Malware Analysis Report

2024-11-16 15:58

Sample ID 240211-ypwntsba6z
Target googletalk-setup.exe
SHA256 5cf4427b2ae3a6787776fbd91274228562b8ff2777bab4573916b4d042ab9926
Tags
upx google discovery persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5cf4427b2ae3a6787776fbd91274228562b8ff2777bab4573916b4d042ab9926

Threat Level: Known bad

The file googletalk-setup.exe was found to be: Known bad.

Malicious Activity Summary

upx google discovery persistence phishing spyware stealer

Detected google phishing page

Loads dropped DLL

UPX packed file

Registers COM server for autorun

Reads user/profile data of web browsers

Executes dropped EXE

Adds Run key to start application

Checks installed software on the system

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-11 19:58

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-11 19:58

Reported

2024-02-11 20:10

Platform

win7-20231215-en

Max time kernel

690s

Max time network

617s

Command Line

"C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe"

Signatures

Detected google phishing page

phishing google

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\googletalk = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe /autostart" C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Google\Google Talk\ C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File created C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File created C:\Program Files (x86)\Google\Google Talk\gtalkwmp1.dll C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File created C:\Program Files (x86)\Google\Google Talk\uninstall.exe C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File created C:\Program Files (x86)\Google\Google Talk\testperm.txt C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Google Talk\testperm.txt C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70014784255dda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AE966511-C918-11EE-AD90-F6BE0C79E4FA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "4" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02223E21-C919-11EE-AD90-F6BE0C79E4FA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = a80cd18e255dda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE6B90E9-C918-11EE-AD90-F6BE0C79E4FA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{62d14448-68ff-4c37-a7f2-31105a1be427}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{0507EEDE-3AE7-49C7-BF37-0EB4A62D8638} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{4c9dc108-c73f-11da-95ab-00e08161165f}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2}\Google Talk\InstallType = "1" C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{4c9dc108-c73f-11da-95ab-00e08161165f}\ = "IMUCTalkPlugin" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{38FDD2C4-9164-4eaf-8C74-24D764FF613E} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ = "ITalkFriend" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\FLAGS\ = "0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ = "ITalkFriend" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\ = "ChatRoomContact Class" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ = "IChatRoom" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\gtalk\shell\open\command\ = "\"C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe\" \"/%1\"" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\FLAGS C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ = "ITalkPlugin" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ = "ITalkTunnelExp" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Typelib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\ = "TalkFriend Class" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{7a9d1480-c6a1-11da-95ab-00e08161165f}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{7a9d1480-c6a1-11da-95ab-00e08161165f}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\gtalk\shell C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\CLSID C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_CLASSES\Wow6432Node\Interface\{65D12388-C5E9-468c-83B9-60AEA2E658DF}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ = "ITalkTunnelExp" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2292 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2292 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2292 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2292 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2292 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2292 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2292 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2292 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe C:\Program Files (x86)\Google\Google Talk\googletalk.exe
PID 2292 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe C:\Program Files (x86)\Google\Google Talk\googletalk.exe
PID 2292 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe C:\Program Files (x86)\Google\Google Talk\googletalk.exe
PID 2292 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe C:\Program Files (x86)\Google\Google Talk\googletalk.exe
PID 2544 wrote to memory of 2132 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 2132 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 2132 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 2132 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2132 wrote to memory of 2884 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2132 wrote to memory of 2884 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2132 wrote to memory of 2884 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2132 wrote to memory of 2884 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2544 wrote to memory of 1552 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 1552 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 1552 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 1552 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1552 wrote to memory of 2512 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1552 wrote to memory of 2512 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1552 wrote to memory of 2512 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1552 wrote to memory of 2512 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2544 wrote to memory of 1200 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 1200 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 1200 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 1200 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1200 wrote to memory of 2368 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1200 wrote to memory of 2368 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1200 wrote to memory of 2368 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1200 wrote to memory of 2368 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2544 wrote to memory of 1600 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 1600 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 1600 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 1600 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1600 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1600 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1600 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1600 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2544 wrote to memory of 1496 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 1496 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 1496 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2544 wrote to memory of 1496 N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1496 wrote to memory of 584 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1496 wrote to memory of 584 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1496 wrote to memory of 584 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1496 wrote to memory of 584 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe

"C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Program Files (x86)\Google\Google Talk\gtalkwmp1.dll"

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /register

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /startmenu

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com/support/talk

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x7c

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com/talk/service/NewAccount?FromClient=Talk

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1552 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com/support/talk/bin/answer.py?answer=41191

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1200 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/accounts/ManageAccount?hl=en

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://mail.google.com/mail

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1496 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /startmenu

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

"C:\Program Files (x86)\Google\Google Talk\googletalk.exe"

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /diag

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /diag

Network

Country Destination Domain Proto
US 8.8.8.8:53 tools.google.com udp
GB 216.58.204.78:80 tools.google.com tcp
US 8.8.8.8:53 mail.google.com udp
GB 172.217.16.229:80 mail.google.com tcp
US 8.8.8.8:53 tools.google.com udp
GB 216.58.204.78:80 tools.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
GB 142.250.187.206:443 support.google.com tcp
GB 142.250.187.206:443 support.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.213.14:443 apis.google.com tcp
GB 216.58.213.14:443 apis.google.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 8.8.8.8:53 talkx.l.google.com udp
US 8.8.8.8:53 talk.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 142.250.187.206:443 support.google.com tcp
GB 142.250.187.206:443 support.google.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 mail.google.com udp
GB 172.217.16.229:443 mail.google.com tcp
GB 172.217.16.229:443 mail.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 gstatic.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 142.250.178.3:443 gstatic.com tcp
GB 142.250.178.3:443 gstatic.com tcp
US 8.8.8.8:53 tools.google.com udp
GB 216.58.204.78:80 tools.google.com tcp
GB 216.58.204.78:80 tools.google.com tcp
US 8.8.8.8:53 mail.google.com udp
GB 172.217.16.229:80 mail.google.com tcp

Files

memory/2292-0-0x0000000000400000-0x0000000000440000-memory.dmp

\Users\Admin\AppData\Local\Temp\nsd1151.tmp\UserInfo.dll

MD5 2b006bbf7c9295683eddfad40008be85
SHA1 b3f42a8e2ff172d51418c72811586b11ed589909
SHA256 9e4440baf56d47ca4cc1f29e7a62d407d1f9524986160b30de5f825a3fedee88
SHA512 e1cfd739b7f8de442e2fb49c83569e8051492180780d92a4bfaa9c90b1444fd0020f9f596c12820642dd33cbee2c81ec793acb1c8dab1d1bebbe25b33c51efe8

\Users\Admin\AppData\Local\Temp\nsd1151.tmp\System.dll

MD5 61151aff8c92ca17b3fab51ce1ca7156
SHA1 68a02015863c2877a20c27da45704028dbaa7eff
SHA256 af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d
SHA512 4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e

\Users\Admin\AppData\Local\Temp\gtalkwmp1.dll

MD5 f341a096bbc785dc39e0170ff725a7d5
SHA1 75b233a2fc20ff4a748c65b80c17188f63b9cd53
SHA256 fd23273a36db53e1da88e2b4ec84ffb720e54f9c6ab8820bf8937e870d64e44b
SHA512 fe4a237a9b7b100e0b4ae5a2daf30989b3d6744ee7e7ba0a8a3c6322cf390a93fde3cfed79e4593e06f7ff072e1c207b9182623ccdb1b9da02cb412c8096b77a

memory/2292-17-0x00000000003E0000-0x00000000003F2000-memory.dmp

C:\Program Files (x86)\Google\Google Talk\testperm.txt

MD5 cf41c3a04147fc650486a80e85f2444c
SHA1 f98fcb580c775b8d902f6bf76f52a559af43d445
SHA256 d632b0b91898356488302714bebeb771cd765fa045f7a16ae925d2e99263671c
SHA512 4d24cac88a0baae5426577e18152d9a404cb525aaf3830cb75f0f1bbe868b635206f9f3e5468255b1cbe0ee761a24dc46b9aae6e0ed17aa4fff5c7090c8c8ed8

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\Classic\Contents\Resources\Incoming\NextContent.html

MD5 70e3aa6ea6428c65e2c99fb67cdf3c38
SHA1 65cdb1fd2901446df663190a3ab381b1969cce00
SHA256 773c0f0b634ec3106c09645484bb08cb2f18d316a6b6f805463feb3f892470c8
SHA512 b913c91987f68943487e6fac363d3abfe1a43d80ebc9838dac0fd2a06b14f0c2594a2abfb893a1f170a8d3b22272ec2e118b52c2d8492b94f1b4b6e3d520858a

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\PingPongPicture\Contents\Resources\NextStatus.html

MD5 4a75b7ffdd13bc07628b23a1340db9bd
SHA1 80b6f0db8880ae484d5e016077b174a702550b38
SHA256 fe5006e8ad1e3dcc44588712ea4a6e5723a4cf6bbf5be7db9f04d25d91f62327
SHA512 498b6451ac4cd3a7a598001a8486358582bce29479a6cc14e1fd3038d5751b81f5662340936b7e7594268662ac794482869f799de9144eae0a5c930820a83c01

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\PingPongPicture\Contents\Resources\Status.html

MD5 c1659928c4171dcee82ba065549d80a7
SHA1 6887fcdccea434cfc4247faee95662e201b9bcf2
SHA256 e2d9fa6e3e1044265356afc6369147a8a7dd68e030ba3d68e83473b375f1ee65
SHA512 a1a71b238e76089c5a4087e8451180057b0c32a0c6b2ebb6234d9d317630aa5d58df63d0e0b60b11218724b0ffa0fe023de31dff3fe83f95a58ea013fbbd0194

\Program Files (x86)\Google\Google Talk\googletalk.exe

MD5 bcd9cbf0621f9a6767276a2e0bf1dd15
SHA1 802daf7cb7823ce7f36408f0fba01e2e75fdde90
SHA256 c0748aee57a79d1ad8a4307d3ecb03a517464d047cd5cc64bad299e0bfaefb60
SHA512 0dd7dbb13c84e111b6c3a10629498724c4879f3b94a7d786b03009347186c8199791d0cc519d11affb89ff1ac3a1151d532bb9540a23bb0ad35bccea6327be96

\Program Files (x86)\Google\Google Talk\uninstall.exe

MD5 53e18d8b7eaa839ee2619c73ce7fdfb0
SHA1 e2e94dd4ba76de214262080e1098497685c63b73
SHA256 205577c95f4c2a9aa0aefb082e12ef98c865042feb2f396299fba338f302db59
SHA512 f3bb144158b7fe7253956fe3b3d87e353db2b2bab0f2c146f03f3d201cd8557c183fec09b76bb5354988e0890071f9fc23461aa23c0698b9b830fb93994a2f26

memory/2292-139-0x0000000000490000-0x00000000004A0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\2a76fc6f39dbbb2da6ee8064c08ce6d8ad6cbd01.original.avatar

MD5 91d5e3de0a48f1d28d4f72050a99ea02
SHA1 2a76fc6f39dbbb2da6ee8064c08ce6d8ad6cbd01
SHA256 bce7a8f3a90e7b484abeceabb81c932a01856cb825350b7fa5bf4c81beb246e6
SHA512 0757eba0fa6bd44d6de804ee5799e379e059cd15acef84897b4c32a7a7d48220d9d870a4637de0a79a7872439ecb321d312aa32f9917021ebbf3c3e8f520c683

