Malware Analysis Report

2025-03-15 06:04

Sample ID 240512-ce9l2sbc2t
Target 37a9d80141dc56998cfc13f109a9956e_JaffaCakes118
SHA256 3f3ba14bea218faacacf00b1c4ca9215c4fe0eb779a8748e444e736414081169
Tags
vidar discovery persistence spyware stealer vmprotect
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3f3ba14bea218faacacf00b1c4ca9215c4fe0eb779a8748e444e736414081169

Threat Level: Known bad

The file 37a9d80141dc56998cfc13f109a9956e_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

vidar discovery persistence spyware stealer vmprotect

Vidar

Vidar Stealer

Modifies Installed Components in the registry

Sets file execution options in registry

Registers COM server for autorun

Loads dropped DLL

Executes dropped EXE

Reads user/profile data of web browsers

Reads user/profile data of local email clients

VMProtect packed file

Checks computer location settings

Reads local data of messenger clients

Checks installed software on the system

Accesses 2FA software files, possible credential harvesting

Looks up external IP address via web service

Checks system information in the registry

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-12 02:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-12 02:00

Reported

2024-05-12 02:03

Platform

win7-20240508-en

Max time kernel

149s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe"

Signatures

Vidar

stealer vidar

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Reads local data of messenger clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ = "\"C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\notification_helper.exe\"" C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\INPROCSERVER32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ServerExecutable = "C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\notification_helper.exe" C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses 2FA software files, possible credential harvesting

spyware stealer

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\GUM1D12.tmp\goopdateres_ar.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_hi.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateSetup.exe C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_de.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_no.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\kn.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\resources.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\ms.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\pt-PT.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\chrome.exe C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\chrome_elf.dll C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\npGoogleUpdate3.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdateComRegisterShell64.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\goopdateres_ml.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_iw.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_ru.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_sw.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\VisualElements\LogoBeta.png C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\libGLESv2.dll C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\goopdateres_id.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\goopdateres_ms.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\goopdateres_sv.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_kn.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2492_323218113\crl-set C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\WidevineCdm\manifest.json C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2492_323218113\LICENSE C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_et.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\ca.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\ur.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_cs.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_sr.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\sw.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\goopdateres_fil.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\vulkan-1.dll C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\zh-TW.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\goopdateres_no.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\goopdateres_ru.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_ca.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\fr.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\it.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\goopdate.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_th.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\psuser_64.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\goopdateres_it.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\bn.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\th.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\goopdateres_uk.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\hi.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\goopdateres_te.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_ko.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\CHROME.PACKED.7Z C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\fi.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\zh-CN.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\VisualElements\LogoDev.png C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM1D12.tmp\goopdateres_zh-CN.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_ja.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\mr.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\nb.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2492_1885302077\manifest.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_hu.dll C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2848_1078045854\Chrome-bin\109.0.5414.120\Locales\da.pak C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\browser.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\Policy = "3" C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\AppName = "GoogleUpdateWebPlugin.exe" C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\AppPath = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7" C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\Policy = "3" C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\AppName = "GoogleUpdateBroker.exe" C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\AppPath = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7" C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID\ = "GoogleUpdate.CoreClass" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods\ = "8" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ = "IGoogleUpdate" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32\ = "{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\ = "Chrome HTML Document" C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13} C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods\ = "8" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ = "IAppBundle" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation\Enabled = "1" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\Application\ApplicationName = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13} C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher.1.0\CLSID\ = "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe\AppID = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher\CLSID\ = "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods\ = "11" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE} C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0\CLSID\ = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{315958A0-F5F6-4D47-85E3-F328675E42BC}\InprocHandler32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ = "IGoogleUpdateCore" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32\ = "\"C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\GoogleUpdateOnDemand.exe\"" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ELEVATION C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync.1.0\ = "CoCreateAsync" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ = "IAppBundleWeb" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32\ = "{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ = "IJobObserver" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ = "IProcessLauncher2" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\LocalService = "gupdatem" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36} C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD} C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open\command\ = "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --single-argument %1" C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ = "IAppBundle" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2044 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\browser.exe
PID 2044 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\browser.exe
PID 2044 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\browser.exe
PID 2044 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\browser.exe
PID 2044 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2044 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2044 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2044 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2044 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2044 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2044 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 2648 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe
PID 2648 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe
PID 2648 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe
PID 2648 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe
PID 2648 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe
PID 2648 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe
PID 2648 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe
PID 2836 wrote to memory of 880 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 880 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 880 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 880 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 880 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 880 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 880 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2060 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2060 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2060 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2060 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2060 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2060 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2060 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2060 wrote to memory of 2804 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 2060 wrote to memory of 2804 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 2060 wrote to memory of 2804 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 2060 wrote to memory of 2804 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 2060 wrote to memory of 2144 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 2060 wrote to memory of 2144 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 2060 wrote to memory of 2144 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 2060 wrote to memory of 2144 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 2060 wrote to memory of 2664 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 2060 wrote to memory of 2664 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 2060 wrote to memory of 2664 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 2060 wrote to memory of 2664 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 2836 wrote to memory of 1640 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 1640 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 1640 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 1640 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 1640 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 1640 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 1640 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2720 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2720 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2720 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2720 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2720 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2720 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2836 wrote to memory of 2720 N/A C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2912 wrote to memory of 2808 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe
PID 2912 wrote to memory of 2808 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe
PID 2912 wrote to memory of 2808 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe
PID 2912 wrote to memory of 2808 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe
PID 2808 wrote to memory of 2848 N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe
PID 2808 wrote to memory of 2848 N/A C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe

