8c557218ea39eb83df790190371d73f96b73a7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db827149310e844ffd8fdad62c69dd97 |
| SHA1 | 5257bf56fba37bda1140530a235be6e6b78f9657 |
| SHA256 | cc490b12514d58e54a26d4f02746ab4c5296f128d46185f0376672bf95a14a98 |
| SHA512 | ae548fb6c72a3d217afefa6f077268e4d1aa6eb2b1dbe337b4aa2546069ee2e7e2312b5b8e0d9042610251a3e7638c0ae24c20cc2d59b1b2e6b9edacf7fd35aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27e3afdec8e288b93dd562ca4da4e035 |
| SHA1 | 8fbe4b61316dd8828b57826827a2a98b52a428f8 |
| SHA256 | bf81c886bbdc56f59a9a1989d3a4a411477aedffc4a52d8310682ed5c622c942 |
| SHA512 | 5320f56d87003ac930c4b5948e9b7bbfb8f1664ed03ff68f75a4c6ec332607c1812aa227c3f049a8202b95e0576a1b581d5763d7123556f34342fa3dba54a600 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dd6f230e2162d339258c209cffe187d |
| SHA1 | 663e43a88e0d633569d442746ddb6f28b4af1808 |
| SHA256 | c65e8a1be4fa2e6db46d853ef239a57dbd19916c589ac0b5231c0e41c8117eb8 |
| SHA512 | 8ac61d3fad0e40fe77422851cc0707f27f0ea10a542847d49a542ea1b27ad2269d14315b997a7db994b5ec25f206d65a3ccb40548e43ba4b0dc46e89edefc4cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c334fc11480a977449adda5f6980e976 |
| SHA1 | 15ce378b042392a6d5b6cf3d8423bb2e84e74d49 |
| SHA256 | efa8141a44ce4150e951cd1e963aeb49d4ab2d165c3065ea19e150c6d234c9dc |
| SHA512 | 7f7f18c6e0eb162b104f03d72bffb8fb86bcca1ec6206ff8dab032134f628b0832fadd848dc505d237c7a55573349c916b2b8ceae8d1084ef71025377270c918 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AE966511-C918-11EE-AD90-F6BE0C79E4FA}.dat
| MD5 | d9d0059c150d7dbb5724ad3b700f928c |
| SHA1 | 41274e8d10ff7b348f1f59fd0b76ed3cc9f15995 |
| SHA256 | ce159cdeb09d36014b4afe53b6ef3d66a0215b074734cf9ced47609726e48274 |
| SHA512 | a4ff6be794ae705b98665145858e5ccf8451a977c1e1ed7f58795a2ad21ab0b5b260b88a30c6e2382d4942545de14f1df43904f567c4dc44b681f88a7512c4ad |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UWDWTDA5.txt
| MD5 | 7c03306df244d5d915b722bb6390ef06 |
| SHA1 | b432977d2fc6625c1f8bfbfe44e328a16e461fb3 |
| SHA256 | aa43e86d2bc60562589edbe15d0b66cf4558d4880b22830a15b3585c52b35f91 |
| SHA512 | 3e00c610cd99ddf896a64087f938441acf7eed0b0cbd688e6434e4a65770ba5bd970a656d1e0d8723732c034019423b700a55882e6b16949a684ea30ee5d89e7 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{EBC0A870-9B54-11EE-9B7F-E6B52EBA4E86}.dat
| MD5 | a26de619fbb3c20b5591afeb1a4e8cb3 |
| SHA1 | 3192ad1ed58d6508c62eb0d0ca80930cb5cd27bc |
| SHA256 | 413cdef11d1606a79e4b43627e4d22a9acd7bee069af84c3173163645aecbcb2 |
| SHA512 | dab055686d8583f1fead40a4598633f1d634aa76d9d9711c3d79e9a8e1e54e488fdd88ee6356956c049a095297ef2a50a453fca7ceb936fbbf5237f0bdd3c990 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{AE966514-C918-11EE-AD90-F6BE0C79E4FA}.dat
| MD5 | 8ff6fec953b84b03eef7f6351e61c884 |
| SHA1 | 3e57e2d3781b41c509abcdaed7262608c02f7546 |
| SHA256 | 065da12c8cc231cddc9f4a70f2b80efca0a8eaf5855abff539f32fa1b3989be7 |
| SHA512 | b18697a62a91c70a4145a5ea04e8e0791d75dc3489d06b23268408e17c4d53999f54153d8fda719cf620d6137c3b0653a01fd734924a2615d22d03aa75b8724a |
C:\Users\Admin\AppData\Local\Temp\~DFCD78EFCEB5C907FF.TMP
| MD5 | 759001dfb7f8e323c1edd4cfe29502fc |
| SHA1 | 804604d5c3e44662c704001fbd1e49e83616f3ce |
| SHA256 | 0c1faab20c8166a0b8f1979f2fcc1173807f90d28e77dfae6bbeb0399a26e807 |
| SHA512 | c1a93d4898c69b2a1b2f1cfdd36a8a79e1062b139817add0ca21ad0066d7492c76dcac5483e833d05a2b3b9590f9316d6d98e454de242bfacab4ed3ee5d61386 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a71df4fabe657b8288aa98b9adf9fb9 |
| SHA1 | 8df9a6d994afb26de5af7ddc7efae5b6cd408d67 |
| SHA256 | 8e6a61c587848c8bf66d3420460010dda3d13630a5ac0d9178d8cecd10980fdf |
| SHA512 | 93666241a779d594800fbf090e1804f6f21974ebfb9857f7e740213174a6778f785337ea1c579332992a7aedffc33eeaee56d6ca1ce6b76821ba4e9132d03b77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c4fa75cb131c2baa500726c3c9f1f25 |
| SHA1 | ddf1528123d80a55a88f4473d50b6f4c2dbd3d1e |
| SHA256 | 359f1b3539644be3b334703a3a1a4fbd15690838b36fd553121afca2daf44b93 |
| SHA512 | 8703caf141dd51edc9ecbfad1a04a5b58b0f7477ebc4964f2c8ba1a308ec71b38d9dc6a1a9bacd570bc48459c4123212f49aaa2500939943fe06c0861c06141e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa6e8cc9af9ac5b95ca7349cb63b33a1 |
| SHA1 | 6ddef02153bf27971e13e1facdd300d3ff11944c |
| SHA256 | da4e7c162fb6c094bcdfb55c193729759ed4a3ba2fc9043b5697dbc0318bc26d |
| SHA512 | 244aac6e1c1c07c237b24463ae92ac0c02c68e5f699b918e5d41094b7be42fcc235c8ea7719978cde73397a0d32c8bd7695129701154fe9baa10ed3858b46da4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 190704ea185a851420c61db9428f26aa |
| SHA1 | fdc35aa255b1206a020131cf6838c5eafb3b5769 |
| SHA256 | a7c733fc2a5d4454d2aea7e2fd8b1ac8a924d489fc653fdd22e5b4ec2b46dab5 |
| SHA512 | 577fe2ed0f205fbdc13e5a3bd421c8a32052e3edf6fad3bb907ea06af25273e7b23e97df9764998443befd2d65a4b7d1bb43077ee81c9c48db1d6690fb6bc937 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6da7db30e3d63ec24628d90d5321854d |
| SHA1 | 3f18a680dcfcc59a93a9c999d6b107546c573650 |
| SHA256 | 0dd628525317fb00d2712df32fd1986028463328b479e39bccb7474ea31bcbdb |
| SHA512 | 96657408212d64d947588cca3aebd83c429f0b6d81d7f4839bc124ccdf622062d94d5621c222d2c38b8df1ebee949ebb1977fafe1104e8bbf354c7f48a7f8098 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f314a70a163fb51b915bcc9625872de |
| SHA1 | 5cc7a68efe65b6b6dd5536bf749a0cf78754a908 |
| SHA256 | 3148d120b84cf3175c57d399cc88fab92c7b228ed2495ef2595a1e6026b503e8 |
| SHA512 | 1ea106acf10ebdbf0085b16704c5e72051d91b540e30e91775400a5f4ca2fd81caaa3fe5036121dd3f441884658955322ab41aa6ce7bb0ceb52614882a06e5f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 236c1e86e5dff753ca68fc802fe5afc0 |
| SHA1 | c97b2dd9c82516d960ee63a105782fbf45d94b6a |
| SHA256 | 5ba3619773bb88c170e9b634347e4d1be2a5df3523877e910028bf64afaea3f8 |
| SHA512 | 279343452bfb7d4b05d1166a8e975c8924b451f2f320fe5bcc510bedc101c78ebfe437d6eff486802b22299895c5df9f7c22e6406353675b55eeb110f463c590 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2a12d5444e22ca2ef9d7c083da0a2eb |
| SHA1 | e716c9e342b266f1fcdc5e318d7695ce64822365 |
| SHA256 | 7480d1333bf4923fc0467ade1984418c15d4a5c96dbaeaea288eb4e009625d91 |
| SHA512 | 60161869aa37e5cb6159034b64e53904b2bcee7976ca488a658f4727b4b6ff8aa7fecb3daf499fae0629beaf21a70d271efb544dbb199d30ac44bbe571626c44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ac677d709ee1aa486d401f96616db42 |
| SHA1 | 03aac77aa363b3d23da0d09887580dc5c33eeb45 |
| SHA256 | ec35a556394cd6fcd3cbf7a3ea16d8ed37b85a34c4d2a98f4e4ead4f988b96a8 |
| SHA512 | 48e91fb49b9fb627fb43d02b4e08dae241affbd1457c7baa883498c9891e26f6082640c02fc21c23cce9299a4e6c3a0467b0153247a9ebd4f6ee5d47cd1725aa |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BC0E83D1-C918-11EE-AD90-F6BE0C79E4FA}.dat
| MD5 | a2f9ea75e02d2a0c9705b976e6f652f2 |
| SHA1 | fbe94af751f257a3857acd7394e5f0ac14fc3788 |
| SHA256 | 744fe335db5218a6e51ffbf77601ce5cd11e7f5a1c4fe3485402e2bf53e2c284 |