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\250915850e9017edc6e503c2c83b75715917592b.original.avatar

MD5 46363431e0b687e017e5d5614181aa5c
SHA1 250915850e9017edc6e503c2c83b75715917592b
SHA256 1cbf77384a0af8d1f6ed54c3f7411d7b63a682e6d27b51c7def512642d037eb7
SHA512 cca8ffef787a4f4dc88e4d562d0ca8e824cfdaa2dd3d26ddc730ed12f15508cc6360ab3f454e6a6c36eec35800f79451fefa00a24c2bef012aff3fbb9a6ebe9c

C:\Users\Admin\AppData\Local\Temp\nsd1151.tmp\ioSpecial.ini

MD5 bf878ef9cdc2291c18a6c28e6e4bed51
SHA1 3355f518682a34e4a3ea613bcb8f97a4603dd1a2
SHA256 19d584fa6d9a34a631ce4c654ec22b3611d77b481d157b1ae4d88c62e571537b
SHA512 ddd99e822d950944a139c9ae23bcd1415311987b52b594fbec66e15dbe52ad33a162b22b01a7d9d56d3d0bc37844e296c9507aa0933261eb95a8db462ec6d529

\Users\Admin\AppData\Local\Temp\nsd1151.tmp\InstallOptions.dll

MD5 08c82a46416a5e2b471d457968f53816
SHA1 3e3897c20b9e89b279b4764a633f67955bf8f09a
SHA256 435baf3b7282c9110697a4916834ef9371dd29fae6b4cb8e19c19eb126562dc9
SHA512 91e2055b91d04b2348a923cb298ac6ba3637de5038dc4f849c4d2f1665d17de9cd6eb6a97d42d0f894d65348c8fd8e79cd61b667ea5a78e8960347e8cc8db81d

C:\Users\Admin\AppData\Local\Temp\nsd1151.tmp\ioSpecial.ini

MD5 c13556a3ea9413a1dc0e28ba82095bb3
SHA1 3bc721440af674ab7bf0f8b3a73b7661bac0cefe
SHA256 05045a784034bfba83f93b22bd98f8c965c2d9754228e5382a1a558b0b24e6ac
SHA512 9acd67f0a5bee7c51812c2c8c0f017cf7d2c250b2c9a094a744b838a6538ee3d7d3575b18aea076b466c86088fd51d21e25e1ef0fc40c76ccaab08b03f823713

C:\Users\Admin\AppData\Local\Temp\nsd1151.tmp\ioSpecial.ini

MD5 03b9632f5c96c0600dc9896890df2e14
SHA1 01fa06a8773d9f55c16498fe568c169cd02ce829
SHA256 c2159279029737d8f1372b2ba703c6ac6ffcce616237840351db714ce7cbab50
SHA512 e64936e0039edc2652249415fda77a9d924e74e97ab1b61f79b8500fab95db2d7e43478bd32bac0edb7ed515867905018448094b014e3736b6f9073a89b2f942

memory/2292-376-0x0000000000400000-0x0000000000440000-memory.dmp

C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SMJEMA44\www.orkut.com\gtalksettings.sol

MD5 8cf6c45f7b59f309c141e9f6121efd2f
SHA1 7393fc0097f75336e5770fa737baf8ea152bc947
SHA256 e19b5c67a1741de87a1866dda95f615ff094d3eeaba7ac9543d4ba30e77aa3ba
SHA512 688360108329d82a51738cee59c5979ee5193cbb9094bfb82759de8d60e16ea6acda247d15058ea8e15e753a45b81fbca1d20187b9404f8f7dfd49920243591b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\analytics[1].js

MD5 575b5480531da4d14e7453e2016fe0bc
SHA1 e5c5f3134fe29e60b591c87ea85951f0aea36ee1
SHA256 de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
SHA512 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 8ed27fe225c04668d8d0537cd76f92a8
SHA1 8040d6ba3eaa9ab003c9bba6271e65df005592e2
SHA256 99c95786081a472aff34ec958da884ac126ab5b4cde4101488edea79a39f4063
SHA512 0f444089ec2dc7519ef9052691e38399fc25190e9f47c1f2c0f9ead9cf3f35ae2757bee1f720476b09ad79b3ecb21e4a04ede634f249092e2bb2aa944d76c1df

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\ClassicPicture\Contents\Resources\Outgoing\Content.html

MD5 7d9b47b308c3468b0316dbdd0d0239a3
SHA1 27ee361639343ab60756ce5ff3910b0cfc5203f2
SHA256 a9ed8d666f8df506e6e98a4d69f9eec127ba5f5b5d7c3ccfcbfe0490c0485c3b
SHA512 6154daebe24fcee79bc97a51f3b596f7c9094280c80ff488c3c1a3a6e4b5008f6f37f172211ed44cbbac4f4829f8f9871a10dfcbfee6c3bcca6403b900be76ae

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\ClassicPicture\Contents\Resources\Incoming\Content.html

MD5 0bdd7958a29467d9d7d9dac173564552
SHA1 a6eb82a69a5e5b6c449d8f4bb6493fed50d414e1
SHA256 9e3023315fb2184a4e15aa5721d00bfbcffd6fd83177ba7206781f7103166f8e
SHA512 44915cf5baa081cf592cc562106a93755a1c562b2e040d8b93d5d1b650dd36e048c5b20622afb4e3c801f687b118e6e72a5c1af5d550bf45741bed3157cfeb5b

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\ClassicPicture\Contents\Resources\main.css

MD5 e38f05caa4f6d86fcc9ab2763ac09c15
SHA1 82ce5ea87e92805b25fed57a5f3d7bd9aef470a6
SHA256 09e2620c3e93a9e7de8072970f85549d37f26a70c13a1a4bb50b19baa602378a
SHA512 d535fb39c885a5225a91539c2cfaa0b7127867683237f87b0beb99e7a254674739bf88d7cde29d3088ca55672afe7365f5cad9e24625d67317ab0bffe64db153

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\common\images\blue_ghost.bmp

MD5 583c72dae3b1f5f21b2134e12f9e47ea
SHA1 e8fd12370268e499e5f1f6cc0250573f29dca08f
SHA256 f5f319ca39f354d9f12e26de9ce85c0d9b916f56df0b9bbded770ba2c47e10d7
SHA512 4d053f3f432c75d1661973d6cd26ae3d5b00fc5473561dee72845ef3371712e3ddb594691d134f0da3fe3e5d8980d01f7d03e16b7632485060a5ff04d9c7f21f

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\common\images\green_ghost.bmp

MD5 ce8a2c297cb25282a49617dbaefa1257
SHA1 8f1a31cd9d92a14d073504164d2bec6c02cde235
SHA256 40d92d82e62638a920dca835f8d3938f110c59a49b4c55f0a9fabd10cccb6fc8
SHA512 b403027a62e5caf129dd4b9e8678c5f97966d5d666fd1b4c5a77eb9084b5b66034d43f2db66a902775dca33335651928a1c754815b761943412977d7c262d45c

C:\Users\Admin\AppData\Local\Temp\Tar2ADC.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab2AD9.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22f9432b6ffea6893c18485ac0f3eb2c
SHA1 3a304d43f8a43721115adb6b18559f7528fd2a24
SHA256 7b79039102ff45563531a2c3e79ac0795e4aeda20d91d07620db44c2567ffd21
SHA512 2121323b461d9c02ae6fb9416220209323ce3b3a99c4fec12ea1705e6d52a8b3781c5c9b26512813d89ef4d675e4e158e5b3339da6ccbb32fa34b497367bb481

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f90af4066ee700e26ae12ceedfe637e6
SHA1 bae28e4a1834a2059a05a3b4f3004fab00fede2c
SHA256 7709c5fe61ac98c1b5b270c23c820223a09aecab07921c32a0caed1e83941340
SHA512 ace9fcac7d0e998741034cfd27249c17d2f8f81f5c6186c44371906cec30598396698cd10751fa55512379457c3a6b853b12c2930023eaf3c9444efbff6d33d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb39e0083fc3b4bcc51bf0646194e7f6
SHA1 524a65bb626be5ec7de2842ad10845bc0ad874ba
SHA256 87a00984a049b1f8ef61ce288c9d3ae9377cbfb8f624558e39ae314a8659b764
SHA512 2f55096968d75d7d454392907dd3bb73052e67f1fa2a767d5189a4b3881f04fa2f5806c5aa183b645c71388000aced4f9078e16908de8239d9094a6f79de7990

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38caf83c4d4df6e61b7b648a5e8da673
SHA1 f97afd679efdd153a72e6d3b46a051432391f0ac
SHA256 5240123c69b31ef8e03470a8ac256d409e96e0d0da2feb904360fab8fc4d1401
SHA512 8c0571bffeaa308097bd3c103dc43fd2f9a0e399286a2ebf8739cda629517c08f4f3ddb97bf0312c7ae1a424fc9cbbccac9b8b9b78d924fe9a537d72a07c73f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e486ffb52a5a6d5177be1c586fb77b32
SHA1 4a7afc81b5c2483fb16cf19d86fc62cc8f3306df
SHA256 8a934bc2b68f6bd44f1e66579d7b79068c93b229638720f3707283e9ccfba69b
SHA512 bced85992060dd3baae716017bdeeb178ae71911d664b10822366c6fc44515bd956db0d2774c8151a4f2e0f613600dc552055e273c7c5e60d37ff2f2f7792592

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 395b82ea3518bae54c150331a4286577
SHA1 dbb84fd272efa881bb4a2ad5c5479a6340cd9977
SHA256 1b6c779652cc8a23706782642fe0ae28c05e6bc11471fb171115243ddfc0573d
SHA512 a4cf2f3cdf8245b29e9c90e03e69aae33e0e1fa858980618ac83cdccdb1471bb32b3d07ef46ac75ca9550b2ca8618f9ccabb9e5549768c2df611bd6b44e7c222

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fc16edf0c17e6cccfbd700c35a46b53
SHA1 b2b97bbed97e21e8316a7fb92f4cc15e6ddd6832
SHA256 03a261129b4669ca9326f189611b45e551992325c5f877a6ce4322aafbdbd333
SHA512 d10d66dea1ab13ea01c39d7473d3aa80ef2fb4863fdb72d3e771c87aa9c8dfc43a0e7325f6409f4a9c3dbf87d8c557218ea39eb83df790190371d73f96b73a7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db827149310e844ffd8fdad62c69dd97
SHA1 5257bf56fba37bda1140530a235be6e6b78f9657
SHA256 cc490b12514d58e54a26d4f02746ab4c5296f128d46185f0376672bf95a14a98
SHA512 ae548fb6c72a3d217afefa6f077268e4d1aa6eb2b1dbe337b4aa2546069ee2e7e2312b5b8e0d9042610251a3e7638c0ae24c20cc2d59b1b2e6b9edacf7fd35aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27e3afdec8e288b93dd562ca4da4e035
SHA1 8fbe4b61316dd8828b57826827a2a98b52a428f8
SHA256 bf81c886bbdc56f59a9a1989d3a4a411477aedffc4a52d8310682ed5c622c942
SHA512 5320f56d87003ac930c4b5948e9b7bbfb8f1664ed03ff68f75a4c6ec332607c1812aa227c3f049a8202b95e0576a1b581d5763d7123556f34342fa3dba54a600