Processes

C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\browser.exe

"C:\Users\Admin\AppData\Local\Temp\browser.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F6CE0C8-AF2E-DAF3-D281-F4C1C2954E5B}&lang=ru&browser=3&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNC43IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzQuNyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszRTgyOTM3QS1BQkVGLTRCQjQtQkQxRC1DRTRFOEFBRDAzNkF9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgcmVxdWVzdGlkPSJ7QzhDRDc3Q0YtRjdDRC00RjA5LTg4NTktNzcyRjgyMURBNjM2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins0MzBGRDREMC1CNzI5LTRGNjEtQUEzNC05MTUyNjQ4MTc5OUR9IiB2ZXJzaW9uPSIxLjMuMzYuMTUxIiBuZXh0dmVyc2lvbj0iMS4zLjM0LjciIGxhbmc9InJ1IiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7OUY2Q0UwQzgtQUYyRS1EQUYzLUQyODEtRjRDMUMyOTU0RTVCfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI3MzQiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F6CE0C8-AF2E-DAF3-D281-F4C1C2954E5B}&lang=ru&browser=3&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{3E82937A-ABEF-4BB4-BD1D-CE4E8AAD036A}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\109.0.5414.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Windows\TEMP\gui80D3.tmp"

C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Windows\TEMP\gui80D3.tmp"

C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fee1148,0x13fee1158,0x13fee1168

C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{5ADDFA12-126D-4B88-89E6-23BBC41413CB}\CR_C5220.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fee1148,0x13fee1158,0x13fee1168

C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNC43IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzQuNyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszRTgyOTM3QS1BQkVGLTRCQjQtQkQxRC1DRTRFOEFBRDAzNkF9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgcmVxdWVzdGlkPSJ7MDAzODY4MUEtRDcyOS00QzNCLUFDQUQtNEIxRThDN0UyRDAzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M0MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMDkuMC41NDE0LjEyMCIgYXA9Ing2NC1zdGFibGUtc3RhdHNkZWZfMSIgbGFuZz0icnUiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzIiBpaWQ9Ins5RjZDRTBDOC1BRjJFLURBRjMtRDI4MS1GNEMxQzI5NTRFNUJ9IiBjb2hvcnQ9IjE6MWc4eDoiIGNvaG9ydG5hbWU9IldpbmRvd3MgNyI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9lZGdlZGwubWUuZ3Z0MS5jb20vZWRnZWRsL3JlbGVhc2UyL2Nocm9tZS9jemFvMmhydnBrNXdncXJrejRra3M1cjczNF8xMDkuMC41NDE0LjEyMC8xMDkuMC41NDE0LjEyMF9jaHJvbWVfaW5zdGFsbGVyLmV4ZSIgZG93bmxvYWRlZD0iOTMxMjI2MDAiIHRvdGFsPSI5MzEyMjYwMCIgZG93bmxvYWRfdGltZV9tcz0iMTc4MTUiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIzMDczIiBkb3dubG9hZF90aW1lX21zPSIxODQwOCIgZG93bmxvYWRlZD0iOTMxMjI2MDAiIHRvdGFsPSI5MzEyMjYwMCIgaW5zdGFsbF90aW1lX21zPSIyNzI4NSIvPjxkYXRhIG5hbWU9Imluc3RhbGwiIGluZGV4PSJlbXB0eSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ef6b58,0x7fef6ef6b68,0x7fef6ef6b78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1056 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1556 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2152 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2172 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3060 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2308 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1052 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1284 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3728 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3708 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3924 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3640 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3904 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4108 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1008 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2328 --field-trial-handle=1264,i,3713364108152061055,15719443512432104547,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 hotticketsale.com udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
GB 172.217.16.238:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.201.99:443 update.googleapis.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 216.58.201.99:443 update.googleapis.com udp