| SHA512 | cfdef8b70c15b30eaba6dcd95039fcdea98d9dab78126f803efe54d7c6faf4fe8a3e6be4749ac97abecb244004ab01db5fb8e7393dd7543865e826a43cfc6aff |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\57711WD6.txt
| MD5 | 86417d9ba5d277140684d9e90c5cd801 |
| SHA1 | 03425cdb31a15c6c49e2a34cbe7fca6ead3f8bac |
| SHA256 | bee2d976ecbbe716a876a9ae524f5f4286175200c824dd81ca31f16ec247218b |
| SHA512 | 2f91f58e565fcf7827e0cb80e89a2b2b9b1d48f65d4445c2b543f9dbcf74d17f91c4ca0f6ae16992d5fffa5ba53e9003eaedd475529e0913e47150e2ece080dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 4b61d05e6fb2ed6b899b2b11e562ca94 |
| SHA1 | eef3ac995253d24be6c2b775db3c33e7bbccf6dd |
| SHA256 | 17477a73821f1a3d38bc80f9793711109ce3365b831323626f08cb243e8f3002 |
| SHA512 | 35e3ff1f272ed3176fa5a3299fe709f85e2cc8cdafb0565f5dec39b9a6be77dd1814e7d7160b8d9acd6415436e579abe5f66d37cd204754ef24c51aae351d947 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f0859712ce8b1bbbfe6fed3a467e6d0e |
| SHA1 | ad6d74a218c551fc3e53c18969fec65af1b5a1aa |
| SHA256 | 0a070ca04503bbe1e66dedd1820cd58426d5646d64f3f7a724a0b73544823be8 |
| SHA512 | 050b7124e6719e220be70aff2d4a005e8b061b543bbb0672e8da0b5508dc6e5e82a14fd9f256616792670f9ae873ac574fac58fab61c86262aa10a38de36b8d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 59aedc3f6a4369d1a6d89057c5e65052 |
| SHA1 | bee69ca2b44fd67376f631580490f6ab6f203db2 |
| SHA256 | 5679b01327b65566693412ab005ac76b193eb6725cca44f7e30422c1defbb6ea |
| SHA512 | c5be90449e18e1acdb8f4ea3fc9f2fba3b1368992b1631c36cc81e88ce01b546c76a1928f3add7bede1e31a10746f5d80200c66a5a49e320042113ce26325e48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c176d20e693ef3c81002f70bec555078 |
| SHA1 | f2ccac101947fdbdf1581a5decd3f7d1974eb23a |
| SHA256 | 77f5106d7591bc264b30a169b6cd9a255cb848dbdf0af89254bbf5e2f976dd3e |
| SHA512 | 4631e847ed8f366db57b7f581feb296b865193731d5b005573a12114a09d451b6b9f33542b3e602d433ffa25f10a01853b896823ef472ce66ed58abaa42e8105 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752
| MD5 | 34f9a286be647a6c0df072b2f6e182a5 |
| SHA1 | 0ef0a28d7bc8f2aa5d32f639f0c3a6c0c21b9bf3 |
| SHA256 | 1e7353c40e20d1ffe033d847e0d52ebf47043299cbe20948af8319e1e8f8cfcb |
| SHA512 | 995f1cebc1b225f3590dbdb8d56c3ba9e809a6f3352b261626e2c4faa71a902012bdb8813e9dd029bcd4a323a4f757b9c8817ab6fa43ba7af0c86341fcbb0b40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752
| MD5 | a98babaee92773f269f829eb6c42c878 |
| SHA1 | b3215d1e521d933fc6246cb8280e1b582fccdb18 |
| SHA256 | 60def392666afc564970c807c7b92ee141913edd64d5ccc8aae00213c0fb2ab9 |
| SHA512 | 7057794c0361b9d941e6ac29ce757338aee66d40293109a2886799fb87792b93f0d78dad47b2508024e1cd73ecb0020482dfd82425b8f949890ab1ce1ddb7491 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\js[1].js
| MD5 | 2cf95a2e17e3ed3a13f6b60f5a1f8620 |
| SHA1 | 62a4be6a3f29ceba2a0330b2814e34c091f649cb |
| SHA256 | c61b5e0471de4fa33d2e9e32e2b8ba78776866ed8163f3a199ed8812e4f8370a |
| SHA512 | 411e86ddffb2568f21bfe141b110035affb79e03fa508437c4898684da8631eace82fb7b3a95dcafddf6534cb2e3728c8e0b292d4e821f2bba267ba5b6269981 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4
| MD5 | 7deef5b7ffcbfa20a0467ae75e5d116b |
| SHA1 | 02c8688f2e2520897d02d0b3305c2d8c05c954b5 |
| SHA256 | 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e |
| SHA512 | fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4
| MD5 | 395b979925ec907200f730d18e54a78e |
| SHA1 | 42429a26d5ea0adc16ab3ad719a3785ea26132bf |
| SHA256 | 1d7cc694e79b63ec2a929715dedd3c5a4243b5c527ae7b29a546a311eb76a8cd |
| SHA512 | 4ade5546ed226e182dff0994cb4efba0e3ab3ab0066052697c7d2d6131459b3f82df0a03e753ed4eb6bbc796458c957e5357f108096762eaa85d37fc148fefdc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\KFOmCnqEu92Fr1Mu4mxM[1].woff
| MD5 | bafb105baeb22d965c70fe52ba6b49d9 |
| SHA1 | 934014cc9bbe5883542be756b3146c05844b254f |
| SHA256 | 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed |
| SHA512 | 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
| MD5 | de8b7431b74642e830af4d4f4b513ec9 |
| SHA1 | f549f1fe8a0b86ef3fbdcb8d508440aff84c385c |
| SHA256 | 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a |
| SHA512 | 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff
| MD5 | cf6613d1adf490972c557a8e318e0868 |
| SHA1 | b2198c3fc1c72646d372f63e135e70ba2c9fed8e |
| SHA256 | 468e579fe1210fa55525b1c470ed2d1958404512a2dd4fb972cac5ce0ff00b1f |
| SHA512 | 1866d890987b1e56e1337ec1e975906ee8202fcc517620c30e9d3be0a9e8eaf3105147b178deb81fa0604745dfe3fb79b3b20d5f2ff2912b66856c38a28c07ee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff
| MD5 | 6dd4ad69d53830bdf5232a13482bd50d |
| SHA1 | 6fff1079d7e5d02a2259cb5d7833e790239e01cf |
| SHA256 | 5ce48d9e9d748ad4686094d3cc33f5ae1e272a5b618f5c6d146c4d12ef02e4a6 |
| SHA512 | fc91e8c4eae384d38667e330c5a5e4bf82ebac9a23ab88439d7c22ccdd125de7f1371dd953f18dee60ef68b680df49a32f684157d90f20e1dac3bffc9df84118 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff
| MD5 | 08f80de0acf68d82aabab974a47d9e5f |
| SHA1 | e6f1c0f5395a9c297aa162468961c1faf0ec1ed9 |
| SHA256 | 4070911a1bb9cc52c4e4cd5e85ca186dcde89308a0517a8faa4715c2e0a9d45e |
| SHA512 | 720de47fdda648af7ce5f3f574efa3322191c4d0001e31181739d65ffe0cceced56635af58e5e828072a17eee1ed1e318af467b8ed7f4185ee0f5155501cd8d0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\js[1].js
| MD5 | 715773dae4a559a70299f4cc7a53d44e |
| SHA1 | c63965cb854ead93904d27ce684c31b501a6875d |
| SHA256 | be8e652990ee9b9ae0cd951fe226ea3fc29eb26590dbd12698340333f2448eec |
| SHA512 | f627ef663bfc3537726fcf49d1543ea89c7803b3f999da0d44e0fa5ce8e32615c24ce637f67b336bf54dc4a85a9c6133de76878dd3d2e1ef68382a537bfd9424 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_815674C50DEFDD465FD2EC6CA819A555
| MD5 | 2717bc0a4dfbb65053ba0df2008fa5f6 |
| SHA1 | a1809c061eb21b3106774e60584f9fa824296180 |
| SHA256 | 5f5ebe2737510db0a37bd9a4782206b3e32d99b7d4bc356b8910cacc7bc75c82 |
| SHA512 | b42815265e2cb059825f6d3cfa9458f1157f36e96b5242ff8bf924f94449cc326a7d7972a27359fbc22f2e85c8f28e9d9c0a14c1aed0572bfa2b71520bf9970b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_815674C50DEFDD465FD2EC6CA819A555
| MD5 | 0a0225d5bb752433a7fad17c4e8708a8 |
| SHA1 | 6166666fbec431c0fde392d73f1bfd9018181104 |
| SHA256 | f34d3e252bd621b4f07c69dd69fd30d2c179ff451820d2cfb1a671192daeda25 |
| SHA512 | 598f74161a4959c6b0935919c1f5ed4ac4d54fbb19b782b284a61aa34711fd0ea1ef81183b72e82de2c2030f6d50ae009fc34beae8899013613a1a986baf2167 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\cb=gapi[1].js
| MD5 | ec9a3858b2c06b17c4811845c37209c4 |
| SHA1 | 2df320ad9daf33dd31e6381906f7fdcb598ef312 |
| SHA256 | 421319127de46e1ab3f62ccc60459a5c53a5ad462e5bd62051cf5e346ae26231 |
| SHA512 | a8ac445f151e4a56d1870e7d0a0b3940672a4b6a2b4a1426e6764f8b2ddbb61427b275fd2797373834d10076b50e06e50f509e2b8ee1fb02cf4a936b7e611b49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 53d91a9c472f7c2a3a7cda7a4eee13d3 |
| SHA1 | 881dbd3adf35c6228be6cbcb8f6770eca977fbd7 |
| SHA256 | fd145dc7b90d09e280ff28c61008b6b9d38b20ec48021a35e628ed70bca7c79e |