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0dd6f230e2162d339258c209cffe187d
SHA1 663e43a88e0d633569d442746ddb6f28b4af1808
SHA256 c65e8a1be4fa2e6db46d853ef239a57dbd19916c589ac0b5231c0e41c8117eb8
SHA512 8ac61d3fad0e40fe77422851cc0707f27f0ea10a542847d49a542ea1b27ad2269d14315b997a7db994b5ec25f206d65a3ccb40548e43ba4b0dc46e89edefc4cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c334fc11480a977449adda5f6980e976
SHA1 15ce378b042392a6d5b6cf3d8423bb2e84e74d49
SHA256 efa8141a44ce4150e951cd1e963aeb49d4ab2d165c3065ea19e150c6d234c9dc
SHA512 7f7f18c6e0eb162b104f03d72bffb8fb86bcca1ec6206ff8dab032134f628b0832fadd848dc505d237c7a55573349c916b2b8ceae8d1084ef71025377270c918

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AE966511-C918-11EE-AD90-F6BE0C79E4FA}.dat

MD5 d9d0059c150d7dbb5724ad3b700f928c
SHA1 41274e8d10ff7b348f1f59fd0b76ed3cc9f15995
SHA256 ce159cdeb09d36014b4afe53b6ef3d66a0215b074734cf9ced47609726e48274
SHA512 a4ff6be794ae705b98665145858e5ccf8451a977c1e1ed7f58795a2ad21ab0b5b260b88a30c6e2382d4942545de14f1df43904f567c4dc44b681f88a7512c4ad

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UWDWTDA5.txt

MD5 7c03306df244d5d915b722bb6390ef06
SHA1 b432977d2fc6625c1f8bfbfe44e328a16e461fb3
SHA256 aa43e86d2bc60562589edbe15d0b66cf4558d4880b22830a15b3585c52b35f91
SHA512 3e00c610cd99ddf896a64087f938441acf7eed0b0cbd688e6434e4a65770ba5bd970a656d1e0d8723732c034019423b700a55882e6b16949a684ea30ee5d89e7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{EBC0A870-9B54-11EE-9B7F-E6B52EBA4E86}.dat

MD5 a26de619fbb3c20b5591afeb1a4e8cb3
SHA1 3192ad1ed58d6508c62eb0d0ca80930cb5cd27bc
SHA256 413cdef11d1606a79e4b43627e4d22a9acd7bee069af84c3173163645aecbcb2
SHA512 dab055686d8583f1fead40a4598633f1d634aa76d9d9711c3d79e9a8e1e54e488fdd88ee6356956c049a095297ef2a50a453fca7ceb936fbbf5237f0bdd3c990

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{AE966514-C918-11EE-AD90-F6BE0C79E4FA}.dat

MD5 8ff6fec953b84b03eef7f6351e61c884
SHA1 3e57e2d3781b41c509abcdaed7262608c02f7546
SHA256 065da12c8cc231cddc9f4a70f2b80efca0a8eaf5855abff539f32fa1b3989be7
SHA512 b18697a62a91c70a4145a5ea04e8e0791d75dc3489d06b23268408e17c4d53999f54153d8fda719cf620d6137c3b0653a01fd734924a2615d22d03aa75b8724a

C:\Users\Admin\AppData\Local\Temp\~DFCD78EFCEB5C907FF.TMP

MD5 759001dfb7f8e323c1edd4cfe29502fc
SHA1 804604d5c3e44662c704001fbd1e49e83616f3ce
SHA256 0c1faab20c8166a0b8f1979f2fcc1173807f90d28e77dfae6bbeb0399a26e807
SHA512 c1a93d4898c69b2a1b2f1cfdd36a8a79e1062b139817add0ca21ad0066d7492c76dcac5483e833d05a2b3b9590f9316d6d98e454de242bfacab4ed3ee5d61386

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a71df4fabe657b8288aa98b9adf9fb9
SHA1 8df9a6d994afb26de5af7ddc7efae5b6cd408d67
SHA256 8e6a61c587848c8bf66d3420460010dda3d13630a5ac0d9178d8cecd10980fdf
SHA512 93666241a779d594800fbf090e1804f6f21974ebfb9857f7e740213174a6778f785337ea1c579332992a7aedffc33eeaee56d6ca1ce6b76821ba4e9132d03b77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c4fa75cb131c2baa500726c3c9f1f25
SHA1 ddf1528123d80a55a88f4473d50b6f4c2dbd3d1e
SHA256 359f1b3539644be3b334703a3a1a4fbd15690838b36fd553121afca2daf44b93
SHA512 8703caf141dd51edc9ecbfad1a04a5b58b0f7477ebc4964f2c8ba1a308ec71b38d9dc6a1a9bacd570bc48459c4123212f49aaa2500939943fe06c0861c06141e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa6e8cc9af9ac5b95ca7349cb63b33a1
SHA1 6ddef02153bf27971e13e1facdd300d3ff11944c
SHA256 da4e7c162fb6c094bcdfb55c193729759ed4a3ba2fc9043b5697dbc0318bc26d
SHA512 244aac6e1c1c07c237b24463ae92ac0c02c68e5f699b918e5d41094b7be42fcc235c8ea7719978cde73397a0d32c8bd7695129701154fe9baa10ed3858b46da4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 190704ea185a851420c61db9428f26aa
SHA1 fdc35aa255b1206a020131cf6838c5eafb3b5769
SHA256 a7c733fc2a5d4454d2aea7e2fd8b1ac8a924d489fc653fdd22e5b4ec2b46dab5
SHA512 577fe2ed0f205fbdc13e5a3bd421c8a32052e3edf6fad3bb907ea06af25273e7b23e97df9764998443befd2d65a4b7d1bb43077ee81c9c48db1d6690fb6bc937

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6da7db30e3d63ec24628d90d5321854d
SHA1 3f18a680dcfcc59a93a9c999d6b107546c573650
SHA256 0dd628525317fb00d2712df32fd1986028463328b479e39bccb7474ea31bcbdb
SHA512 96657408212d64d947588cca3aebd83c429f0b6d81d7f4839bc124ccdf622062d94d5621c222d2c38b8df1ebee949ebb1977fafe1104e8bbf354c7f48a7f8098

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f314a70a163fb51b915bcc9625872de
SHA1 5cc7a68efe65b6b6dd5536bf749a0cf78754a908
SHA256 3148d120b84cf3175c57d399cc88fab92c7b228ed2495ef2595a1e6026b503e8
SHA512 1ea106acf10ebdbf0085b16704c5e72051d91b540e30e91775400a5f4ca2fd81caaa3fe5036121dd3f441884658955322ab41aa6ce7bb0ceb52614882a06e5f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 236c1e86e5dff753ca68fc802fe5afc0
SHA1 c97b2dd9c82516d960ee63a105782fbf45d94b6a
SHA256 5ba3619773bb88c170e9b634347e4d1be2a5df3523877e910028bf64afaea3f8
SHA512 279343452bfb7d4b05d1166a8e975c8924b451f2f320fe5bcc510bedc101c78ebfe437d6eff486802b22299895c5df9f7c22e6406353675b55eeb110f463c590

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2a12d5444e22ca2ef9d7c083da0a2eb
SHA1 e716c9e342b266f1fcdc5e318d7695ce64822365
SHA256 7480d1333bf4923fc0467ade1984418c15d4a5c96dbaeaea288eb4e009625d91
SHA512 60161869aa37e5cb6159034b64e53904b2bcee7976ca488a658f4727b4b6ff8aa7fecb3daf499fae0629beaf21a70d271efb544dbb199d30ac44bbe571626c44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ac677d709ee1aa486d401f96616db42
SHA1 03aac77aa363b3d23da0d09887580dc5c33eeb45
SHA256 ec35a556394cd6fcd3cbf7a3ea16d8ed37b85a34c4d2a98f4e4ead4f988b96a8
SHA512 48e91fb49b9fb627fb43d02b4e08dae241affbd1457c7baa883498c9891e26f6082640c02fc21c23cce9299a4e6c3a0467b0153247a9ebd4f6ee5d47cd1725aa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BC0E83D1-C918-11EE-AD90-F6BE0C79E4FA}.dat

MD5 a2f9ea75e02d2a0c9705b976e6f652f2
SHA1 fbe94af751f257a3857acd7394e5f0ac14fc3788
SHA256 744fe335db5218a6e51ffbf77601ce5cd11e7f5a1c4fe3485402e2bf53e2c284
SHA512 cfdef8b70c15b30eaba6dcd95039fcdea98d9dab78126f803efe54d7c6faf4fe8a3e6be4749ac97abecb244004ab01db5fb8e7393dd7543865e826a43cfc6aff

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\57711WD6.txt

MD5 86417d9ba5d277140684d9e90c5cd801
SHA1 03425cdb31a15c6c49e2a34cbe7fca6ead3f8bac
SHA256 bee2d976ecbbe716a876a9ae524f5f4286175200c824dd81ca31f16ec247218b
SHA512 2f91f58e565fcf7827e0cb80e89a2b2b9b1d48f65d4445c2b543f9dbcf74d17f91c4ca0f6ae16992d5fffa5ba53e9003eaedd475529e0913e47150e2ece080dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 4b61d05e6fb2ed6b899b2b11e562ca94
SHA1 eef3ac995253d24be6c2b775db3c33e7bbccf6dd
SHA256 17477a73821f1a3d38bc80f9793711109ce3365b831323626f08cb243e8f3002
SHA512 35e3ff1f272ed3176fa5a3299fe709f85e2cc8cdafb0565f5dec39b9a6be77dd1814e7d7160b8d9acd6415436e579abe5f66d37cd204754ef24c51aae351d947

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f0859712ce8b1bbbfe6fed3a467e6d0e
SHA1 ad6d74a218c551fc3e53c18969fec65af1b5a1aa
SHA256 0a070ca04503bbe1e66dedd1820cd58426d5646d64f3f7a724a0b73544823be8
SHA512 050b7124e6719e220be70aff2d4a005e8b061b543bbb0672e8da0b5508dc6e5e82a14fd9f256616792670f9ae873ac574fac58fab61c86262aa10a38de36b8d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 59aedc3f6a4369d1a6d89057c5e65052
SHA1 bee69ca2b44fd67376f631580490f6ab6f203db2
SHA256 5679b01327b65566693412ab005ac76b193eb6725cca44f7e30422c1defbb6ea
SHA512 c5be90449e18e1acdb8f4ea3fc9f2fba3b1368992b1631c36cc81e88ce01b546c76a1928f3add7bede1e31a10746f5d80200c66a5a49e320042113ce26325e48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c176d20e693ef3c81002f70bec555078
SHA1 f2ccac101947fdbdf1581a5decd3f7d1974eb23a
SHA256 77f5106d7591bc264b30a169b6cd9a255cb848dbdf0af89254bbf5e2f976dd3e
SHA512 4631e847ed8f366db57b7f581feb296b865193731d5b005573a12114a09d451b6b9f33542b3e602d433ffa25f10a01853b896823ef472ce66ed58abaa42e8105