Files

memory/2044-27-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

MD5 62d35b3faf97e52c805dc76dfd15374a
SHA1 d5cd597a6f841104f8f7f9d99078168a4e064887
SHA256 c04deb9d282671fde862f56948fde1fc48d9b432db761e3df489ddde7145629e
SHA512 c23faf19b251f82bfb3fb63b3ebf40e1d90eb8944fbe19236303e659ee96b9dce00a1f7a449e34de6be83ba50f9185366c3f2e62dc5c256c831b74d30f889b33

C:\Users\Admin\AppData\Local\Temp\browser.exe

MD5 a21f7e816b13c1f119d4cc1a57078976
SHA1 1ae66044315852faf578581c550d7ee5db8091e6
SHA256 13c394e82486b280d002f70a8990a6b4b3ecae901957097b4915d374f30e73d4
SHA512 1cc8f18fff60e01a078940036b6b0bc145588c7791832b99ecc4cc05b56dba2899246371b9f5cc2ce033afb3938f3312aebe96ce61745e0dcc98acd4f42d4ab5

memory/3016-50-0x000000000048F000-0x000000000075A000-memory.dmp

memory/3016-60-0x0000000000400000-0x0000000000C56000-memory.dmp

memory/3016-99-0x0000000000400000-0x0000000000C56000-memory.dmp

memory/3016-59-0x0000000000220000-0x0000000000221000-memory.dmp

memory/3016-114-0x0000000000400000-0x0000000000C56000-memory.dmp

C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdate.exe

MD5 fbc17bba12b23433afeaa9da138b9b1a
SHA1 b314733d2280be96df8a8dd87950fa3758db80a4
SHA256 4d3234649d557a63d2b5dbe3600da69ab4a4c9d9979e700d4b536589c4a00234
SHA512 5ecef04bc32b63e18743fd3112bb01c5a4f369122abbfbfb0207b403f0ff08ca02e7768940d6099a4bc5a6d4041ac12e475fbe6e71b5429672295a929075a08d

memory/3016-57-0x0000000000220000-0x0000000000221000-memory.dmp

memory/3016-55-0x0000000000220000-0x0000000000221000-memory.dmp

C:\Program Files (x86)\GUM1D12.tmp\goopdate.dll

MD5 0e93218f6de56ff1859c75d7784eefde
SHA1 f1447e3c58f82b8000d629b4d20935b5df2458b0
SHA256 1a788ae8af762aa5031690800ddec8cd7eee1560404c5d01ebf5b37886f05ed6
SHA512 e2be852f5114c587b5647404e2302ad8a8b97f387ec22638dd6b6274602de43f555282cd3404d77131d5c2260430fcbaca70670449769812179551c9467f8ac9

\Program Files (x86)\GUM1D12.tmp\goopdateres_ru.dll

MD5 8b190d1dfff5c5b0a02369a4b50c1d99
SHA1 3917067d6b4b4bf764e12df84d4c11d94e4bc508
SHA256 d28deaa247c86ae8552e83fc4b39178f38aaa19513897d7928fa98852fb6a672
SHA512 c0555d4b552741caf80fb1e1f27f7dc0a24f98d02a186cfa692e47286fd9f407a765b1b17a51bb32d479ad72eb1b408cd2052da5d023762ae84441138d978e7c

C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdateCore.exe

MD5 6d37412968a6e3242710255a8015f6e1
SHA1 ab5bb487d0879343cf8f4f409ed62a2c08ffe212
SHA256 8bab2c5de1dca54eb609a5093c1ad92b4396aa43fab87a5fef48f5df3283c26b
SHA512 3cfad0b80f2ff5049e3ec97d2ff9b66c24b4f464ab6d3c4450755c7c8cf617416e087608a52993aedbb1e3817b271df834a9b2da713d45fa68efbf8e130d815f

C:\Program Files (x86)\GUM1D12.tmp\GoogleCrashHandler.exe

MD5 27322c0a2f2b96d47eba58e550fc85f2
SHA1 9f781c016bc1c3a81fbe47a97a82378731885ad1
SHA256 c054e7261bc72489ff575009a6532e19373e3b76679735a4ec1f140314abd327
SHA512 00933b536e9c0c8b4c8c749a543a90f57bf42f3be59914fe15d5678b31f7588aa61eb75652af8cec00d19804ab480fc0ae675e07916aa1637b4629881b435da4

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_am.dll

MD5 ef01658f6b280903ff33554e690ed7b3
SHA1 827af1610165a3a116dd34f4c0f96328e226d72f
SHA256 d6ba1025296713523f611d472c785676b3b2753d6e583feb95962f0eb6aa84c8
SHA512 f929e1c70c910c6fb12786ab2374b980d7960fc8ec68b23142e21e6f6f406ad2a0382c462610010667b09c9020fcbe2b98f17b50981b29aa8687b7d258e292a4