| SHA512 | 86b6bbc4e6e5237f26d0650b9246d5138efafddb9a3e022f9e48bfc00d062d053f2314f90730b13bf15d3d71e041a97ccce39e97b325fa66de49ff1ad73dd2af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40e8634617146fecf91732905d463b93 |
| SHA1 | e4a6163978aac1f617a8dc7693473cd0fd517952 |
| SHA256 | c0b5a4b1347be48d98eac1503aa6267c1b291f054748679ed82ebc2ef0e9ede7 |
| SHA512 | bd759cadce4fd38600414f096fdb1c7503aab48e01c4c282f7c14a35b4a7985c505e8eff83d2a7ff677bd577312526a990bf9b19af8d274217bb1f75110664a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c46a3c406335cd58c3ca3f1ff2b5ccc1 |
| SHA1 | 542d124f57dddf5661819904d29cde77dbdfb0a4 |
| SHA256 | 89422b218891aaa17436478fbf88b3863473fa2ac22dc66f44ca7bfc18b426cb |
| SHA512 | a67f27381931f74c8f679924358512d07766fc45aca5e605f0ae5b7e5bb552c4acdc51a729e6abefedcf7b9a4f190e1ba5cee669869548e8688485020d464222 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f2afc2e9257de6028313aa67fa89826 |
| SHA1 | fb71eb8a5e953ad9232e6b6a804ebac89d30823f |
| SHA256 | 62538ef47fe7d6a24e2c257b581a2b4a270aa0977b53d9387b0fa2a8cae1bc80 |
| SHA512 | 9a5068a392b0b709ceb80b05e2c73988adf70d5ccfc5b8a5ff8d2cd619cd72d09457930935d2646a367d644efd6727420d09d6a0b7a6cb7b2cf4d1f71bef3155 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a67539c78a100b1c5493eee7dc9ad42 |
| SHA1 | f7260874276773cb1dffdc240f666fcd26714cc5 |
| SHA256 | d7197b76bfe2821c208d46d29130fed5e53e7bc3251c4e023ea39d4359fa1d6f |
| SHA512 | bce74ca356949fb1db51000b7d5b8bcc45229f6bb2e97437be7713c6de0670558f5d40c2bd203c350502eb945ee33fce086beafb31080c79034bb3e7d2f0509a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9db0374a412cecfdcd0137cf84b47bd5 |
| SHA1 | 9d34ecb866faebcfaeaf1adeb79daed421065c51 |
| SHA256 | 6d274d8d38a5f6d6f35b693f8e3cec0a8a17cdbae9d88c7ea3c157ade9783107 |
| SHA512 | 91da396be61c537b874296b939a28be6660d0899763e9c24a88ae10288ab7c6d66034f305f5a1d97360c5fcf6ec3beaa3b45fc7070a926f8d3d3bd8c016f6685 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fd365aa6c2f890d737a3d1a714adbcb |
| SHA1 | 31bee97bc4c4fea29d1e47255b884ef171587c10 |
| SHA256 | d1c9047d484c8b2332dda8558ac75e8c3d6c15a5db6b36ea47eb1fd689b6f34b |
| SHA512 | c8c38d1d458d58c761fba0b47acb7d016cfb9aa57a5bfd7736fee7a638d78042df8768d0bd3b8c9b45f8b6ad55652960976b9f3d2dc344078af1ca96d847bf60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 522784b18d5612b5b1a888c13cf1a632 |
| SHA1 | e7504450cdf0fa1c6746b20cd32573de16668412 |
| SHA256 | 6d3ffcb55400b7038cdb08c8f640064544381308845e65f0f2e621ed770bbf40 |
| SHA512 | f1c135b48e8a438e6f871688b6d7d74d3d449f724c4e695bbbe7d83bf525d45516feb881609142b627c3ca3df860428ec1c0b5c4a7627759062b432ee32ade02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 111b57a1719701a6bb3c37e7ed75eba8 |
| SHA1 | 52de1c46afd49d67b0fc79bdeb5aa3e3c24b5abe |
| SHA256 | 9578073fcfd7e90e068d78eae5adc2fd18cde079bd9765d65758e176e6d8d3eb |
| SHA512 | 36d64dddb1cc22201a202a8e28203ff004c9e23566055ddf2815ac8bac2752aa0fb115f89872a4788448f553ca133487c58de5a99d40b4cec2cd9a6eaeec268c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fc43988f513ffbacb1f6cc925eecf43 |
| SHA1 | 52fae234de920e784de65d012d0d0a973bae98db |
| SHA256 | afb741dd20c8efd6cf076cffc44fafa3b023be1464fc0de6dcbacd884e82b95e |
| SHA512 | b982e54880c905e9fdfd0a1a2b1d72712798ce05d91f6d15e3f2211789dd28374cf35e0595397a04fc55c7382fcc2ebb0bd81d4524fa3480720ff0bea1bdf17b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 70e1ab325f687063391b7bc8ddced62a |
| SHA1 | 9b52de34f3531694e790f6a3026bdc285617d005 |
| SHA256 | 2cb7e3dde437cc1853d6a2d583b894e5e668d72e211855eb4d881597b202e78a |
| SHA512 | 057a7cf93488b7feaa2b42062cd7ad97c1b3187d980cf87a2f60831eeb1110688513c4532b8f5d02b7e8a3c2c734b7cac52979d071c25e242843445bf8007250 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1ca630d1f77052f366e5810440e6415 |
| SHA1 | 13c3b83e3cebd4be8dfcfe6b788b07a3ebacf051 |
| SHA256 | c12fb494058cbfee38eb455005356f7b007e349911246e209be82115d073fd26 |
| SHA512 | 1674c00117f4bdd89e1e222e35c5ce00de5177781134ac94584a5c9a9b975c1738e647273507b0f0a870c313d708851afcbe44dcb3803013cb6f3d58978aaf9d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{EBC0A870-9B54-11EE-9B7F-E6B52EBA4E86}.dat
| MD5 | 9f14b10d61d93d4b3f3732b3769d140c |
| SHA1 | 68b67d01441bccb4b13b3fdb794dae7ba2349903 |
| SHA256 | d131f856c561cac1160547caf0eadf9e80d63a7f59ed134286b2a3a4e5aebd52 |
| SHA512 | 72c1600460e70b8d87dcca681de532b9337bf922ae1b9c677e82342a0d1f232a15b6e49b9df35958116821b97c138d31f6039ade04a9d5cdc4667b80da11aa62 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{BC0E83D4-C918-11EE-AD90-F6BE0C79E4FA}.dat
| MD5 | 65e7e9ac288384687fbe9dc2d5ef210d |
| SHA1 | 2dc312963c6e480d02861c830fbaa9491607b993 |
| SHA256 | c93f511dc1ff86b61138ab68ed1b52875cf2f030a0c00b6fd984f2ef0a10ae88 |
| SHA512 | db143da24a9ea5463a60c373b0a26bd705e1a3082e4f3d3c0cf4e486d386072b8f5738b4b07e81b7718093162bf32873bb41296bad1a17b7c30385600cfaed84 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KRKOS8IX.txt
| MD5 | 2dfa7980a71eacaf97b1ec97025c9dcb |
| SHA1 | a414d020e1686f0290ab1974498a64655c114eff |
| SHA256 | c2c338d97e16527e6255b1e99a26053274ec0614bd86efd850c9c38ab8a9ae7e |
| SHA512 | 75b262197704b4eb9fcf6fb0705f3936fc05abcd4e27f21c65c7dc1b7b1a5b89e811ad40c2f3f2ecce0e2f35f79a3b5beb5793702ae1a0e82669917c7e038882 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat
| MD5 | 0b578d06d231850d9e8a8c75a44e47f4 |
| SHA1 | cba40bf5fc0e4ae72624685c298f7faa0c7426ee |
| SHA256 | 7319a8c405854410ac1e8ffa0ef0731a1346edc4eff31d2db6c83c557d9282e5 |
| SHA512 | e6e272ce82e0504a3a1837357bd332c42cf1138814ffd9380955cede5e66873489a234fde38b6e9ac0b3688f33adc7b45b4a5c8b900389e8ac8941bad2bcf5cd |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HO7OC0XU\accounts.google[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_5715DE550AA680C2FBA40D3A4F6608E9
| MD5 | 44f23835971b492cbfaf7184db5be525 |
| SHA1 | 27f5c46ff55cb37e36a4a232d769b1bab24f8a6f |
| SHA256 | 1661fba4de98527f05d774535558cb8cc921add4e29e6cebff25d0a2ef83a310 |
| SHA512 | 20239d05b6058e9d2bd7c52ae3b0e9965385a9d934bfe02da60e76d10faf1f14a820814c424cf75649a6d51ed3d4d6dbe403c58d1d055f899d2012f3fe938e1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_5715DE550AA680C2FBA40D3A4F6608E9
| MD5 | 9c5830de61644abd81b6a8e3d0dba742 |
| SHA1 | 965f88b48c997da78241c780fe90ff6d8a93da0b |
| SHA256 | a99373e1c5a5e12c9b6c72e73171e4037663672515a09220660dba970229a748 |
| SHA512 | 74e86c066d849edc3d02d55cfc8920d3461a9c38ce7d88fa9ec5ab8fe85899561b14b0703311b25311036fdefc7179e4a606570975aaafa06d73c6dc69327749 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\gmail_2020q4_32dp[1].png
| MD5 | ce23c4cb379c32ae54df13ca22de161c |
| SHA1 | a8532339309e8572140f4ce343caff7b187029e6 |
| SHA256 | 1f00bf732dfc5a8c7885885117d9c3a44f25ea1f31e92c52237c76d7bf908525 |
| SHA512 | b7b6f454a0bcb56b9eed5982f3355f528cffe63bed62d0d884dc3259dcbfdc706dd827acfb0a64fdcd9f610965d30276cdeb5fcd5dfe2e5ad413d7b150ec61de |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-11 19:58
Reported
2024-02-11 20:07
Platform
win10v2004-20231215-en
Max time kernel
531s
Max time network