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 34f9a286be647a6c0df072b2f6e182a5
SHA1 0ef0a28d7bc8f2aa5d32f639f0c3a6c0c21b9bf3
SHA256 1e7353c40e20d1ffe033d847e0d52ebf47043299cbe20948af8319e1e8f8cfcb
SHA512 995f1cebc1b225f3590dbdb8d56c3ba9e809a6f3352b261626e2c4faa71a902012bdb8813e9dd029bcd4a323a4f757b9c8817ab6fa43ba7af0c86341fcbb0b40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 a98babaee92773f269f829eb6c42c878
SHA1 b3215d1e521d933fc6246cb8280e1b582fccdb18
SHA256 60def392666afc564970c807c7b92ee141913edd64d5ccc8aae00213c0fb2ab9
SHA512 7057794c0361b9d941e6ac29ce757338aee66d40293109a2886799fb87792b93f0d78dad47b2508024e1cd73ecb0020482dfd82425b8f949890ab1ce1ddb7491

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\js[1].js

MD5 2cf95a2e17e3ed3a13f6b60f5a1f8620
SHA1 62a4be6a3f29ceba2a0330b2814e34c091f649cb
SHA256 c61b5e0471de4fa33d2e9e32e2b8ba78776866ed8163f3a199ed8812e4f8370a
SHA512 411e86ddffb2568f21bfe141b110035affb79e03fa508437c4898684da8631eace82fb7b3a95dcafddf6534cb2e3728c8e0b292d4e821f2bba267ba5b6269981

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 395b979925ec907200f730d18e54a78e
SHA1 42429a26d5ea0adc16ab3ad719a3785ea26132bf
SHA256 1d7cc694e79b63ec2a929715dedd3c5a4243b5c527ae7b29a546a311eb76a8cd
SHA512 4ade5546ed226e182dff0994cb4efba0e3ab3ab0066052697c7d2d6131459b3f82df0a03e753ed4eb6bbc796458c957e5357f108096762eaa85d37fc148fefdc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff

MD5 cf6613d1adf490972c557a8e318e0868
SHA1 b2198c3fc1c72646d372f63e135e70ba2c9fed8e
SHA256 468e579fe1210fa55525b1c470ed2d1958404512a2dd4fb972cac5ce0ff00b1f
SHA512 1866d890987b1e56e1337ec1e975906ee8202fcc517620c30e9d3be0a9e8eaf3105147b178deb81fa0604745dfe3fb79b3b20d5f2ff2912b66856c38a28c07ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff

MD5 6dd4ad69d53830bdf5232a13482bd50d
SHA1 6fff1079d7e5d02a2259cb5d7833e790239e01cf
SHA256 5ce48d9e9d748ad4686094d3cc33f5ae1e272a5b618f5c6d146c4d12ef02e4a6
SHA512 fc91e8c4eae384d38667e330c5a5e4bf82ebac9a23ab88439d7c22ccdd125de7f1371dd953f18dee60ef68b680df49a32f684157d90f20e1dac3bffc9df84118

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff

MD5 08f80de0acf68d82aabab974a47d9e5f
SHA1 e6f1c0f5395a9c297aa162468961c1faf0ec1ed9
SHA256 4070911a1bb9cc52c4e4cd5e85ca186dcde89308a0517a8faa4715c2e0a9d45e
SHA512 720de47fdda648af7ce5f3f574efa3322191c4d0001e31181739d65ffe0cceced56635af58e5e828072a17eee1ed1e318af467b8ed7f4185ee0f5155501cd8d0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\js[1].js

MD5 715773dae4a559a70299f4cc7a53d44e
SHA1 c63965cb854ead93904d27ce684c31b501a6875d
SHA256 be8e652990ee9b9ae0cd951fe226ea3fc29eb26590dbd12698340333f2448eec
SHA512 f627ef663bfc3537726fcf49d1543ea89c7803b3f999da0d44e0fa5ce8e32615c24ce637f67b336bf54dc4a85a9c6133de76878dd3d2e1ef68382a537bfd9424

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_815674C50DEFDD465FD2EC6CA819A555

MD5 2717bc0a4dfbb65053ba0df2008fa5f6
SHA1 a1809c061eb21b3106774e60584f9fa824296180
SHA256 5f5ebe2737510db0a37bd9a4782206b3e32d99b7d4bc356b8910cacc7bc75c82
SHA512 b42815265e2cb059825f6d3cfa9458f1157f36e96b5242ff8bf924f94449cc326a7d7972a27359fbc22f2e85c8f28e9d9c0a14c1aed0572bfa2b71520bf9970b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_815674C50DEFDD465FD2EC6CA819A555

MD5 0a0225d5bb752433a7fad17c4e8708a8
SHA1 6166666fbec431c0fde392d73f1bfd9018181104
SHA256 f34d3e252bd621b4f07c69dd69fd30d2c179ff451820d2cfb1a671192daeda25
SHA512 598f74161a4959c6b0935919c1f5ed4ac4d54fbb19b782b284a61aa34711fd0ea1ef81183b72e82de2c2030f6d50ae009fc34beae8899013613a1a986baf2167

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\cb=gapi[1].js

MD5 ec9a3858b2c06b17c4811845c37209c4
SHA1 2df320ad9daf33dd31e6381906f7fdcb598ef312
SHA256 421319127de46e1ab3f62ccc60459a5c53a5ad462e5bd62051cf5e346ae26231
SHA512 a8ac445f151e4a56d1870e7d0a0b3940672a4b6a2b4a1426e6764f8b2ddbb61427b275fd2797373834d10076b50e06e50f509e2b8ee1fb02cf4a936b7e611b49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 53d91a9c472f7c2a3a7cda7a4eee13d3
SHA1 881dbd3adf35c6228be6cbcb8f6770eca977fbd7
SHA256 fd145dc7b90d09e280ff28c61008b6b9d38b20ec48021a35e628ed70bca7c79e
SHA512 86b6bbc4e6e5237f26d0650b9246d5138efafddb9a3e022f9e48bfc00d062d053f2314f90730b13bf15d3d71e041a97ccce39e97b325fa66de49ff1ad73dd2af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40e8634617146fecf91732905d463b93
SHA1 e4a6163978aac1f617a8dc7693473cd0fd517952
SHA256 c0b5a4b1347be48d98eac1503aa6267c1b291f054748679ed82ebc2ef0e9ede7
SHA512 bd759cadce4fd38600414f096fdb1c7503aab48e01c4c282f7c14a35b4a7985c505e8eff83d2a7ff677bd577312526a990bf9b19af8d274217bb1f75110664a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c46a3c406335cd58c3ca3f1ff2b5ccc1
SHA1 542d124f57dddf5661819904d29cde77dbdfb0a4
SHA256 89422b218891aaa17436478fbf88b3863473fa2ac22dc66f44ca7bfc18b426cb
SHA512 a67f27381931f74c8f679924358512d07766fc45aca5e605f0ae5b7e5bb552c4acdc51a729e6abefedcf7b9a4f190e1ba5cee669869548e8688485020d464222

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f2afc2e9257de6028313aa67fa89826
SHA1 fb71eb8a5e953ad9232e6b6a804ebac89d30823f
SHA256 62538ef47fe7d6a24e2c257b581a2b4a270aa0977b53d9387b0fa2a8cae1bc80
SHA512 9a5068a392b0b709ceb80b05e2c73988adf70d5ccfc5b8a5ff8d2cd619cd72d09457930935d2646a367d644efd6727420d09d6a0b7a6cb7b2cf4d1f71bef3155

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a67539c78a100b1c5493eee7dc9ad42
SHA1 f7260874276773cb1dffdc240f666fcd26714cc5
SHA256 d7197b76bfe2821c208d46d29130fed5e53e7bc3251c4e023ea39d4359fa1d6f
SHA512 bce74ca356949fb1db51000b7d5b8bcc45229f6bb2e97437be7713c6de0670558f5d40c2bd203c350502eb945ee33fce086beafb31080c79034bb3e7d2f0509a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9db0374a412cecfdcd0137cf84b47bd5
SHA1 9d34ecb866faebcfaeaf1adeb79daed421065c51
SHA256 6d274d8d38a5f6d6f35b693f8e3cec0a8a17cdbae9d88c7ea3c157ade9783107
SHA512 91da396be61c537b874296b939a28be6660d0899763e9c24a88ae10288ab7c6d66034f305f5a1d97360c5fcf6ec3beaa3b45fc7070a926f8d3d3bd8c016f6685

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fd365aa6c2f890d737a3d1a714adbcb
SHA1 31bee97bc4c4fea29d1e47255b884ef171587c10
SHA256 d1c9047d484c8b2332dda8558ac75e8c3d6c15a5db6b36ea47eb1fd689b6f34b
SHA512 c8c38d1d458d58c761fba0b47acb7d016cfb9aa57a5bfd7736fee7a638d78042df8768d0bd3b8c9b45f8b6ad55652960976b9f3d2dc344078af1ca96d847bf60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 522784b18d5612b5b1a888c13cf1a632
SHA1 e7504450cdf0fa1c6746b20cd32573de16668412
SHA256 6d3ffcb55400b7038cdb08c8f640064544381308845e65f0f2e621ed770bbf40
SHA512 f1c135b48e8a438e6f871688b6d7d74d3d449f724c4e695bbbe7d83bf525d45516feb881609142b627c3ca3df860428ec1c0b5c4a7627759062b432ee32ade02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 111b57a1719701a6bb3c37e7ed75eba8
SHA1 52de1c46afd49d67b0fc79bdeb5aa3e3c24b5abe
SHA256 9578073fcfd7e90e068d78eae5adc2fd18cde079bd9765d65758e176e6d8d3eb
SHA512 36d64dddb1cc22201a202a8e28203ff004c9e23566055ddf2815ac8bac2752aa0fb115f89872a4788448f553ca133487c58de5a99d40b4cec2cd9a6eaeec268c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fc43988f513ffbacb1f6cc925eecf43
SHA1 52fae234de920e784de65d012d0d0a973bae98db
SHA256 afb741dd20c8efd6cf076cffc44fafa3b023be1464fc0de6dcbacd884e82b95e
SHA512 b982e54880c905e9fdfd0a1a2b1d72712798ce05d91f6d15e3f2211789dd28374cf35e0595397a04fc55c7382fcc2ebb0bd81d4524fa3480720ff0bea1bdf17b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 70e1ab325f687063391b7bc8ddced62a
SHA1 9b52de34f3531694e790f6a3026bdc285617d005
SHA256 2cb7e3dde437cc1853d6a2d583b894e5e668d72e211855eb4d881597b202e78a
SHA512 057a7cf93488b7feaa2b42062cd7ad97c1b3187d980cf87a2f60831eeb1110688513c4532b8f5d02b7e8a3c2c734b7cac52979d071c25e242843445bf8007250

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1ca630d1f77052f366e5810440e6415
SHA1 13c3b83e3cebd4be8dfcfe6b788b07a3ebacf051
SHA256 c12fb494058cbfee38eb455005356f7b007e349911246e209be82115d073fd26
SHA512 1674c00117f4bdd89e1e222e35c5ce00de5177781134ac94584a5c9a9b975c1738e647273507b0f0a870c313d708851afcbe44dcb3803013cb6f3d58978aaf9d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{EBC0A870-9B54-11EE-9B7F-E6B52EBA4E86}.dat