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_ar.dll

MD5 af761be9f504a907cee26f8b84e78a0c
SHA1 73f50190255d3534415554b586c4129c2f3b1c54
SHA256 3c9777876cba5f28b23ce6275d409290d42dcd13b6d7dde6293085567de5117e
SHA512 54eba2f3804861caaba1871feeec9eba7c9f7d4dd1e000708d2991bc5e253d8ac22ea2bbde0ce103aa7e718fe94382a3c984037d775d2d88d638fbe3043a0875

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_bn.dll

MD5 182496a1548fa2c3994cd28c4f45f81e
SHA1 d5ad874183b5e7f9ffc63ef5a1e3f26bf4c94226
SHA256 2c5bfb13e6ffdded3150e677b1aac38cfed7e07184a6598c21ab0c9d4e19e471
SHA512 4998b9cffc222a731b8eafa0c1be95e660868b15a200cbbb75ca6c99245f635964addc028ed71384440bc551e99d5c98bc9a05c65f81099abd08aa5ab7a4c128

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_de.dll

MD5 85b10c8a06a430d47f6f51078a16267f
SHA1 8440bd51fb36239cd9eceeb7370f2a892ee04db0
SHA256 509e2200941c59ea0e2881853fd1eb76d15eb9a49ff72171445f4ee8a397dd75
SHA512 b192c43e468b134bd178a5bf414d9b40167813d095305ac7f63316076d46e233698662f65652091c7bc32be36e4549c82b51c5e56f6cd33fdd0a66dce4edaa02

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_en.dll

MD5 bea053dbe0ed0cbde42ea4c7cfa598cd
SHA1 7ad9801c19f5e57d8b414725e200ddaacb3d3988
SHA256 135d671264330b7d3f0a3d4e33ed128eed05ee51f4d9b5ba4a157c29af94bda2
SHA512 80e9fb32c35b8a73921baaf395b1e4303657ecaae9cb9c5d5e1ee60cd59dfa8d1fdf6f0acbc5096c6079555b604e192d6bd18dfecb0c95768e2ace43509d68c0

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_es.dll

MD5 249e6a320f3b46d30490f57179384742
SHA1 e2c4fd8e55a9f093ba934f54d692172b1882fbdd
SHA256 ed18042c2b281332ff5127e1429510cd523853b344da4f6c467b7fd8014bc162
SHA512 f4744be7150010f7d7bb91ef119b67ac1795299b2fec6b51592bb7b2929cef97b209e9bf34b35f923c37e0b2032c21176d72975b32b9249c9a4f90297a701c1a

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_es-419.dll

MD5 6ce732221fb44cec239a1adb553bf842
SHA1 cefc8998c5dd27e3ae0e2d3711da7d53ece42fae
SHA256 ba27f0af1b1a91406976533fb650c94b026fe0657c260a7c8ac8dd565ae18018
SHA512 eee58df4b98a2d85da93529289ef348b7d541ab9bdb0978ba4b1528dc3ff576919c0c428078af87a17512beafac34a473150ecd889b45fc7735b1a74e09c85bf

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_fi.dll

MD5 80455a0657d6d909f37974555c247ef7
SHA1 b666f179cf12eafa71139146921c90390b88efc7
SHA256 273c8adf5c07429ebaad0332ad5d8638309b55f5f34a35fbc39154c5f84db464
SHA512 8d154a82576b67dc9cb3066ff55a4c9553786377f1c51b26e49da6c305a128d61149314b69244b4b80b7191ed8a46c87498fa470cea3a6b05f916c2a75e47a8f

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_hu.dll

MD5 61f7de3df93eee70324c23b441f8e1ff
SHA1 573702fe11cdccff3ea7da43a40147f2ac582de9
SHA256 a4d8493dbae949ab3d640ed68b1f85801bc87bcd2dff5dd098889d50806a5e7b
SHA512 2773c4b391092f5bdf1128ebc3d9d2fbb536913d230455f3c34132e198e7eab685f2704af539fd26ca984ec98bbb048eab389524ce58ae976b9643669a510d4e

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_iw.dll

MD5 641a65991ba196b3377293c937ed8ddf
SHA1 a644afac01c2431c03131b302612fd34eb72af5f
SHA256 c89048f9cd687bae1edec6312455a183c2d1c30b6f38a59a914f6a72df6117df
SHA512 856231a6515d38dc999d22028fb247242726d2fd3561e46e4b694552abb311c03af479f457344c8b512218765ee5c4f8b3484fdfc133832bfd64b858bf64fd9f

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_ko.dll

MD5 e9d22ca9a5ec33f126a4c343e9d95dfc
SHA1 a153158915d0b57c8430e811c21e1c683a49feca
SHA256 062e9484cd61c835ec32e202ac04abceda64e00131881d05829a61c599a65e87
SHA512 dc2a6e3183925984d52035ddf729083a29e37bd7923a5d5f3e054734e49b9c1d1598254656d061dd973720ae3350a50b32ea8534d098e4b7eca597d572ede1f6