533s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\googletalk = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe /autostart" | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Google Talk\gtalkwmp1.dll | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Talk\uninstall.exe | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Talk\testperm.txt | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Google Talk\testperm.txt | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Google Talk\ | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82ec66ad-6a51-4aa5-8788-dea156a4580b}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Google\\Google Talk\\" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ = "ITalkFriend" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{7a9d1480-c6a1-11da-95ab-00e08161165f}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Typelib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{65D12388-C5E9-468c-83B9-60AEA2E658DF}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82ec66ad-6a51-4aa5-8788-dea156a4580b}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gtalk\shell\open\command | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ = "ITalkAPI" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2}\Google Talk | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2} | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ = "ITalkFriend" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\FLAGS | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\0 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49C7-BF37-0EB4A62D8638} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\ = "TalkAPI Class" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{62d14448-68ff-4c37-a7f2-31105a1be427}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2}\Google Talk | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49C7-BF37-0EB4A62D8638}\LocalServer32\ = "\"C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe\"" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49C7-BF37-0EB4A62D8638}\ | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ = "IChatRoom" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\FLAGS\ = "0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1676 wrote to memory of 536 | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 1676 wrote to memory of 536 | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 1676 wrote to memory of 536 | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 1676 wrote to memory of 3532 | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | C:\Program Files (x86)\Google\Google Talk\googletalk.exe |
| PID 1676 wrote to memory of 3532 | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | C:\Program Files (x86)\Google\Google Talk\googletalk.exe |
| PID 1676 wrote to memory of 3532 | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | C:\Program Files (x86)\Google\Google Talk\googletalk.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe
"C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Program Files (x86)\Google\Google Talk\gtalkwmp1.dll"
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /register
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /startmenu
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\2e305183d59b40eba065ffb3bb46eadb /t 4136 /p 5108
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /startmenu
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\f6a17059672642129399bb609608c68e /t 3996 /p 3596
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tools.google.com | udp |
| GB | 216.58.204.78:80 | tools.google.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | tools.google.com | udp |
| GB | 216.58.204.78:80 | tools.google.com | tcp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| GB | 172.217.16.229:80 | mail.google.com | tcp |
| US | 8.8.8.8:53 | 229.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.178.17.96.in-addr.arpa | udp |
| GB | 172.217.16.229:80 | mail.google.com | tcp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.233.44.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.1.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.178.17.96.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| GB | 96.17.178.204:80 | tcp |
Files
memory/1676-0-0x0000000000400000-0x0000000000440000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nst441F.tmp\UserInfo.dll
| MD5 | 2b006bbf7c9295683eddfad40008be85 |
| SHA1 | b3f42a8e2ff172d51418c72811586b11ed589909 |
| SHA256 | 9e4440baf56d47ca4cc1f29e7a62d407d1f9524986160b30de5f825a3fedee88 |
| SHA512 | e1cfd739b7f8de442e2fb49c83569e8051492180780d92a4bfaa9c90b1444fd0020f9f596c12820642dd33cbee2c81ec793acb1c8dab1d1bebbe25b33c51efe8 |
C:\Users\Admin\AppData\Local\Temp\nst441F.tmp\System.dll
| MD5 | 61151aff8c92ca17b3fab51ce1ca7156 |
| SHA1 | 68a02015863c2877a20c27da45704028dbaa7eff |
| SHA256 | af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d |
| SHA512 | 4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e |
C:\Users\Admin\AppData\Local\Temp\gtalkwmp1.dll
| MD5 | f341a096bbc785dc39e0170ff725a7d5 |
| SHA1 | 75b233a2fc20ff4a748c65b80c17188f63b9cd53 |
| SHA256 | fd23273a36db53e1da88e2b4ec84ffb720e54f9c6ab8820bf8937e870d64e44b |
| SHA512 | fe4a237a9b7b100e0b4ae5a2daf30989b3d6744ee7e7ba0a8a3c6322cf390a93fde3cfed79e4593e06f7ff072e1c207b9182623ccdb1b9da02cb412c8096b77a |
memory/1676-19-0x0000000003010000-0x0000000003022000-memory.dmp
memory/1676-30-0x0000000000400000-0x0000000000440000-memory.dmp
C:\Program Files (x86)\Google\Google Talk\testperm.txt
| MD5 | cf41c3a04147fc650486a80e85f2444c |
| SHA1 | f98fcb580c775b8d902f6bf76f52a559af43d445 |
| SHA256 | d632b0b91898356488302714bebeb771cd765fa045f7a16ae925d2e99263671c |
| SHA512 | 4d24cac88a0baae5426577e18152d9a404cb525aaf3830cb75f0f1bbe868b635206f9f3e5468255b1cbe0ee761a24dc46b9aae6e0ed17aa4fff5c7090c8c8ed8 |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\Classic\Contents\Resources\Incoming\NextContent.html
| MD5 | 70e3aa6ea6428c65e2c99fb67cdf3c38 |
| SHA1 | 65cdb1fd2901446df663190a3ab381b1969cce00 |
| SHA256 | 773c0f0b634ec3106c09645484bb08cb2f18d316a6b6f805463feb3f892470c8 |
| SHA512 | b913c91987f68943487e6fac363d3abfe1a43d80ebc9838dac0fd2a06b14f0c2594a2abfb893a1f170a8d3b22272ec2e118b52c2d8492b94f1b4b6e3d520858a |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\PingPongPicture\Contents\Resources\NextStatus.html
| MD5 | 4a75b7ffdd13bc07628b23a1340db9bd |
| SHA1 | 80b6f0db8880ae484d5e016077b174a702550b38 |
| SHA256 | fe5006e8ad1e3dcc44588712ea4a6e5723a4cf6bbf5be7db9f04d25d91f62327 |
| SHA512 | 498b6451ac4cd3a7a598001a8486358582bce29479a6cc14e1fd3038d5751b81f5662340936b7e7594268662ac794482869f799de9144eae0a5c930820a83c01 |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\PingPongPicture\Contents\Resources\Status.html
| MD5 | c1659928c4171dcee82ba065549d80a7 |
| SHA1 | 6887fcdccea434cfc4247faee95662e201b9bcf2 |
| SHA256 | e2d9fa6e3e1044265356afc6369147a8a7dd68e030ba3d68e83473b375f1ee65 |