MD5 9f14b10d61d93d4b3f3732b3769d140c
SHA1 68b67d01441bccb4b13b3fdb794dae7ba2349903
SHA256 d131f856c561cac1160547caf0eadf9e80d63a7f59ed134286b2a3a4e5aebd52
SHA512 72c1600460e70b8d87dcca681de532b9337bf922ae1b9c677e82342a0d1f232a15b6e49b9df35958116821b97c138d31f6039ade04a9d5cdc4667b80da11aa62

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{BC0E83D4-C918-11EE-AD90-F6BE0C79E4FA}.dat

MD5 65e7e9ac288384687fbe9dc2d5ef210d
SHA1 2dc312963c6e480d02861c830fbaa9491607b993
SHA256 c93f511dc1ff86b61138ab68ed1b52875cf2f030a0c00b6fd984f2ef0a10ae88
SHA512 db143da24a9ea5463a60c373b0a26bd705e1a3082e4f3d3c0cf4e486d386072b8f5738b4b07e81b7718093162bf32873bb41296bad1a17b7c30385600cfaed84

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KRKOS8IX.txt

MD5 2dfa7980a71eacaf97b1ec97025c9dcb
SHA1 a414d020e1686f0290ab1974498a64655c114eff
SHA256 c2c338d97e16527e6255b1e99a26053274ec0614bd86efd850c9c38ab8a9ae7e
SHA512 75b262197704b4eb9fcf6fb0705f3936fc05abcd4e27f21c65c7dc1b7b1a5b89e811ad40c2f3f2ecce0e2f35f79a3b5beb5793702ae1a0e82669917c7e038882

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

MD5 0b578d06d231850d9e8a8c75a44e47f4
SHA1 cba40bf5fc0e4ae72624685c298f7faa0c7426ee
SHA256 7319a8c405854410ac1e8ffa0ef0731a1346edc4eff31d2db6c83c557d9282e5
SHA512 e6e272ce82e0504a3a1837357bd332c42cf1138814ffd9380955cede5e66873489a234fde38b6e9ac0b3688f33adc7b45b4a5c8b900389e8ac8941bad2bcf5cd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HO7OC0XU\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_5715DE550AA680C2FBA40D3A4F6608E9

MD5 44f23835971b492cbfaf7184db5be525
SHA1 27f5c46ff55cb37e36a4a232d769b1bab24f8a6f
SHA256 1661fba4de98527f05d774535558cb8cc921add4e29e6cebff25d0a2ef83a310
SHA512 20239d05b6058e9d2bd7c52ae3b0e9965385a9d934bfe02da60e76d10faf1f14a820814c424cf75649a6d51ed3d4d6dbe403c58d1d055f899d2012f3fe938e1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_5715DE550AA680C2FBA40D3A4F6608E9

MD5 9c5830de61644abd81b6a8e3d0dba742
SHA1 965f88b48c997da78241c780fe90ff6d8a93da0b
SHA256 a99373e1c5a5e12c9b6c72e73171e4037663672515a09220660dba970229a748
SHA512 74e86c066d849edc3d02d55cfc8920d3461a9c38ce7d88fa9ec5ab8fe85899561b14b0703311b25311036fdefc7179e4a606570975aaafa06d73c6dc69327749

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\gmail_2020q4_32dp[1].png

MD5 ce23c4cb379c32ae54df13ca22de161c
SHA1 a8532339309e8572140f4ce343caff7b187029e6
SHA256 1f00bf732dfc5a8c7885885117d9c3a44f25ea1f31e92c52237c76d7bf908525
SHA512 b7b6f454a0bcb56b9eed5982f3355f528cffe63bed62d0d884dc3259dcbfdc706dd827acfb0a64fdcd9f610965d30276cdeb5fcd5dfe2e5ad413d7b150ec61de

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-11 19:58

Reported

2024-02-11 20:07

Platform

win10v2004-20231215-en

Max time kernel

531s

Max time network

533s

Command Line

"C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\googletalk = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe /autostart" C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Google Talk\gtalkwmp1.dll C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File created C:\Program Files (x86)\Google\Google Talk\uninstall.exe C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File created C:\Program Files (x86)\Google\Google Talk\testperm.txt C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Google Talk\testperm.txt C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Google Talk\ C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File created C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82ec66ad-6a51-4aa5-8788-dea156a4580b}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Google\\Google Talk\\" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ = "ITalkFriend" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{7a9d1480-c6a1-11da-95ab-00e08161165f}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Typelib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{65D12388-C5E9-468c-83B9-60AEA2E658DF}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82ec66ad-6a51-4aa5-8788-dea156a4580b}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\gtalk\shell\open\command C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ = "ITalkAPI" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2}\Google Talk C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2} C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ = "ITalkFriend" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\FLAGS C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\0 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49C7-BF37-0EB4A62D8638} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\ = "TalkAPI Class" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{62d14448-68ff-4c37-a7f2-31105a1be427}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2}\Google Talk C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49C7-BF37-0EB4A62D8638}\LocalServer32\ = "\"C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe\"" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49C7-BF37-0EB4A62D8638}\ C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ = "IChatRoom" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\FLAGS\ = "0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe

"C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Program Files (x86)\Google\Google Talk\gtalkwmp1.dll"

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /register

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /startmenu

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\2e305183d59b40eba065ffb3bb46eadb /t 4136 /p 5108

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /startmenu

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\f6a17059672642129399bb609608c68e /t 3996 /p 3596

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 198.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 tools.google.com udp
GB 216.58.204.78:80 tools.google.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 mail.google.com udp
US 8.8.8.8:53 tools.google.com udp
GB 216.58.204.78:80 tools.google.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
GB 172.217.16.229:80 mail.google.com tcp
US 8.8.8.8:53 229.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 28.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 207.178.17.96.in-addr.arpa udp
GB 172.217.16.229:80 mail.google.com tcp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 183.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 204.178.17.96.in-addr.arpa udp
US 20.231.121.79:80 tcp
GB 96.17.178.204:80 tcp

Files

memory/1676-0-0x0000000000400000-0x0000000000440000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nst441F.tmp\UserInfo.dll

MD5 2b006bbf7c9295683eddfad40008be85
SHA1 b3f42a8e2ff172d51418c72811586b11ed589909
SHA256 9e4440baf56d47ca4cc1f29e7a62d407d1f9524986160b30de5f825a3fedee88
SHA512 e1cfd739b7f8de442e2fb49c83569e8051492180780d92a4bfaa9c90b1444fd0020f9f596c12820642dd33cbee2c81ec793acb1c8dab1d1bebbe25b33c51efe8

C:\Users\Admin\AppData\Local\Temp\nst441F.tmp\System.dll

MD5 61151aff8c92ca17b3fab51ce1ca7156
SHA1 68a02015863c2877a20c27da45704028dbaa7eff
SHA256 af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d
SHA512 4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e

C:\Users\Admin\AppData\Local\Temp\gtalkwmp1.dll

MD5 f341a096bbc785dc39e0170ff725a7d5
SHA1 75b233a2fc20ff4a748c65b80c17188f63b9cd53
SHA256 fd23273a36db53e1da88e2b4ec84ffb720e54f9c6ab8820bf8937e870d64e44b
SHA512 fe4a237a9b7b100e0b4ae5a2daf30989b3d6744ee7e7ba0a8a3c6322cf390a93fde3cfed79e4593e06f7ff072e1c207b9182623ccdb1b9da02cb412c8096b77a

memory/1676-19-0x0000000003010000-0x0000000003022000-memory.dmp

memory/1676-30-0x0000000000400000-0x0000000000440000-memory.dmp

C:\Program Files (x86)\Google\Google Talk\testperm.txt

MD5 cf41c3a04147fc650486a80e85f2444c
SHA1 f98fcb580c775b8d902f6bf76f52a559af43d445
SHA256 d632b0b91898356488302714bebeb771cd765fa045f7a16ae925d2e99263671c
SHA512 4d24cac88a0baae5426577e18152d9a404cb525aaf3830cb75f0f1bbe868b635206f9f3e5468255b1cbe0ee761a24dc46b9aae6e0ed17aa4fff5c7090c8c8ed8

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\Classic\Contents\Resources\Incoming\NextContent.html

MD5 70e3aa6ea6428c65e2c99fb67cdf3c38
SHA1 65cdb1fd2901446df663190a3ab381b1969cce00
SHA256 773c0f0b634ec3106c09645484bb08cb2f18d316a6b6f805463feb3f892470c8
SHA512 b913c91987f68943487e6fac363d3abfe1a43d80ebc9838dac0fd2a06b14f0c2594a2abfb893a1f170a8d3b22272ec2e118b52c2d8492b94f1b4b6e3d520858a

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\PingPongPicture\Contents\Resources\NextStatus.html

MD5 4a75b7ffdd13bc07628b23a1340db9bd
SHA1 80b6f0db8880ae484d5e016077b174a702550b38
SHA256 fe5006e8ad1e3dcc44588712ea4a6e5723a4cf6bbf5be7db9f04d25d91f62327
SHA512 498b6451ac4cd3a7a598001a8486358582bce29479a6cc14e1fd3038d5751b81f5662340936b7e7594268662ac794482869f799de9144eae0a5c930820a83c01

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\PingPongPicture\Contents\Resources\Status.html

MD5 c1659928c4171dcee82ba065549d80a7
SHA1 6887fcdccea434cfc4247faee95662e201b9bcf2
SHA256 e2d9fa6e3e1044265356afc6369147a8a7dd68e030ba3d68e83473b375f1ee65
SHA512 a1a71b238e76089c5a4087e8451180057b0c32a0c6b2ebb6234d9d317630aa5d58df63d0e0b60b11218724b0ffa0fe023de31dff3fe83f95a58ea013fbbd0194

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

MD5 bcd9cbf0621f9a6767276a2e0bf1dd15
SHA1 802daf7cb7823ce7f36408f0fba01e2e75fdde90
SHA256 c0748aee57a79d1ad8a4307d3ecb03a517464d047cd5cc64bad299e0bfaefb60
SHA512 0dd7dbb13c84e111b6c3a10629498724c4879f3b94a7d786b03009347186c8199791d0cc519d11affb89ff1ac3a1151d532bb9540a23bb0ad35bccea6327be96

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\46914b47602a13eb2069793817c907fde482e509.original.avatar

MD5 139ab22ebfe6b86790b9859251d2cb85
SHA1 46914b47602a13eb2069793817c907fde482e509
SHA256 4d945da6e45abd54d757b4f82ec926e3ae24874727dc15e16229ece7b933c94e
SHA512 f7dd86f347fd3c9123b7a89629bdfc81cd18f6b4a8502d58804495596e6e9dc13fa5600c517340a25c3262091d97b78e9e3d2690f51a3ba80dd40c0b3a37c2ca

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 0e889698e699ff46a7ea1e396343c491
SHA1 eecabd575b852104c4ef2512c168f01d15dad3cc
SHA256 befdc8bd467e8d474c1a5a9953582f0cd1e22c6f7abe6e195544b90958aa1bf6
SHA512 f6bb5237b1d8f41b9d083f4819e16bbc4ea2436503fe4299221d10495abf6d410df65f1605233cbc17885660178a4c3ba6e7b16638c562dc115c5442364b161b