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_lt.dll

MD5 55f9dd7a68c4417e617c909ff7cf7fcb
SHA1 f44d82a44503fac31dfa497c1181c183365415f7
SHA256 382d819cf57824381fc27c858f692c5488708cb9b20b19fc2740f99500939f9d
SHA512 eabf09e277a8692e75ca6b7da4dc773a2d88bce670b9ff793b3e3eafaee739ba531e5bf6e42748ac074b64f736ea180a4d217aba365774f1e3d1174ae5e21515

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_lv.dll

MD5 89455ee22c2928c02f625aec7deec1d6
SHA1 40f57392f0b13cff8a12f2c4f21e77d745e88e3b
SHA256 c5d58a24c2ab573f823fea1ab4f178b7b54378e7a6da690d0a5c22f7680fb257
SHA512 1f670a5d51cf8494a2902c5ca09283dab2d5619806227a7ce3ecd2e67a21132747f6ade890f7f134190362d950ffe303ec76abbdcf369a34cf4073235ee24d26

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_mr.dll

MD5 03c2adac9977912c9b814e8693a117a7
SHA1 5c6b024416e99b32de25f8fb921b412583cc6b2a
SHA256 30c068e20891af3c49f38fa6b188a142a0616f257f47d675c5b86b793528740c
SHA512 a405f63d5c27b0bcf6a87328b56e763b2173f6434a6f820cbd0f9137bf87511489290a5e15f36dde23962f96aee72b8468869dff838bf0aabb4321785f1ee1b3

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_no.dll

MD5 3d84836660e508342ae83fab0c8af3b1
SHA1 ae40d4a79f0ce593126a57ba9911c57952fc2804
SHA256 34eadda69c38d9577255a52153b3bd8e40c10b8729f585f8984f53e0ec61e55f
SHA512 db7605cc55200ba1f67f8be16ed7908df6ec31633eee1db9f7d90c622251d02c916c3bcd81e71f2467ed7a14059da62673d146825bfb06c4b6574012010d5004

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_pt-BR.dll

MD5 d1b9a1b379e6ac0365569b724c83b907
SHA1 5c4f70f1ac5a9874e702cde82b56d957fd2f270a
SHA256 c68713f46cc7ccec5dfbd2a94333134272b8ccb415f771c9622d0eb20a9595f4
SHA512 cb7ff2cc83d27bb87239b079da558423070eac61dc59cbbec6fd7ff321b2fbfbf604189b96c82dd6e581ba42c222e5b8dbbcaa24ab11f95df97de0cec13d63bd

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_pt-PT.dll

MD5 0520866fbced5d4e6eb34064d1473688
SHA1 59a2c86eadc420e0e063cea1467247a52d5276a7
SHA256 6e40142b1680dcab320f5fd430b86d5da167be0d163b60cc5cd629ff29b4ba0b
SHA512 4a6ef707b6b6884a7b351f37ccc7cab28863f70ac1a83efe3088ff30a9698a838edb227e33653ec003c2ff27502e4aec0730bb72e553ba8620a74a9f82d1a394

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_ro.dll

MD5 bb1df0ae124c34486be19980adde3c55
SHA1 4d866d8e0753e63f6133f60a1b147ca1c1c0b571
SHA256 303583d0b50a0aff7451d94f43af73329ce7eae9fd3f3d8dbcb4a1145fda9300
SHA512 53b083d57de9677b87ed02bbd2e73eb405cf95ed07ef41ab8c319f11fe81249e8306281d73e88f90cb2dbc7af4f0d0cdda1d890e66252e0e6704f2c17ae21d7b

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_sk.dll

MD5 62b17ade3b5656dfa49dec1b2ce54b1d
SHA1 c5e792d51bad67e08b3b9ae3380d3ca6a2f5228f
SHA256 e9e37e937f94caf09f491b037f9cde405bd4e3a52d53e1013e4e120d3edf7b2f
SHA512 26ff699d319354f3cbaf15e839bd1dd61556445cf7f89cc37ab6747c60d5e40cf00a857cd6d005cb8bcdcb66e82055041faabdfdd53ba1c87e9937bcf391cac8

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_sl.dll

MD5 0e88c3014fd2db4ceaaa83b2b7ca9eb3
SHA1 ca6b3ab3d89ac08cf51da79f27c731e55a7958ac
SHA256 6a2faa1408572820f9f0af57de5620d2a265693107e5f037d3cdea908bfbbf9c
SHA512 c86f74bac58bf219268edbdc240fcf697db97b1eb6d76cc378ddc2ee4dd7672524a3148aea0894d3082e4833284c049b46e243e8908ac9ac502cbfb1d15bdfce