| SHA512 | a1a71b238e76089c5a4087e8451180057b0c32a0c6b2ebb6234d9d317630aa5d58df63d0e0b60b11218724b0ffa0fe023de31dff3fe83f95a58ea013fbbd0194 |
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
| MD5 | bcd9cbf0621f9a6767276a2e0bf1dd15 |
| SHA1 | 802daf7cb7823ce7f36408f0fba01e2e75fdde90 |
| SHA256 | c0748aee57a79d1ad8a4307d3ecb03a517464d047cd5cc64bad299e0bfaefb60 |
| SHA512 | 0dd7dbb13c84e111b6c3a10629498724c4879f3b94a7d786b03009347186c8199791d0cc519d11affb89ff1ac3a1151d532bb9540a23bb0ad35bccea6327be96 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\46914b47602a13eb2069793817c907fde482e509.original.avatar
| MD5 | 139ab22ebfe6b86790b9859251d2cb85 |
| SHA1 | 46914b47602a13eb2069793817c907fde482e509 |
| SHA256 | 4d945da6e45abd54d757b4f82ec926e3ae24874727dc15e16229ece7b933c94e |
| SHA512 | f7dd86f347fd3c9123b7a89629bdfc81cd18f6b4a8502d58804495596e6e9dc13fa5600c517340a25c3262091d97b78e9e3d2690f51a3ba80dd40c0b3a37c2ca |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 0e889698e699ff46a7ea1e396343c491 |
| SHA1 | eecabd575b852104c4ef2512c168f01d15dad3cc |
| SHA256 | befdc8bd467e8d474c1a5a9953582f0cd1e22c6f7abe6e195544b90958aa1bf6 |
| SHA512 | f6bb5237b1d8f41b9d083f4819e16bbc4ea2436503fe4299221d10495abf6d410df65f1605233cbc17885660178a4c3ba6e7b16638c562dc115c5442364b161b |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 370a9e303a5e2b140a7b3f37a4233481 |
| SHA1 | 02e77036c1ea4be91e1053e3c96f28e805d119a9 |
| SHA256 | 66babc236e7e018e82bad773dacb5c3089ba85456a4efb8a19ee310efa3824bd |
| SHA512 | 657b99bf1959dbfe8ca7b515b792550113e21b3b416296bc69961abf89cad1561f4e0cb2d443c4bc0906cc77e70b33ecf95ec572001f5c88d5635a87add62e51 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | ceef4fca7bc7083ac26ecc0e4fc7a4ca |
| SHA1 | 5a3f30f9764147a12215431398540e05c0435aa2 |
| SHA256 | 9ee950db30334eb12eb6b1a12b667d68710f42d53d069eacc39ed25b6c25ff5f |
| SHA512 | 702d0e658cc6429304f8c770dae31ea2617c23aefa234267f9a2d45eb4650bb97e39356bf669e71c635fbfdc8b5872bfce8efcb90b65f04f2e43d6acd955f3d2 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | a7d60d5287b04a563e0703bebcc6bf86 |
| SHA1 | 47b4169fc4ed7a3066ac32532dfe3256b1c23b49 |
| SHA256 | 4e90140d0b54b2daf35354f88eb883f1b90b79294a81a660d6ec2b03900b69a8 |
| SHA512 | 90dd6b09c49be213968aaa05197fc147fd278df330e08b41228592cca119d86b98400567ec8342944202ea12adff52aabae5ebecd1a4cbcaba8559494320e7e0 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 5f7e31f0001ef4310865f1ff4549b12b |
| SHA1 | 34c95afe0b0fcb9576636e25261c92dbb32c2ca3 |
| SHA256 | 4681737d35db0808cbb99d4653b9f99141d7409f60268b9adb84c2e59792c6e9 |
| SHA512 | fef96b44c10223fa1138832e34fd12ed6a3ed934dba3f736a985cbc236bde9411fffaf6e49f65e50302711a09af30d27853a8158f807e7ac5065208619c07502 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 5c2b6a18d6d09563f1e4694de12326d7 |
| SHA1 | 9a6100592deaaf027f4be9fb13fd813a2230c7a5 |
| SHA256 | d3ddc4f3ffba57c634611b6ac45f979c9671fa413dc7a317155dd3b3f2485d00 |
| SHA512 | 9e2a44eba0285e7838243644eeecd3c3417c1293134a06a11a5fe93a6508ff0939db47c8d786677107105e60468217cc3ac71c891e7a051ff991a6c09913ddbb |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | b02547e43f9cd41b26fee3a8f4b267a8 |
| SHA1 | 3b405b7c88e5280a6f0bf2e5fef2c8e7e5e5bab0 |
| SHA256 | 605b1d4c08bed7aa60b30479c6eac51d53214fc7c15a12d47ec3633094cd880b |
| SHA512 | fd6c9f03012b2054dcfb704558f9b30719c0858538d9478cf05ec66096ce67633df90390ba9bbb96b4631794c27fe28201e084e0489529df382330c9f5673e70 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | b37edbac0fbfd58a10c826ce9bd0a1a8 |
| SHA1 | 2f3e77a1e6e536c873a17887003faf65579093c0 |
| SHA256 | 495b4ef47b07b0197d69bbac7f30d6b5994a6ccb61543fdd32c35b5146c9406c |
| SHA512 | 6fcb26c74aa6e813ad9f75f98dde6f7a4c19e69e701465b2113e2d28d02b971f242d67db47a8ab877068be09fe7b3d3fd2bf045b493b4e296abba8ff0e395cf3 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 438815592db40de2264606f1bfd4d903 |
| SHA1 | 775aabe7ca171d273616297f50453c711d150494 |
| SHA256 | e166689a2be4b0c649c4455b946373cba82be7bb56e8c50230bedab1f22b2115 |
| SHA512 | 3af5009acda043a85cd4264758614e4cc15a1b044244ff877b26e35cab56ce30bc390f90242ce735657fb7f1c35d177f6d1fb1123fd4ca52854091e0d18bb53c |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 477b9b2262edfb077aa9622b473dc3db |
| SHA1 | fbfa567309724a59bad65e51ca1ce467ab52141c |
| SHA256 | 0f0154aaef14b04bac6dc6d55fddbc99440a822c165725bfe7083be90ab50e3d |
| SHA512 | 9f9698478accf1791ff6c6e2e5c150d691d135a319c5888b46947ca0f4896a025a26296ffac8adc276b4f3d4f086c3af747cbedcb1b841bef0135e717e3fbf1b |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 7b0e66eef397662bf1d1346fc9cf5313 |
| SHA1 | 2712a2b05ba8ef6a3d84ce452d37a64090887b53 |
| SHA256 | 5dc2d386b8cea18c0401dfc77ebe3c2282f61b113f468337a23e4579ff5e28fe |
| SHA512 | eec704b006b49981db884f2362714fbabdbcf69b47da9f40fd4413e986f46e0b04689f6401991e94571fc3a7755a32cb70620c2d3c7ec3cb9bb23ca5ed324b94 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 91d5e3de0a48f1d28d4f72050a99ea02 |
| SHA1 | 2a76fc6f39dbbb2da6ee8064c08ce6d8ad6cbd01 |
| SHA256 | bce7a8f3a90e7b484abeceabb81c932a01856cb825350b7fa5bf4c81beb246e6 |
| SHA512 | 0757eba0fa6bd44d6de804ee5799e379e059cd15acef84897b4c32a7a7d48220d9d870a4637de0a79a7872439ecb321d312aa32f9917021ebbf3c3e8f520c683 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 90623c105b3a59a8de55402d5690d179 |
| SHA1 | a5515c11ddc68cc7afcf94ef564cb331c6685116 |
| SHA256 | 8d79a640a600c7f95bbf5bb992dde81e2d829899f13dffd599bab032a192ea1a |
| SHA512 | 5e6db87d6b2b879ae5a7bf43f7a19721a825bac26e003574b7cd539553fb681968b7b265b5233a55074ca9cc0d982230cc49eef01f61cc4f79ba054fe2225828 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 46363431e0b687e017e5d5614181aa5c |
| SHA1 | 250915850e9017edc6e503c2c83b75715917592b |
| SHA256 | 1cbf77384a0af8d1f6ed54c3f7411d7b63a682e6d27b51c7def512642d037eb7 |
| SHA512 | cca8ffef787a4f4dc88e4d562d0ca8e824cfdaa2dd3d26ddc730ed12f15508cc6360ab3f454e6a6c36eec35800f79451fefa00a24c2bef012aff3fbb9a6ebe9c |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\573a43a3fbc18f656bc9c7cad720977c3e5747f9.original.avatar
| MD5 | e7ed315542e8c9e38b5dc50cb62ad9c2 |
| SHA1 | 573a43a3fbc18f656bc9c7cad720977c3e5747f9 |
| SHA256 | e34346514992ff121d2fb023b894312f9de7db569238a58f2d4b7fa2bc428a54 |
| SHA512 | 118c7e421e6ffaab1b8c34ab5cb2d8515894b01b50ec37d8f958ca66baaf5b1edce2bcc7c9b912fc8644ae2680449e2a438b2e9b38e85dc60b1a9bdd1dcd7c38 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | a22506cd785b216a6fb917118c234655 |
| SHA1 | f26dd8252ce14dee46510cb3cdf205780c2d2407 |
| SHA256 | a4513cb4108881a0d525512419518d849b821c0240fa2df0a8d119905646ef5a |
| SHA512 | db985a4203d1fd0902e88f90e125b3013ca001795b37cf2bee1638046ffa91b1dc8a9446991e9c1ddafc7fc1f0fab249d58b1850246709f6b0523c141dd44e42 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 8894d3eb77abd1de14168dfd8f120314 |
| SHA1 | ca4650e9d30a1a4acdd18ca9374b1a9381868e69 |
| SHA256 | d8cd92c73c14fb81366692a296c5a1ed132276e3f09999705c64b7e698757c71 |