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 370a9e303a5e2b140a7b3f37a4233481
SHA1 02e77036c1ea4be91e1053e3c96f28e805d119a9
SHA256 66babc236e7e018e82bad773dacb5c3089ba85456a4efb8a19ee310efa3824bd
SHA512 657b99bf1959dbfe8ca7b515b792550113e21b3b416296bc69961abf89cad1561f4e0cb2d443c4bc0906cc77e70b33ecf95ec572001f5c88d5635a87add62e51

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 ceef4fca7bc7083ac26ecc0e4fc7a4ca
SHA1 5a3f30f9764147a12215431398540e05c0435aa2
SHA256 9ee950db30334eb12eb6b1a12b667d68710f42d53d069eacc39ed25b6c25ff5f
SHA512 702d0e658cc6429304f8c770dae31ea2617c23aefa234267f9a2d45eb4650bb97e39356bf669e71c635fbfdc8b5872bfce8efcb90b65f04f2e43d6acd955f3d2

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 a7d60d5287b04a563e0703bebcc6bf86
SHA1 47b4169fc4ed7a3066ac32532dfe3256b1c23b49
SHA256 4e90140d0b54b2daf35354f88eb883f1b90b79294a81a660d6ec2b03900b69a8
SHA512 90dd6b09c49be213968aaa05197fc147fd278df330e08b41228592cca119d86b98400567ec8342944202ea12adff52aabae5ebecd1a4cbcaba8559494320e7e0

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 5f7e31f0001ef4310865f1ff4549b12b
SHA1 34c95afe0b0fcb9576636e25261c92dbb32c2ca3
SHA256 4681737d35db0808cbb99d4653b9f99141d7409f60268b9adb84c2e59792c6e9
SHA512 fef96b44c10223fa1138832e34fd12ed6a3ed934dba3f736a985cbc236bde9411fffaf6e49f65e50302711a09af30d27853a8158f807e7ac5065208619c07502

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 5c2b6a18d6d09563f1e4694de12326d7
SHA1 9a6100592deaaf027f4be9fb13fd813a2230c7a5
SHA256 d3ddc4f3ffba57c634611b6ac45f979c9671fa413dc7a317155dd3b3f2485d00
SHA512 9e2a44eba0285e7838243644eeecd3c3417c1293134a06a11a5fe93a6508ff0939db47c8d786677107105e60468217cc3ac71c891e7a051ff991a6c09913ddbb

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 b02547e43f9cd41b26fee3a8f4b267a8
SHA1 3b405b7c88e5280a6f0bf2e5fef2c8e7e5e5bab0
SHA256 605b1d4c08bed7aa60b30479c6eac51d53214fc7c15a12d47ec3633094cd880b
SHA512 fd6c9f03012b2054dcfb704558f9b30719c0858538d9478cf05ec66096ce67633df90390ba9bbb96b4631794c27fe28201e084e0489529df382330c9f5673e70

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 b37edbac0fbfd58a10c826ce9bd0a1a8
SHA1 2f3e77a1e6e536c873a17887003faf65579093c0
SHA256 495b4ef47b07b0197d69bbac7f30d6b5994a6ccb61543fdd32c35b5146c9406c
SHA512 6fcb26c74aa6e813ad9f75f98dde6f7a4c19e69e701465b2113e2d28d02b971f242d67db47a8ab877068be09fe7b3d3fd2bf045b493b4e296abba8ff0e395cf3

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 438815592db40de2264606f1bfd4d903
SHA1 775aabe7ca171d273616297f50453c711d150494
SHA256 e166689a2be4b0c649c4455b946373cba82be7bb56e8c50230bedab1f22b2115
SHA512 3af5009acda043a85cd4264758614e4cc15a1b044244ff877b26e35cab56ce30bc390f90242ce735657fb7f1c35d177f6d1fb1123fd4ca52854091e0d18bb53c

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 477b9b2262edfb077aa9622b473dc3db
SHA1 fbfa567309724a59bad65e51ca1ce467ab52141c
SHA256 0f0154aaef14b04bac6dc6d55fddbc99440a822c165725bfe7083be90ab50e3d
SHA512 9f9698478accf1791ff6c6e2e5c150d691d135a319c5888b46947ca0f4896a025a26296ffac8adc276b4f3d4f086c3af747cbedcb1b841bef0135e717e3fbf1b

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 7b0e66eef397662bf1d1346fc9cf5313
SHA1 2712a2b05ba8ef6a3d84ce452d37a64090887b53
SHA256 5dc2d386b8cea18c0401dfc77ebe3c2282f61b113f468337a23e4579ff5e28fe
SHA512 eec704b006b49981db884f2362714fbabdbcf69b47da9f40fd4413e986f46e0b04689f6401991e94571fc3a7755a32cb70620c2d3c7ec3cb9bb23ca5ed324b94

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 91d5e3de0a48f1d28d4f72050a99ea02
SHA1 2a76fc6f39dbbb2da6ee8064c08ce6d8ad6cbd01
SHA256 bce7a8f3a90e7b484abeceabb81c932a01856cb825350b7fa5bf4c81beb246e6
SHA512 0757eba0fa6bd44d6de804ee5799e379e059cd15acef84897b4c32a7a7d48220d9d870a4637de0a79a7872439ecb321d312aa32f9917021ebbf3c3e8f520c683

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 90623c105b3a59a8de55402d5690d179
SHA1 a5515c11ddc68cc7afcf94ef564cb331c6685116
SHA256 8d79a640a600c7f95bbf5bb992dde81e2d829899f13dffd599bab032a192ea1a
SHA512 5e6db87d6b2b879ae5a7bf43f7a19721a825bac26e003574b7cd539553fb681968b7b265b5233a55074ca9cc0d982230cc49eef01f61cc4f79ba054fe2225828

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 46363431e0b687e017e5d5614181aa5c
SHA1 250915850e9017edc6e503c2c83b75715917592b
SHA256 1cbf77384a0af8d1f6ed54c3f7411d7b63a682e6d27b51c7def512642d037eb7
SHA512 cca8ffef787a4f4dc88e4d562d0ca8e824cfdaa2dd3d26ddc730ed12f15508cc6360ab3f454e6a6c36eec35800f79451fefa00a24c2bef012aff3fbb9a6ebe9c

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\573a43a3fbc18f656bc9c7cad720977c3e5747f9.original.avatar

MD5 e7ed315542e8c9e38b5dc50cb62ad9c2
SHA1 573a43a3fbc18f656bc9c7cad720977c3e5747f9
SHA256 e34346514992ff121d2fb023b894312f9de7db569238a58f2d4b7fa2bc428a54
SHA512 118c7e421e6ffaab1b8c34ab5cb2d8515894b01b50ec37d8f958ca66baaf5b1edce2bcc7c9b912fc8644ae2680449e2a438b2e9b38e85dc60b1a9bdd1dcd7c38

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 a22506cd785b216a6fb917118c234655
SHA1 f26dd8252ce14dee46510cb3cdf205780c2d2407
SHA256 a4513cb4108881a0d525512419518d849b821c0240fa2df0a8d119905646ef5a
SHA512 db985a4203d1fd0902e88f90e125b3013ca001795b37cf2bee1638046ffa91b1dc8a9446991e9c1ddafc7fc1f0fab249d58b1850246709f6b0523c141dd44e42

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 8894d3eb77abd1de14168dfd8f120314
SHA1 ca4650e9d30a1a4acdd18ca9374b1a9381868e69
SHA256 d8cd92c73c14fb81366692a296c5a1ed132276e3f09999705c64b7e698757c71
SHA512 1900c53796cfdddd72a589059328fd6cf04458ec92829552662feee162ab7ba803d61bf87929bd1f5f8bd7dd9d3b5b0080f04b5c91a0c94c12c88821f4c4f303

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 d66c769878374d62b887c2ed54f0d960
SHA1 4955c0b12cf51b51d4b54549b443437e17c65a5a
SHA256 a208f2a0c83d6cf3ef02cabb6727a0342efa54aa787116fdaa3f816351153844
SHA512 107062dd1b4edf74afe63ad9227f278410369e0e24864c8120fdb7c2e093d5089c1eb7d86ca80b7474a9128528f4979dc2e847ffac0c53b0c90afd288d9b8dc1

C:\Users\Admin\AppData\Local\Temp\nst441F.tmp\ioSpecial.ini

MD5 18ff701d1a99a427a9b81040f14fddaf
SHA1 d9af92511ce2b49e30c8071441906edc596dfbdd
SHA256 3b62ab01f6aedc4acd89622ac643d224b9bef125d6c253908ad607141bebc016
SHA512 ca702f3f717320f0e861a46cedbcef003b5ddd9314247fe947e6a9a1038b8310176731e65f446f90b7eaf77081ed2d9c8dd50a80e9749cd0bf20b1c4500ed75b

C:\Users\Admin\AppData\Local\Temp\nst441F.tmp\InstallOptions.dll

MD5 08c82a46416a5e2b471d457968f53816
SHA1 3e3897c20b9e89b279b4764a633f67955bf8f09a
SHA256 435baf3b7282c9110697a4916834ef9371dd29fae6b4cb8e19c19eb126562dc9
SHA512 91e2055b91d04b2348a923cb298ac6ba3637de5038dc4f849c4d2f1665d17de9cd6eb6a97d42d0f894d65348c8fd8e79cd61b667ea5a78e8960347e8cc8db81d

memory/1676-397-0x0000000000400000-0x0000000000440000-memory.dmp

C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.orkut.com\gtalksettings.sol

MD5 8cf6c45f7b59f309c141e9f6121efd2f
SHA1 7393fc0097f75336e5770fa737baf8ea152bc947
SHA256 e19b5c67a1741de87a1866dda95f615ff094d3eeaba7ac9543d4ba30e77aa3ba
SHA512 688360108329d82a51738cee59c5979ee5193cbb9094bfb82759de8d60e16ea6acda247d15058ea8e15e753a45b81fbca1d20187b9404f8f7dfd49920243591b

C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.orkut.com\gtalksettings.sol

MD5 7b18f55982ca5bcbf362906b466e4822
SHA1 390c620a4929d8f3b3ec56240e2ff2038ac531da
SHA256 e402e1fabe90cc1f5f5724f862b89cef80855142ad89dad409b9661b80c560e3
SHA512 a66dd1273eda0a823c2129295e5c214e45f590b39908aee6e71daafbfe608ac6e07ec2ebebc743dd236cf23cf4d4196ffe1be9e9e8b63dc1734f7b4ba83c9f29