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_sw.dll

MD5 809d886cee49c22894e133db7fd891c3
SHA1 8f67c83d975a498f1cdca60e3c93df050e9ed4e3
SHA256 0be7091cc419a239a203aac413ac7943805853290bfa7fad06e4b0509add52ee
SHA512 181b273c35c75ad5487eaf0cf3a60bc7762a05c0f085e4b31034daae053a941bb8c3427c3e77df791f5bc5799543877635f0089d19105d9ceab722a0132f0177

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_sv.dll

MD5 f7a78ce1136f3f650596349f08783009
SHA1 d47cd15ce81a873112a881b1bbc877d2e29a3bb2
SHA256 6fc29754f63e16feaa57625fb6a2583acee9226bdd627816a88c68696e62df1d
SHA512 8f6157a934690ca738f26180179e84c16c7931c88769a4eb9c5159f0d4c5991a51dcfe0d3313af84399e11e78e940140eb93a26f814c7bd156273fad958e2a97

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_sr.dll

MD5 1f74ebd791b4345bea3fb1d207c3e2cb
SHA1 6854093d78eb0c6dc4648f2a754414ab587ebb30
SHA256 f5ef7683039420b54ff3524c7d8a6aa6f8e294ae409b1aff8e29a939cb57b1d4
SHA512 89e8e69a967899009f7a4f67ff47d809c95957ace493f81d4d52363015c71758ab732b7ac6449ab6b7404c1022afec39b54d3057c06d9fd2d156ae6b7542c465

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_pl.dll

MD5 2bf2ec437d1bfe1808f216fdec2874eb
SHA1 ca6016a4f9eaba0200dabe119aa5032fdb5e3ace
SHA256 714109d32372b19cd3290b0cff1c2c8b02c70960047c8bf224a91083ab8b5ee3
SHA512 c759e2aa6c961b0091fbdcb324756b3a3643732111774d3d9e5bb1e648489bda18b0d79faa822a2fa74a5a7369a87dbe1acaab06c5d1280b6ff0b3dbadbcef8f

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_nl.dll

MD5 ab01af4041a2a953ec0cc2c0db874514
SHA1 7f45dc241b2e15925dfcbd47d0eaed668e2c88bd
SHA256 8ca394bb7b0c46dace740e80ee89f8319d9bbc0e71be66409d66ffa06dc05e9c
SHA512 96b7c186ad8115a5ee5f6b9083f13d6a24ba2f886b6f65370a4c19f6020f65bdaaad28d3d51a236e7c01947136d7cb90ce02d677d1b024dfbe11499ac914ed58

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_ms.dll

MD5 9f7a8b8f7bef01c1b435dd411ba6ca81
SHA1 d509f4d4a98f5f72cc49d9a4b06275dee3a3891a
SHA256 b493b2c3abdbfa9b158d034988cb40bc05bb7d811e8389342d26d2c084e9e746
SHA512 4800d434a4d86a57e533dce6e7ef18b81565c88d264f9ddfd3468f05d2371f52dd3966399539d9e42e6d3e9099df5d4ef8448a6ec2e75f3ad0fe4ea00fb42777

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_ml.dll

MD5 ed8e3a055bf890e3408a28686da2a9bd
SHA1 ce557ebae9ec3819c5677bdd5980713dac97c00a
SHA256 03866f7b47ec851c7c7c0712b005cb40ff6bc7d22d4579483509d55927663988
SHA512 818cdcd2354936069e1a4a3c05f99c0c7bfa1be3748b75a1e687599eda29e817d2c1b582a636bf52197d2243609bf3cd33f7311dea29d76d4485a06b19a1a487

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_kn.dll

MD5 ed6f177349401cc5081edd6da2432c6e
SHA1 8d5b9bd5488d43d1712875aabc02141136465849
SHA256 e0ce8379f91a4daf5acc3dd8d5560cf7e6be1f0a55b84abdabdaf8d4146808a7
SHA512 2a3ad87390d89e9a0b7a4552012c77621322846778af59460e717dcd8b24f7c0dc3fd76e25a666da7f6b919e19ddbf3043284f89dcf79db7f3b3d7788a4c42cc

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_ja.dll

MD5 f8d66af42bbcd2075f5bdca27811ff80
SHA1 781fb8e9a818b805fd6c5caec823e4bf5705b87b
SHA256 7c068163e1682bc5ba8206a83d4e5fafcfe66ef5af2be9b12d6b68d7ee7a5104
SHA512 7d42db5e7f84bf738296fae26552a5bbebd28abf1982748bca892e2d3ca523e36ca18a90c90ad6531488cf3aa994cc4c5bfe37ab892d4512471da566875315a9