| SHA512 | 1900c53796cfdddd72a589059328fd6cf04458ec92829552662feee162ab7ba803d61bf87929bd1f5f8bd7dd9d3b5b0080f04b5c91a0c94c12c88821f4c4f303 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | d66c769878374d62b887c2ed54f0d960 |
| SHA1 | 4955c0b12cf51b51d4b54549b443437e17c65a5a |
| SHA256 | a208f2a0c83d6cf3ef02cabb6727a0342efa54aa787116fdaa3f816351153844 |
| SHA512 | 107062dd1b4edf74afe63ad9227f278410369e0e24864c8120fdb7c2e093d5089c1eb7d86ca80b7474a9128528f4979dc2e847ffac0c53b0c90afd288d9b8dc1 |
C:\Users\Admin\AppData\Local\Temp\nst441F.tmp\ioSpecial.ini
| MD5 | 18ff701d1a99a427a9b81040f14fddaf |
| SHA1 | d9af92511ce2b49e30c8071441906edc596dfbdd |
| SHA256 | 3b62ab01f6aedc4acd89622ac643d224b9bef125d6c253908ad607141bebc016 |
| SHA512 | ca702f3f717320f0e861a46cedbcef003b5ddd9314247fe947e6a9a1038b8310176731e65f446f90b7eaf77081ed2d9c8dd50a80e9749cd0bf20b1c4500ed75b |
C:\Users\Admin\AppData\Local\Temp\nst441F.tmp\InstallOptions.dll
| MD5 | 08c82a46416a5e2b471d457968f53816 |
| SHA1 | 3e3897c20b9e89b279b4764a633f67955bf8f09a |
| SHA256 | 435baf3b7282c9110697a4916834ef9371dd29fae6b4cb8e19c19eb126562dc9 |
| SHA512 | 91e2055b91d04b2348a923cb298ac6ba3637de5038dc4f849c4d2f1665d17de9cd6eb6a97d42d0f894d65348c8fd8e79cd61b667ea5a78e8960347e8cc8db81d |
memory/1676-397-0x0000000000400000-0x0000000000440000-memory.dmp
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.orkut.com\gtalksettings.sol
| MD5 | 8cf6c45f7b59f309c141e9f6121efd2f |
| SHA1 | 7393fc0097f75336e5770fa737baf8ea152bc947 |
| SHA256 | e19b5c67a1741de87a1866dda95f615ff094d3eeaba7ac9543d4ba30e77aa3ba |
| SHA512 | 688360108329d82a51738cee59c5979ee5193cbb9094bfb82759de8d60e16ea6acda247d15058ea8e15e753a45b81fbca1d20187b9404f8f7dfd49920243591b |
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.orkut.com\gtalksettings.sol
| MD5 | 7b18f55982ca5bcbf362906b466e4822 |
| SHA1 | 390c620a4929d8f3b3ec56240e2ff2038ac531da |
| SHA256 | e402e1fabe90cc1f5f5724f862b89cef80855142ad89dad409b9661b80c560e3 |
| SHA512 | a66dd1273eda0a823c2129295e5c214e45f590b39908aee6e71daafbfe608ac6e07ec2ebebc743dd236cf23cf4d4196ffe1be9e9e8b63dc1734f7b4ba83c9f29 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-11 19:58
Reported
2024-02-11 20:07
Platform
win11-20231215-en
Max time kernel
521s
Max time network
523s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\googletalk = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe /autostart" | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Google Talk\uninstall.exe | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Talk\testperm.txt | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Google Talk\testperm.txt | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Google Talk\ | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Talk\gtalkwmp1.dll | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{4c9dc108-c73f-11da-95ab-00e08161165f}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\HELPDIR | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ = "IChatRoom" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gtalk\shell\open\command\ = "\"C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe\" \"/%1\"" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\ = "IChatRoomContact" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{7a9d1480-c6a1-11da-95ab-00e08161165f}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{38FDD2C4-9164-4eaf-8C74-24D764FF613E}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{4c9dc108-c73f-11da-95ab-00e08161165f}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{65D12388-C5E9-468c-83B9-60AEA2E658DF}\ = "ITalkTunnelExp" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82ec66ad-6a51-4aa5-8788-dea156a4580b}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ = "IChatRoom" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{7a9d1480-c6a1-11da-95ab-00e08161165f}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gtalk\shell\open | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Typelib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{7a9d1480-c6a1-11da-95ab-00e08161165f}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{65D12388-C5E9-468c-83B9-60AEA2E658DF} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ = "ITalkAPI" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ = "ITalkAPI" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2}\Google Talk | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{62d14448-68ff-4c37-a7f2-31105a1be427} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70} | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49C7-BF37-0EB4A62D8638}\LocalServer32 | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49C7-BF37-0EB4A62D8638}\LocalServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Google\Google Talk\googletalk.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3448 wrote to memory of 4996 | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 3448 wrote to memory of 4996 | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 3448 wrote to memory of 4996 | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 3448 wrote to memory of 3140 | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | C:\Program Files (x86)\Google\Google Talk\googletalk.exe |
| PID 3448 wrote to memory of 3140 | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | C:\Program Files (x86)\Google\Google Talk\googletalk.exe |
| PID 3448 wrote to memory of 3140 | N/A | C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe | C:\Program Files (x86)\Google\Google Talk\googletalk.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe
"C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Program Files (x86)\Google\Google Talk\gtalkwmp1.dll"
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /register
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /startmenu
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\98f71af031784d9db1a9e8d63cdeb9f1 /t 3352 /p 1036
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
Network
| Country | Destination | Domain | Proto |
| GB | 2.18.66.41:443 | tcp | |
| GB | 2.18.66.41:443 | tcp | |
| US | 8.8.8.8:53 | 204.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 2.18.66.41:443 | tcp | |
| GB | 2.18.66.41:443 | tcp | |
| GB | 216.58.204.78:80 | tools.google.com | tcp |
| GB | 172.217.16.229:80 | mail.google.com | tcp |
| GB | 216.58.204.78:80 | tools.google.com | tcp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.181.190.20.in-addr.arpa | udp |
Files
memory/3448-0-0x0000000000400000-0x0000000000440000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsk5304.tmp\UserInfo.dll
| MD5 | 2b006bbf7c9295683eddfad40008be85 |
| SHA1 | b3f42a8e2ff172d51418c72811586b11ed589909 |
| SHA256 | 9e4440baf56d47ca4cc1f29e7a62d407d1f9524986160b30de5f825a3fedee88 |
| SHA512 | e1cfd739b7f8de442e2fb49c83569e8051492180780d92a4bfaa9c90b1444fd0020f9f596c12820642dd33cbee2c81ec793acb1c8dab1d1bebbe25b33c51efe8 |
C:\Users\Admin\AppData\Local\Temp\nsk5304.tmp\System.dll
| MD5 | 61151aff8c92ca17b3fab51ce1ca7156 |
| SHA1 | 68a02015863c2877a20c27da45704028dbaa7eff |
| SHA256 | af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d |