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-11 19:58

Reported

2024-02-11 20:07

Platform

win11-20231215-en

Max time kernel

521s

Max time network

523s

Command Line

"C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\googletalk = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe /autostart" C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Google Talk\uninstall.exe C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File created C:\Program Files (x86)\Google\Google Talk\testperm.txt C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Google Talk\testperm.txt C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Google Talk\ C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File created C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
File created C:\Program Files (x86)\Google\Google Talk\gtalkwmp1.dll C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{4c9dc108-c73f-11da-95ab-00e08161165f}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\HELPDIR C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ = "IChatRoom" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\gtalk\shell\open\command\ = "\"C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe\" \"/%1\"" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\ = "IChatRoomContact" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{7a9d1480-c6a1-11da-95ab-00e08161165f}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{38FDD2C4-9164-4eaf-8C74-24D764FF613E}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C876D28-FB0C-11DA-9804-B622A1EF5492}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{4c9dc108-c73f-11da-95ab-00e08161165f}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{65D12388-C5E9-468c-83B9-60AEA2E658DF}\ = "ITalkTunnelExp" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82ec66ad-6a51-4aa5-8788-dea156a4580b}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ = "IChatRoom" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{7a9d1480-c6a1-11da-95ab-00e08161165f}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\gtalk\shell\open C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Typelib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{7a9d1480-c6a1-11da-95ab-00e08161165f}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C9DC108-C73F-11DA-95AB-00E08161165F}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38FDD2C4-9164-4EAF-8C74-24D764FF613E}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{65D12388-C5E9-468c-83B9-60AEA2E658DF} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ = "ITalkAPI" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65D12388-C5E9-468C-83B9-60AEA2E658DF}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\ = "ITalkAPI" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{226b64e8-dc75-4eea-a6c8-abcb496320f2}\Google Talk C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{74C992C7-BA13-4E6A-A469-B43AE8FD557A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{62d14448-68ff-4c37-a7f2-31105a1be427} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7B29C130-826A-4070-BA18-EC01E703D244}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\Google Talk\\googletalk.exe" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A9D1480-C6A1-11DA-95AB-00E08161165F}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70} C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\WOW6432Node\Interface\{5A9FF74C-53D0-4513-9481-0F61EDEEFFE2}\TypeLib C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49C7-BF37-0EB4A62D8638}\LocalServer32 C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0507EEDE-3AE7-49C7-BF37-0EB4A62D8638}\LocalServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A1527F6-C11F-4131-82BC-FE891D4E3B70}\TypeLib\ = "{7B29C130-826A-4070-BA18-EC01E703D244}" C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Google Talk\googletalk.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe

"C:\Users\Admin\AppData\Local\Temp\googletalk-setup.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Program Files (x86)\Google\Google Talk\gtalkwmp1.dll"

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /register

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /startmenu

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\98f71af031784d9db1a9e8d63cdeb9f1 /t 3352 /p 1036

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

Country Destination Domain Proto
GB 2.18.66.41:443 tcp
GB 2.18.66.41:443 tcp
US 8.8.8.8:53 204.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 2.18.66.41:443 tcp
GB 2.18.66.41:443 tcp
GB 216.58.204.78:80 tools.google.com tcp
GB 172.217.16.229:80 mail.google.com tcp
GB 216.58.204.78:80 tools.google.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 229.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 23.181.190.20.in-addr.arpa udp

Files

memory/3448-0-0x0000000000400000-0x0000000000440000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsk5304.tmp\UserInfo.dll

MD5 2b006bbf7c9295683eddfad40008be85
SHA1 b3f42a8e2ff172d51418c72811586b11ed589909
SHA256 9e4440baf56d47ca4cc1f29e7a62d407d1f9524986160b30de5f825a3fedee88
SHA512 e1cfd739b7f8de442e2fb49c83569e8051492180780d92a4bfaa9c90b1444fd0020f9f596c12820642dd33cbee2c81ec793acb1c8dab1d1bebbe25b33c51efe8

C:\Users\Admin\AppData\Local\Temp\nsk5304.tmp\System.dll

MD5 61151aff8c92ca17b3fab51ce1ca7156
SHA1 68a02015863c2877a20c27da45704028dbaa7eff
SHA256 af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d
SHA512 4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e

memory/3448-19-0x00000000024B0000-0x00000000024C2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\gtalkwmp1.dll

MD5 f341a096bbc785dc39e0170ff725a7d5
SHA1 75b233a2fc20ff4a748c65b80c17188f63b9cd53
SHA256 fd23273a36db53e1da88e2b4ec84ffb720e54f9c6ab8820bf8937e870d64e44b
SHA512 fe4a237a9b7b100e0b4ae5a2daf30989b3d6744ee7e7ba0a8a3c6322cf390a93fde3cfed79e4593e06f7ff072e1c207b9182623ccdb1b9da02cb412c8096b77a

memory/3448-30-0x0000000000400000-0x0000000000440000-memory.dmp

C:\Program Files (x86)\Google\Google Talk\testperm.txt

MD5 cf41c3a04147fc650486a80e85f2444c
SHA1 f98fcb580c775b8d902f6bf76f52a559af43d445
SHA256 d632b0b91898356488302714bebeb771cd765fa045f7a16ae925d2e99263671c
SHA512 4d24cac88a0baae5426577e18152d9a404cb525aaf3830cb75f0f1bbe868b635206f9f3e5468255b1cbe0ee761a24dc46b9aae6e0ed17aa4fff5c7090c8c8ed8

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\Classic\Contents\Resources\Incoming\NextContent.html

MD5 70e3aa6ea6428c65e2c99fb67cdf3c38
SHA1 65cdb1fd2901446df663190a3ab381b1969cce00
SHA256 773c0f0b634ec3106c09645484bb08cb2f18d316a6b6f805463feb3f892470c8
SHA512 b913c91987f68943487e6fac363d3abfe1a43d80ebc9838dac0fd2a06b14f0c2594a2abfb893a1f170a8d3b22272ec2e118b52c2d8492b94f1b4b6e3d520858a

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\PingPongPicture\Contents\Resources\NextStatus.html

MD5 4a75b7ffdd13bc07628b23a1340db9bd
SHA1 80b6f0db8880ae484d5e016077b174a702550b38
SHA256 fe5006e8ad1e3dcc44588712ea4a6e5723a4cf6bbf5be7db9f04d25d91f62327
SHA512 498b6451ac4cd3a7a598001a8486358582bce29479a6cc14e1fd3038d5751b81f5662340936b7e7594268662ac794482869f799de9144eae0a5c930820a83c01

C:\Users\Admin\AppData\Local\Google\Google Talk\themes\system\chat\PingPongPicture\Contents\Resources\Status.html

MD5 c1659928c4171dcee82ba065549d80a7
SHA1 6887fcdccea434cfc4247faee95662e201b9bcf2
SHA256 e2d9fa6e3e1044265356afc6369147a8a7dd68e030ba3d68e83473b375f1ee65
SHA512 a1a71b238e76089c5a4087e8451180057b0c32a0c6b2ebb6234d9d317630aa5d58df63d0e0b60b11218724b0ffa0fe023de31dff3fe83f95a58ea013fbbd0194

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

MD5 1ff855c2b9b98e65f2ab8a3648ce6b4b
SHA1 d6a64a64bf6b2f8b5399e87b6a6e1817a8cedf63
SHA256 0c736cc195d820cbb0a9dfc501bd496457431e8b336501295fd8c9e83c3a6296
SHA512 b8ce5825622019160231ffaf39e13badb4ef68b4a3e1112de5ea7d544144ee50e2dfd1bd036e9a4a0332266435029d893594d34f17f9562e67fa607bbde7e5c5

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

MD5 70d7fd3a2dcda38ddec255127925a185
SHA1 5d0b60242dd4c00af2665f74798c80a26f7c0c1c
SHA256 cb9fb91e9c96261618f5a0468b1a99ccf5b0b9d60bc8f5da22be8310adf9bd8d
SHA512 66a9948ba4f74a9297bc72d989612e03999898fbf146d523c421d7fa2382cf67b87dc31964856961851ad219cfec6ea760a0b9afda27aec3a0919a8241cc5a65

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

MD5 7bf0049215f3e854894586944ecadfe0
SHA1 f625b76fb88568161712002e4985ee262d320574
SHA256 1568aa36abe30b9e8c308606dba076a7a3c956f2e8a7d18c0377a80ae11e348a
SHA512 221eb677010d902b49d0f75b07f1aba0d1993f5574d81d4e15051d98b2224aaf31a27255f8480302613368b594606f3bd6ee2f7cb77c60f6adbe3a6d6c5e0dc5

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\fbfa567309724a59bad65e51ca1ce467ab52141c.original.avatar

MD5 477b9b2262edfb077aa9622b473dc3db
SHA1 fbfa567309724a59bad65e51ca1ce467ab52141c
SHA256 0f0154aaef14b04bac6dc6d55fddbc99440a822c165725bfe7083be90ab50e3d
SHA512 9f9698478accf1791ff6c6e2e5c150d691d135a319c5888b46947ca0f4896a025a26296ffac8adc276b4f3d4f086c3af747cbedcb1b841bef0135e717e3fbf1b

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 7b0e66eef397662bf1d1346fc9cf5313
SHA1 2712a2b05ba8ef6a3d84ce452d37a64090887b53
SHA256 5dc2d386b8cea18c0401dfc77ebe3c2282f61b113f468337a23e4579ff5e28fe
SHA512 eec704b006b49981db884f2362714fbabdbcf69b47da9f40fd4413e986f46e0b04689f6401991e94571fc3a7755a32cb70620c2d3c7ec3cb9bb23ca5ed324b94

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 91d5e3de0a48f1d28d4f72050a99ea02
SHA1 2a76fc6f39dbbb2da6ee8064c08ce6d8ad6cbd01
SHA256 bce7a8f3a90e7b484abeceabb81c932a01856cb825350b7fa5bf4c81beb246e6
SHA512 0757eba0fa6bd44d6de804ee5799e379e059cd15acef84897b4c32a7a7d48220d9d870a4637de0a79a7872439ecb321d312aa32f9917021ebbf3c3e8f520c683

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 90623c105b3a59a8de55402d5690d179
SHA1 a5515c11ddc68cc7afcf94ef564cb331c6685116
SHA256 8d79a640a600c7f95bbf5bb992dde81e2d829899f13dffd599bab032a192ea1a
SHA512 5e6db87d6b2b879ae5a7bf43f7a19721a825bac26e003574b7cd539553fb681968b7b265b5233a55074ca9cc0d982230cc49eef01f61cc4f79ba054fe2225828

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 35a4f023cd551801f84b91b43ca4b321
SHA1 3797ca1bfa12a956f91292344eae4d444d567187
SHA256 e84cd6011e1dd88ab49db2ece980beaa6bd432908168487fcad04f961f2bfc49
SHA512 3fa800db342022ba54621f678da2c4050a465b2face80d4fec6633b02aa46afd582d3d808e950893eb326cf599218997476c3d86e208fe507c6960b777d1c6e1

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 46363431e0b687e017e5d5614181aa5c
SHA1 250915850e9017edc6e503c2c83b75715917592b
SHA256 1cbf77384a0af8d1f6ed54c3f7411d7b63a682e6d27b51c7def512642d037eb7
SHA512 cca8ffef787a4f4dc88e4d562d0ca8e824cfdaa2dd3d26ddc730ed12f15508cc6360ab3f454e6a6c36eec35800f79451fefa00a24c2bef012aff3fbb9a6ebe9c

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 e7ed315542e8c9e38b5dc50cb62ad9c2
SHA1 573a43a3fbc18f656bc9c7cad720977c3e5747f9
SHA256 e34346514992ff121d2fb023b894312f9de7db569238a58f2d4b7fa2bc428a54
SHA512 118c7e421e6ffaab1b8c34ab5cb2d8515894b01b50ec37d8f958ca66baaf5b1edce2bcc7c9b912fc8644ae2680449e2a438b2e9b38e85dc60b1a9bdd1dcd7c38