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_it.dll

MD5 280dd02087c35fa70c2ab97025fc8a85
SHA1 74c6b16eff8731a8198cbd4efe87675881ea396e
SHA256 48b08446e59b5154c52dc75efce5cb7c37f04aacf26401ffe3162dbd4c9e2cdb
SHA512 7467c9a2ca2d6b476cacb6f11b1fea747d57998640ad988306c7a625c76db89a8d182c9019bc294b6dc433ef111f676704ff26974bfbf4dce1b54848fa465915

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_is.dll

MD5 05cda4a9e66be97afa5a66bc0cc301f9
SHA1 0bfe10958ebe044ae655005df9d0b1fec4cab6a8
SHA256 b25b4306d7d6e9cd32517d676e9e6bf007c80d3ca44b29ca53ba6654a27e8694
SHA512 6c0a58ecdacb4ed942dc016cdd399f85ac17b5a37f24ebe883fce60105444849e33ecf6e2d8b846e04cbce0d9bc02c69f866b8c7fdd5b147315255c29d3c9edd

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_id.dll

MD5 cf18940b86d19a8479a310d26b9c40c2
SHA1 e617f404989036ceb0b47d2e6e264721cd432001
SHA256 498bf2644c5a16a390706547480034ea787efcb896a12d03da2ea25bc279dcb8
SHA512 a48a4039693db6db9ed3a81e98e04b3339d8c19b939fd0b40119fc1174bafb3861f5bb5135471f0a7d0ef1cd9f6a083c97545661c755279a2d7ffca06f6ed304

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_hr.dll

MD5 4249c2c361fc8488de3754d624ce364b
SHA1 cb4dff392ede105c26d8ab63361c15d89e0a1f50
SHA256 67d51272b20d386ec81023e199676adcaff93b18e6da6904647326cdb8e36aff
SHA512 acf68c5135af81a09a1b214c73bee5430ce0785646a9a438ec2d0b73748075ab5b9e0e9869f4ebfccc152f2ef30de7073d9edcc12637af9a7a9b8ee8d094538e

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_hi.dll

MD5 0d5c2fb66f5029fc8dc89ab947fde4f8
SHA1 3b1cdcb71f5de2491bc29c512f64f7758c686704
SHA256 3e788372b182ae9f5f5608374566564db00dab62a0cbcc266df20272f8815dc2
SHA512 aa6dc2f1fc9d2bb90ebaa1eb9dfecbe469c44ed083cf8c4b8111aadb7fc99b3aec6743b3d2641b2eb0ed1ae8215bfaef998d471acefff205685f2736c25fba80

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_gu.dll

MD5 faea204297ca2df2bd3f192a5f511c4a
SHA1 175e9f3d9314daa90b4c6674218df76a3f10069e
SHA256 670f472338288207a8800238fe31c82c347d645ea1be7328e29811574ccca1c0
SHA512 5d48e951428cf58db85574a28f7074fd8e4eca4f4cf631245aae4f4f8cd82aa2f8083f15d5ea540d576726a94692c1a0ca1f5a9963144d09820db7f65585b6b3

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_fr.dll

MD5 e05db677de98fdfaca0ef75150bdf0bf
SHA1 683ae620a6ed9d7e3985d93f9fd1a4a2057209f3
SHA256 aaef9f2a44b100ced71685587f2dea01b5711b48c1b08a5ae730549ec1a9b248
SHA512 b47080dc788011aa857bf27ac3d945f54fb9ce61bce09c7b1662736a1ad967d1610a1bc36ffb02100c97484e9c4b5b23f6260e8f8a02207c977d958115f8c4f8

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_fil.dll

MD5 aaceabdc9793774cc2bb62d3ad11a4b9
SHA1 64d0551362a1ab50bca852882ec0a6f411bed2ae
SHA256 ad53d3117349f32537959ca8b34be39db86d27e9855efee1eba1157635668101
SHA512 8d8c25fc88519bdae0ab872f90d9e3fa0aa2d38ce7c24f3a16d254971d718349276a4d9fd47bee2dfab295a2cbbc715a1a0e3b0ebfe49e03ebbe5f464133146f

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_fa.dll

MD5 461cc484eeb6b02e3715f4e110926ef3
SHA1 021c197e770a4ab9dcc3c9f483739678882ffc42
SHA256 518ed07d8f67272e1b1139ffcf925f7d7a602f3ac72bf73bb19d888c91cb254b
SHA512 ba0d2b2195c327fec8ed1ab5883884db682a4704785d207f9c06138a5da432843d51f20cc6a6f7d03374b5c4345453ca242f328516b0a50512e70efd84f6df0c