| SHA512 | 4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e |
memory/3448-19-0x00000000024B0000-0x00000000024C2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gtalkwmp1.dll
| MD5 | f341a096bbc785dc39e0170ff725a7d5 |
| SHA1 | 75b233a2fc20ff4a748c65b80c17188f63b9cd53 |
| SHA256 | fd23273a36db53e1da88e2b4ec84ffb720e54f9c6ab8820bf8937e870d64e44b |
| SHA512 | fe4a237a9b7b100e0b4ae5a2daf30989b3d6744ee7e7ba0a8a3c6322cf390a93fde3cfed79e4593e06f7ff072e1c207b9182623ccdb1b9da02cb412c8096b77a |
memory/3448-30-0x0000000000400000-0x0000000000440000-memory.dmp
C:\Program Files (x86)\Google\Google Talk\testperm.txt
| MD5 | cf41c3a04147fc650486a80e85f2444c |
| SHA1 | f98fcb580c775b8d902f6bf76f52a559af43d445 |
| SHA256 | d632b0b91898356488302714bebeb771cd765fa045f7a16ae925d2e99263671c |
| SHA512 | 4d24cac88a0baae5426577e18152d9a404cb525aaf3830cb75f0f1bbe868b635206f9f3e5468255b1cbe0ee761a24dc46b9aae6e0ed17aa4fff5c7090c8c8ed8 |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\Classic\Contents\Resources\Incoming\NextContent.html
| MD5 | 70e3aa6ea6428c65e2c99fb67cdf3c38 |
| SHA1 | 65cdb1fd2901446df663190a3ab381b1969cce00 |
| SHA256 | 773c0f0b634ec3106c09645484bb08cb2f18d316a6b6f805463feb3f892470c8 |
| SHA512 | b913c91987f68943487e6fac363d3abfe1a43d80ebc9838dac0fd2a06b14f0c2594a2abfb893a1f170a8d3b22272ec2e118b52c2d8492b94f1b4b6e3d520858a |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\PingPongPicture\Contents\Resources\NextStatus.html
| MD5 | 4a75b7ffdd13bc07628b23a1340db9bd |
| SHA1 | 80b6f0db8880ae484d5e016077b174a702550b38 |
| SHA256 | fe5006e8ad1e3dcc44588712ea4a6e5723a4cf6bbf5be7db9f04d25d91f62327 |
| SHA512 | 498b6451ac4cd3a7a598001a8486358582bce29479a6cc14e1fd3038d5751b81f5662340936b7e7594268662ac794482869f799de9144eae0a5c930820a83c01 |
C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\PingPongPicture\Contents\Resources\Status.html
| MD5 | c1659928c4171dcee82ba065549d80a7 |
| SHA1 | 6887fcdccea434cfc4247faee95662e201b9bcf2 |
| SHA256 | e2d9fa6e3e1044265356afc6369147a8a7dd68e030ba3d68e83473b375f1ee65 |
| SHA512 | a1a71b238e76089c5a4087e8451180057b0c32a0c6b2ebb6234d9d317630aa5d58df63d0e0b60b11218724b0ffa0fe023de31dff3fe83f95a58ea013fbbd0194 |
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
| MD5 | 1ff855c2b9b98e65f2ab8a3648ce6b4b |
| SHA1 | d6a64a64bf6b2f8b5399e87b6a6e1817a8cedf63 |
| SHA256 | 0c736cc195d820cbb0a9dfc501bd496457431e8b336501295fd8c9e83c3a6296 |
| SHA512 | b8ce5825622019160231ffaf39e13badb4ef68b4a3e1112de5ea7d544144ee50e2dfd1bd036e9a4a0332266435029d893594d34f17f9562e67fa607bbde7e5c5 |
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
| MD5 | 70d7fd3a2dcda38ddec255127925a185 |
| SHA1 | 5d0b60242dd4c00af2665f74798c80a26f7c0c1c |
| SHA256 | cb9fb91e9c96261618f5a0468b1a99ccf5b0b9d60bc8f5da22be8310adf9bd8d |
| SHA512 | 66a9948ba4f74a9297bc72d989612e03999898fbf146d523c421d7fa2382cf67b87dc31964856961851ad219cfec6ea760a0b9afda27aec3a0919a8241cc5a65 |
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
| MD5 | 7bf0049215f3e854894586944ecadfe0 |
| SHA1 | f625b76fb88568161712002e4985ee262d320574 |
| SHA256 | 1568aa36abe30b9e8c308606dba076a7a3c956f2e8a7d18c0377a80ae11e348a |
| SHA512 | 221eb677010d902b49d0f75b07f1aba0d1993f5574d81d4e15051d98b2224aaf31a27255f8480302613368b594606f3bd6ee2f7cb77c60f6adbe3a6d6c5e0dc5 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\fbfa567309724a59bad65e51ca1ce467ab52141c.original.avatar
| MD5 | 477b9b2262edfb077aa9622b473dc3db |
| SHA1 | fbfa567309724a59bad65e51ca1ce467ab52141c |
| SHA256 | 0f0154aaef14b04bac6dc6d55fddbc99440a822c165725bfe7083be90ab50e3d |
| SHA512 | 9f9698478accf1791ff6c6e2e5c150d691d135a319c5888b46947ca0f4896a025a26296ffac8adc276b4f3d4f086c3af747cbedcb1b841bef0135e717e3fbf1b |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 7b0e66eef397662bf1d1346fc9cf5313 |
| SHA1 | 2712a2b05ba8ef6a3d84ce452d37a64090887b53 |
| SHA256 | 5dc2d386b8cea18c0401dfc77ebe3c2282f61b113f468337a23e4579ff5e28fe |
| SHA512 | eec704b006b49981db884f2362714fbabdbcf69b47da9f40fd4413e986f46e0b04689f6401991e94571fc3a7755a32cb70620c2d3c7ec3cb9bb23ca5ed324b94 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 91d5e3de0a48f1d28d4f72050a99ea02 |
| SHA1 | 2a76fc6f39dbbb2da6ee8064c08ce6d8ad6cbd01 |
| SHA256 | bce7a8f3a90e7b484abeceabb81c932a01856cb825350b7fa5bf4c81beb246e6 |
| SHA512 | 0757eba0fa6bd44d6de804ee5799e379e059cd15acef84897b4c32a7a7d48220d9d870a4637de0a79a7872439ecb321d312aa32f9917021ebbf3c3e8f520c683 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 90623c105b3a59a8de55402d5690d179 |
| SHA1 | a5515c11ddc68cc7afcf94ef564cb331c6685116 |
| SHA256 | 8d79a640a600c7f95bbf5bb992dde81e2d829899f13dffd599bab032a192ea1a |
| SHA512 | 5e6db87d6b2b879ae5a7bf43f7a19721a825bac26e003574b7cd539553fb681968b7b265b5233a55074ca9cc0d982230cc49eef01f61cc4f79ba054fe2225828 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 35a4f023cd551801f84b91b43ca4b321 |
| SHA1 | 3797ca1bfa12a956f91292344eae4d444d567187 |
| SHA256 | e84cd6011e1dd88ab49db2ece980beaa6bd432908168487fcad04f961f2bfc49 |
| SHA512 | 3fa800db342022ba54621f678da2c4050a465b2face80d4fec6633b02aa46afd582d3d808e950893eb326cf599218997476c3d86e208fe507c6960b777d1c6e1 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 46363431e0b687e017e5d5614181aa5c |
| SHA1 | 250915850e9017edc6e503c2c83b75715917592b |
| SHA256 | 1cbf77384a0af8d1f6ed54c3f7411d7b63a682e6d27b51c7def512642d037eb7 |
| SHA512 | cca8ffef787a4f4dc88e4d562d0ca8e824cfdaa2dd3d26ddc730ed12f15508cc6360ab3f454e6a6c36eec35800f79451fefa00a24c2bef012aff3fbb9a6ebe9c |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | e7ed315542e8c9e38b5dc50cb62ad9c2 |
| SHA1 | 573a43a3fbc18f656bc9c7cad720977c3e5747f9 |
| SHA256 | e34346514992ff121d2fb023b894312f9de7db569238a58f2d4b7fa2bc428a54 |
| SHA512 | 118c7e421e6ffaab1b8c34ab5cb2d8515894b01b50ec37d8f958ca66baaf5b1edce2bcc7c9b912fc8644ae2680449e2a438b2e9b38e85dc60b1a9bdd1dcd7c38 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 3d52d38b75e5d5ee832e748a6d810232 |
| SHA1 | 3e1a7c60f0b6b2cfda4b5978deef2f0475f37d35 |
| SHA256 | 17255cddb753a3e7a86f9b267c113dc6c44e7051790aea22df737f5d0246ea3c |
| SHA512 | add04d6080152743d50efea733bd4c0e75d20dc5ebc989ba1d96e4fe4e4961078e90349c086728701eda9311f11bb744a97676eed7a60639b449e5b9c3e6c488 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 8894d3eb77abd1de14168dfd8f120314 |
| SHA1 | ca4650e9d30a1a4acdd18ca9374b1a9381868e69 |
| SHA256 | d8cd92c73c14fb81366692a296c5a1ed132276e3f09999705c64b7e698757c71 |
| SHA512 | 1900c53796cfdddd72a589059328fd6cf04458ec92829552662feee162ab7ba803d61bf87929bd1f5f8bd7dd9d3b5b0080f04b5c91a0c94c12c88821f4c4f303 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | d66c769878374d62b887c2ed54f0d960 |
| SHA1 | 4955c0b12cf51b51d4b54549b443437e17c65a5a |
| SHA256 | a208f2a0c83d6cf3ef02cabb6727a0342efa54aa787116fdaa3f816351153844 |
| SHA512 | 107062dd1b4edf74afe63ad9227f278410369e0e24864c8120fdb7c2e093d5089c1eb7d86ca80b7474a9128528f4979dc2e847ffac0c53b0c90afd288d9b8dc1 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | f08fc19d4b33cf4d93585c6730e300cc |