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 3d52d38b75e5d5ee832e748a6d810232
SHA1 3e1a7c60f0b6b2cfda4b5978deef2f0475f37d35
SHA256 17255cddb753a3e7a86f9b267c113dc6c44e7051790aea22df737f5d0246ea3c
SHA512 add04d6080152743d50efea733bd4c0e75d20dc5ebc989ba1d96e4fe4e4961078e90349c086728701eda9311f11bb744a97676eed7a60639b449e5b9c3e6c488

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 8894d3eb77abd1de14168dfd8f120314
SHA1 ca4650e9d30a1a4acdd18ca9374b1a9381868e69
SHA256 d8cd92c73c14fb81366692a296c5a1ed132276e3f09999705c64b7e698757c71
SHA512 1900c53796cfdddd72a589059328fd6cf04458ec92829552662feee162ab7ba803d61bf87929bd1f5f8bd7dd9d3b5b0080f04b5c91a0c94c12c88821f4c4f303

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 d66c769878374d62b887c2ed54f0d960
SHA1 4955c0b12cf51b51d4b54549b443437e17c65a5a
SHA256 a208f2a0c83d6cf3ef02cabb6727a0342efa54aa787116fdaa3f816351153844
SHA512 107062dd1b4edf74afe63ad9227f278410369e0e24864c8120fdb7c2e093d5089c1eb7d86ca80b7474a9128528f4979dc2e847ffac0c53b0c90afd288d9b8dc1

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 f08fc19d4b33cf4d93585c6730e300cc
SHA1 3d57d79863ec79cc7b84f5d51c9982e91c0a3b8a
SHA256 3eca4fec079b1d4a4806547c75f22100ff3c48d382e25e9da66d67b4680e54f0
SHA512 8184ba705045544cd0f757e91e3c91abfc89b8b46338eb7b70e2cbb73a369fa62915f553b9d6c477941f480afa618f76e3c18b12fd6700c1a95f1e34c5dfcc38

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 65d8d95002db15b1b07bb000328f07b3
SHA1 b393761d7d3ad18f6265e69c96fc6dd63135ac27
SHA256 249b4ddcb7a4b1b53dbe7102bd0e4e43c35bea5667edfd14cc55ecc8d12a4fd6
SHA512 6899d3ae97eec360fef9a8eb490d525ff74b8c35ecefb1d74534eb759ba99e1680dc2d14b6d22b2bd715281d287c8319c4d78ee13fd343d968aeb0b56b2e123a

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 3627b56c6ea08d1a49a71fd3b21a1204
SHA1 de4a8862133aa788f9ea4b0f8c10080a140e7bdd
SHA256 ba8283dd9b8b6ead35a405148267d449ebf2fb6514918ed9b4e66400f29afc4f
SHA512 199be24143c4e455feacf49781335bfb9df7dc7bf85247591fb60580171f7576d41bdcf87d2e44a66fd1c6fa12dbb2c79d190d3e1203ea536c7b1a9a9eb0ab12

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 139ab22ebfe6b86790b9859251d2cb85
SHA1 46914b47602a13eb2069793817c907fde482e509
SHA256 4d945da6e45abd54d757b4f82ec926e3ae24874727dc15e16229ece7b933c94e
SHA512 f7dd86f347fd3c9123b7a89629bdfc81cd18f6b4a8502d58804495596e6e9dc13fa5600c517340a25c3262091d97b78e9e3d2690f51a3ba80dd40c0b3a37c2ca

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 57c563baf3fd6fe44392636258812c42
SHA1 4b0cbdb4719f04efc57798f4f9e66ba412cff885
SHA256 8893af9a901791cd34a66fbbdfa48da7038dbd1646915b3cfc36b21dc31d546e
SHA512 1b8ca6a37228bbac09ac3c3b118209371b30cbda021f762224e4149c630c394b66d511a96f9f8fe3dd6cd5beb50e80e0813ba6dd59fe5d25a24560730b8fc629

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 cd14924ded52e0a997bd72c86c3a339b
SHA1 901fa3e2a8f3fe30ec331c559ae5a69ec47bafcf
SHA256 0f56495dfe187cfa79f98c8584216b8c128e1d61e08c43a5964df8faa4dcc448
SHA512 053345e0a9184edeab251026a8e06909b4603f531eb301601894e51b440b4399a26ee71a84f15e101ea43d62dc2aba0384d4f6c8ba3bbca65e1e9b066d0e4cde

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 85c0a49a6a1bb1cbbe130e24cb23814e
SHA1 dcddafc8de2361f8524f10e06183277b01127ef0
SHA256 d6d36336a156cee0f9b57610e48ecfd4434a78b6f08dbb77a9a47c26b5050c5b
SHA512 94baf832f8077076346bdd21a485025bd9696bb3daf68d457b4001ffb5fd4b8ffc975e65054a3cdeafabee10597252f78db9706824fea4aa1e076a4dbbed3ea8

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 0e889698e699ff46a7ea1e396343c491
SHA1 eecabd575b852104c4ef2512c168f01d15dad3cc
SHA256 befdc8bd467e8d474c1a5a9953582f0cd1e22c6f7abe6e195544b90958aa1bf6
SHA512 f6bb5237b1d8f41b9d083f4819e16bbc4ea2436503fe4299221d10495abf6d410df65f1605233cbc17885660178a4c3ba6e7b16638c562dc115c5442364b161b

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 a7d60d5287b04a563e0703bebcc6bf86
SHA1 47b4169fc4ed7a3066ac32532dfe3256b1c23b49
SHA256 4e90140d0b54b2daf35354f88eb883f1b90b79294a81a660d6ec2b03900b69a8
SHA512 90dd6b09c49be213968aaa05197fc147fd278df330e08b41228592cca119d86b98400567ec8342944202ea12adff52aabae5ebecd1a4cbcaba8559494320e7e0

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 5f7e31f0001ef4310865f1ff4549b12b
SHA1 34c95afe0b0fcb9576636e25261c92dbb32c2ca3
SHA256 4681737d35db0808cbb99d4653b9f99141d7409f60268b9adb84c2e59792c6e9
SHA512 fef96b44c10223fa1138832e34fd12ed6a3ed934dba3f736a985cbc236bde9411fffaf6e49f65e50302711a09af30d27853a8158f807e7ac5065208619c07502

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 d81ab7a7627ed673fdcd4dd24220c192
SHA1 1657b6663c7d9d67bb6d556de97623e2a2a9126e
SHA256 97186e899fc20dd2d5f5805943c3a53f105a7cbdc21dad0586ba91d346a92a0a
SHA512 aa314cc318bd0b8620422a890858915c3969a192fa73dade698617401a8ea9c900cb8c69c1547fdc0eca0035a05f71937972fc369bec55f0741fea3ab3923e24

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 370a9e303a5e2b140a7b3f37a4233481
SHA1 02e77036c1ea4be91e1053e3c96f28e805d119a9
SHA256 66babc236e7e018e82bad773dacb5c3089ba85456a4efb8a19ee310efa3824bd
SHA512 657b99bf1959dbfe8ca7b515b792550113e21b3b416296bc69961abf89cad1561f4e0cb2d443c4bc0906cc77e70b33ecf95ec572001f5c88d5635a87add62e51

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 5c2b6a18d6d09563f1e4694de12326d7
SHA1 9a6100592deaaf027f4be9fb13fd813a2230c7a5
SHA256 d3ddc4f3ffba57c634611b6ac45f979c9671fa413dc7a317155dd3b3f2485d00
SHA512 9e2a44eba0285e7838243644eeecd3c3417c1293134a06a11a5fe93a6508ff0939db47c8d786677107105e60468217cc3ac71c891e7a051ff991a6c09913ddbb

C:\Users\Admin\AppData\Local\Google\Google Talk\avatars\temp.original.avatar

MD5 ceef4fca7bc7083ac26ecc0e4fc7a4ca
SHA1 5a3f30f9764147a12215431398540e05c0435aa2
SHA256 9ee950db30334eb12eb6b1a12b667d68710f42d53d069eacc39ed25b6c25ff5f
SHA512 702d0e658cc6429304f8c770dae31ea2617c23aefa234267f9a2d45eb4650bb97e39356bf669e71c635fbfdc8b5872bfce8efcb90b65f04f2e43d6acd955f3d2

memory/3448-308-0x0000000000400000-0x0000000000440000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsk5304.tmp\InstallOptions.dll

MD5 08c82a46416a5e2b471d457968f53816
SHA1 3e3897c20b9e89b279b4764a633f67955bf8f09a
SHA256 435baf3b7282c9110697a4916834ef9371dd29fae6b4cb8e19c19eb126562dc9
SHA512 91e2055b91d04b2348a923cb298ac6ba3637de5038dc4f849c4d2f1665d17de9cd6eb6a97d42d0f894d65348c8fd8e79cd61b667ea5a78e8960347e8cc8db81d

C:\Users\Admin\AppData\Local\Temp\nsk5304.tmp\ioSpecial.ini

MD5 8c8d45a344f7b8d404c06f185c34edf3
SHA1 17b3cf78361d12f64a6274dab791a5a7318d2266
SHA256 18168fad29143a8f8cc2d3344b36b1307e16ca30d3bd4295f363f999beee734d
SHA512 54c2ab7e3c3025d3d012d92677efcf5ca3273cfbbe98d4ddfad0a79d679be57ffed850eb42d44b39140db84ced580eee75979f368c431adac69bf9d168ea9c84

memory/3448-399-0x0000000000400000-0x0000000000440000-memory.dmp

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

MD5 bcd9cbf0621f9a6767276a2e0bf1dd15
SHA1 802daf7cb7823ce7f36408f0fba01e2e75fdde90
SHA256 c0748aee57a79d1ad8a4307d3ecb03a517464d047cd5cc64bad299e0bfaefb60
SHA512 0dd7dbb13c84e111b6c3a10629498724c4879f3b94a7d786b03009347186c8199791d0cc519d11affb89ff1ac3a1151d532bb9540a23bb0ad35bccea6327be96

C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.orkut.com\gtalksettings.sol

MD5 8cf6c45f7b59f309c141e9f6121efd2f
SHA1 7393fc0097f75336e5770fa737baf8ea152bc947
SHA256 e19b5c67a1741de87a1866dda95f615ff094d3eeaba7ac9543d4ba30e77aa3ba
SHA512 688360108329d82a51738cee59c5979ee5193cbb9094bfb82759de8d60e16ea6acda247d15058ea8e15e753a45b81fbca1d20187b9404f8f7dfd49920243591b

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 5208db13f993747fe955a73b1e01c7db
SHA1 498743e4c634d1c2d508a6fd900bf0f129db2b32
SHA256 0318c2b32b5002c91db4239bd5491091030b333b3f711b28b829e98f5fe7ee62
SHA512 c2512cbc6a3e63e2f1bac53d1fcf9e30802d14631a45a8f140a6658175cb6023093ea7d0997424b97e51da5e0f8234ab2f9c8d8cc2c36ee258bf927acd42124e