| SHA1 | 3d57d79863ec79cc7b84f5d51c9982e91c0a3b8a |
| SHA256 | 3eca4fec079b1d4a4806547c75f22100ff3c48d382e25e9da66d67b4680e54f0 |
| SHA512 | 8184ba705045544cd0f757e91e3c91abfc89b8b46338eb7b70e2cbb73a369fa62915f553b9d6c477941f480afa618f76e3c18b12fd6700c1a95f1e34c5dfcc38 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 65d8d95002db15b1b07bb000328f07b3 |
| SHA1 | b393761d7d3ad18f6265e69c96fc6dd63135ac27 |
| SHA256 | 249b4ddcb7a4b1b53dbe7102bd0e4e43c35bea5667edfd14cc55ecc8d12a4fd6 |
| SHA512 | 6899d3ae97eec360fef9a8eb490d525ff74b8c35ecefb1d74534eb759ba99e1680dc2d14b6d22b2bd715281d287c8319c4d78ee13fd343d968aeb0b56b2e123a |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 3627b56c6ea08d1a49a71fd3b21a1204 |
| SHA1 | de4a8862133aa788f9ea4b0f8c10080a140e7bdd |
| SHA256 | ba8283dd9b8b6ead35a405148267d449ebf2fb6514918ed9b4e66400f29afc4f |
| SHA512 | 199be24143c4e455feacf49781335bfb9df7dc7bf85247591fb60580171f7576d41bdcf87d2e44a66fd1c6fa12dbb2c79d190d3e1203ea536c7b1a9a9eb0ab12 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 139ab22ebfe6b86790b9859251d2cb85 |
| SHA1 | 46914b47602a13eb2069793817c907fde482e509 |
| SHA256 | 4d945da6e45abd54d757b4f82ec926e3ae24874727dc15e16229ece7b933c94e |
| SHA512 | f7dd86f347fd3c9123b7a89629bdfc81cd18f6b4a8502d58804495596e6e9dc13fa5600c517340a25c3262091d97b78e9e3d2690f51a3ba80dd40c0b3a37c2ca |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 57c563baf3fd6fe44392636258812c42 |
| SHA1 | 4b0cbdb4719f04efc57798f4f9e66ba412cff885 |
| SHA256 | 8893af9a901791cd34a66fbbdfa48da7038dbd1646915b3cfc36b21dc31d546e |
| SHA512 | 1b8ca6a37228bbac09ac3c3b118209371b30cbda021f762224e4149c630c394b66d511a96f9f8fe3dd6cd5beb50e80e0813ba6dd59fe5d25a24560730b8fc629 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | cd14924ded52e0a997bd72c86c3a339b |
| SHA1 | 901fa3e2a8f3fe30ec331c559ae5a69ec47bafcf |
| SHA256 | 0f56495dfe187cfa79f98c8584216b8c128e1d61e08c43a5964df8faa4dcc448 |
| SHA512 | 053345e0a9184edeab251026a8e06909b4603f531eb301601894e51b440b4399a26ee71a84f15e101ea43d62dc2aba0384d4f6c8ba3bbca65e1e9b066d0e4cde |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 85c0a49a6a1bb1cbbe130e24cb23814e |
| SHA1 | dcddafc8de2361f8524f10e06183277b01127ef0 |
| SHA256 | d6d36336a156cee0f9b57610e48ecfd4434a78b6f08dbb77a9a47c26b5050c5b |
| SHA512 | 94baf832f8077076346bdd21a485025bd9696bb3daf68d457b4001ffb5fd4b8ffc975e65054a3cdeafabee10597252f78db9706824fea4aa1e076a4dbbed3ea8 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 0e889698e699ff46a7ea1e396343c491 |
| SHA1 | eecabd575b852104c4ef2512c168f01d15dad3cc |
| SHA256 | befdc8bd467e8d474c1a5a9953582f0cd1e22c6f7abe6e195544b90958aa1bf6 |
| SHA512 | f6bb5237b1d8f41b9d083f4819e16bbc4ea2436503fe4299221d10495abf6d410df65f1605233cbc17885660178a4c3ba6e7b16638c562dc115c5442364b161b |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | a7d60d5287b04a563e0703bebcc6bf86 |
| SHA1 | 47b4169fc4ed7a3066ac32532dfe3256b1c23b49 |
| SHA256 | 4e90140d0b54b2daf35354f88eb883f1b90b79294a81a660d6ec2b03900b69a8 |
| SHA512 | 90dd6b09c49be213968aaa05197fc147fd278df330e08b41228592cca119d86b98400567ec8342944202ea12adff52aabae5ebecd1a4cbcaba8559494320e7e0 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 5f7e31f0001ef4310865f1ff4549b12b |
| SHA1 | 34c95afe0b0fcb9576636e25261c92dbb32c2ca3 |
| SHA256 | 4681737d35db0808cbb99d4653b9f99141d7409f60268b9adb84c2e59792c6e9 |
| SHA512 | fef96b44c10223fa1138832e34fd12ed6a3ed934dba3f736a985cbc236bde9411fffaf6e49f65e50302711a09af30d27853a8158f807e7ac5065208619c07502 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | d81ab7a7627ed673fdcd4dd24220c192 |
| SHA1 | 1657b6663c7d9d67bb6d556de97623e2a2a9126e |
| SHA256 | 97186e899fc20dd2d5f5805943c3a53f105a7cbdc21dad0586ba91d346a92a0a |
| SHA512 | aa314cc318bd0b8620422a890858915c3969a192fa73dade698617401a8ea9c900cb8c69c1547fdc0eca0035a05f71937972fc369bec55f0741fea3ab3923e24 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 370a9e303a5e2b140a7b3f37a4233481 |
| SHA1 | 02e77036c1ea4be91e1053e3c96f28e805d119a9 |
| SHA256 | 66babc236e7e018e82bad773dacb5c3089ba85456a4efb8a19ee310efa3824bd |
| SHA512 | 657b99bf1959dbfe8ca7b515b792550113e21b3b416296bc69961abf89cad1561f4e0cb2d443c4bc0906cc77e70b33ecf95ec572001f5c88d5635a87add62e51 |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | 5c2b6a18d6d09563f1e4694de12326d7 |
| SHA1 | 9a6100592deaaf027f4be9fb13fd813a2230c7a5 |
| SHA256 | d3ddc4f3ffba57c634611b6ac45f979c9671fa413dc7a317155dd3b3f2485d00 |
| SHA512 | 9e2a44eba0285e7838243644eeecd3c3417c1293134a06a11a5fe93a6508ff0939db47c8d786677107105e60468217cc3ac71c891e7a051ff991a6c09913ddbb |
C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar
| MD5 | ceef4fca7bc7083ac26ecc0e4fc7a4ca |
| SHA1 | 5a3f30f9764147a12215431398540e05c0435aa2 |
| SHA256 | 9ee950db30334eb12eb6b1a12b667d68710f42d53d069eacc39ed25b6c25ff5f |
| SHA512 | 702d0e658cc6429304f8c770dae31ea2617c23aefa234267f9a2d45eb4650bb97e39356bf669e71c635fbfdc8b5872bfce8efcb90b65f04f2e43d6acd955f3d2 |
memory/3448-308-0x0000000000400000-0x0000000000440000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsk5304.tmp\InstallOptions.dll
| MD5 | 08c82a46416a5e2b471d457968f53816 |
| SHA1 | 3e3897c20b9e89b279b4764a633f67955bf8f09a |
| SHA256 | 435baf3b7282c9110697a4916834ef9371dd29fae6b4cb8e19c19eb126562dc9 |
| SHA512 | 91e2055b91d04b2348a923cb298ac6ba3637de5038dc4f849c4d2f1665d17de9cd6eb6a97d42d0f894d65348c8fd8e79cd61b667ea5a78e8960347e8cc8db81d |
C:\Users\Admin\AppData\Local\Temp\nsk5304.tmp\ioSpecial.ini
| MD5 | 8c8d45a344f7b8d404c06f185c34edf3 |
| SHA1 | 17b3cf78361d12f64a6274dab791a5a7318d2266 |
| SHA256 | 18168fad29143a8f8cc2d3344b36b1307e16ca30d3bd4295f363f999beee734d |
| SHA512 | 54c2ab7e3c3025d3d012d92677efcf5ca3273cfbbe98d4ddfad0a79d679be57ffed850eb42d44b39140db84ced580eee75979f368c431adac69bf9d168ea9c84 |
memory/3448-399-0x0000000000400000-0x0000000000440000-memory.dmp
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
| MD5 | bcd9cbf0621f9a6767276a2e0bf1dd15 |
| SHA1 | 802daf7cb7823ce7f36408f0fba01e2e75fdde90 |
| SHA256 | c0748aee57a79d1ad8a4307d3ecb03a517464d047cd5cc64bad299e0bfaefb60 |
| SHA512 | 0dd7dbb13c84e111b6c3a10629498724c4879f3b94a7d786b03009347186c8199791d0cc519d11affb89ff1ac3a1151d532bb9540a23bb0ad35bccea6327be96 |
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.orkut.com\gtalksettings.sol
| MD5 | 8cf6c45f7b59f309c141e9f6121efd2f |
| SHA1 | 7393fc0097f75336e5770fa737baf8ea152bc947 |
| SHA256 | e19b5c67a1741de87a1866dda95f615ff094d3eeaba7ac9543d4ba30e77aa3ba |
| SHA512 | 688360108329d82a51738cee59c5979ee5193cbb9094bfb82759de8d60e16ea6acda247d15058ea8e15e753a45b81fbca1d20187b9404f8f7dfd49920243591b |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 5208db13f993747fe955a73b1e01c7db |
| SHA1 | 498743e4c634d1c2d508a6fd900bf0f129db2b32 |
| SHA256 | 0318c2b32b5002c91db4239bd5491091030b333b3f711b28b829e98f5fe7ee62 |
| SHA512 | c2512cbc6a3e63e2f1bac53d1fcf9e30802d14631a45a8f140a6658175cb6023093ea7d0997424b97e51da5e0f8234ab2f9c8d8cc2c36ee258bf927acd42124e |