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_et.dll

MD5 23a742324e15ea331ad6299e0616da87
SHA1 4f0a3630a5629b54173cd76a673b279597c70bda
SHA256 34715560c5070f7424275490293e9737f405f9667c5d8cb9dfb38c4a07e14165
SHA512 91611c6abdb93f85abe1e46b69eb6475c5e0b8d950d32bc200b0085added6245d564640d2d328839889cdb5605eb7028902b5c6f328ffe1ff3062099cee0fe3c

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_en-GB.dll

MD5 0001f0b87063b2dc35b5b1e68c668679
SHA1 e7e8c395ec77548596523b565ee4569b3933fe44
SHA256 867214a3d0735593c12c2de6c407b29b1381664ba17e5b57c863ae39b6159607
SHA512 f3cd4a92fe4fbeb41f34ee35bc4cebdbc5b0a8961b346055848f13531f96b766ef51c04e4d3be701527c375a30919ef4a1731f300564f20e6bf16e7fc5636ed8

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_el.dll

MD5 13da9b858609e47afad908324829c39f
SHA1 4e817d1de441c066aefbda94b29d9426b6233514
SHA256 0044d817f3e24e400031eb7017f062992565ef2c283377f832bac84e25cd3f00
SHA512 fc1ca5dcb1596302edc7317edd3298882436caf551b292e77efc29e3f59f8caa246ea808c3078643a1c71c8652c39b940eca5d5b3594fcb816fbc96bebaf38aa

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_da.dll

MD5 814948b06e4a5e55c80414cf53a49b4d
SHA1 8ef5e329d4dd80beec9307b53b36e3d32c88cd7a
SHA256 932a2f0868b3ae2b3d6aeb9f3e9d7db8e4807c1f92d4094560e4992ca957cb8f
SHA512 c3a32b1508ed1117d17587fc03a05e6f930f5876b21e9951cdf22342f614e0ed0ca58d57ead41833d6bbeeb7f994e9ed5e0b58d664b9a32e5d5afdcff0d7378d

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_cs.dll

MD5 6fee6358d2fc63a0360d7b7062e0b71b
SHA1 eb689d7f21e3fe9eee39467f28060d2cc9a53dda
SHA256 a5300b63b29418cf492f1adb49f90d28b6522127eb870baecc5f6c7ffb928140
SHA512 fe35d988d4187e1442a185e838970d5e2407ade28d9103e92280367157a8f18c0a6ca379baa64c706c43ae2c8f12b6c93ef7689ef8844784d472227e0fba9992

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_ca.dll

MD5 76897f3b34f5406fad2a73bf9c949c6d
SHA1 3f6ab5d06a07b776a109a6298698e2db3beddc52
SHA256 05c13e54eefa41b7ca25d05842ab9f2a677cfe8dd47297b8642bc92622e1909c
SHA512 27e8c9410b7c1d4087bda9ff44714239e4a441ffac07678a992944d5d6565ac714b7d225d6f340b3c1cf1d065668e98c317e7832fde109fc29a5adc6992e1dec

C:\Program Files (x86)\GUM1D12.tmp\goopdateres_bg.dll

MD5 23b476d8a50a24dea83bdadb5d18ba3b
SHA1 4d0e653d51eb82e2afc507f0a91d4fa95bfa88b3
SHA256 42a6eeda06c310e225a4202fb95134b0f75355b6c3df05ff64c8f6f020bb0bc3
SHA512 1204525a3e63e0478ed200b0ecd82efaaeeab5e0f7012279c0f4afdc50f9b88bd6fc467dd49adb32e2f4a9b921589c066d729130839fa2e60e3dc2368e7cd60f

C:\Program Files (x86)\GUM1D12.tmp\GoogleUpdateComRegisterShell64.exe

MD5 7d4a5d2c3be057eea014dd3d7a08d3c2
SHA1 0b5902e1c70b2d9c93d0e2d38f41a37155272fb1
SHA256 26d4c072249d9220e18e481e89caf426234f34b726f8d1fa3b4940dcc75dd338
SHA512 08beb60edea9bd7fddd276072b4c9bb0f96a77dd4320ac6c60172919339adade455db0354f428b87d65d90c9d6f0d288fbdd169a67ee832241be743ab65ab07c

C:\Program Files (x86)\GUM1D12.tmp\GoogleCrashHandler64.exe

MD5 d92f091d2c3d686fd17ed0f441768425
SHA1 c9d9736fb42e14dd8796087770eb1700fc2583b4
SHA256 b622e96ccdc66d7ae2a04e53da81d9667b0fa14b19e49a80ad8b6083cb0fe836
SHA512 4c1fe4f498f2552dc526bda274e85224114ad4c34a2c9cb7b963298737ed2ef1399634aef02b1ee2f12b36c25c58db901c49a96ff4be56d7ba8b05da1daf54d2

memory/3016-332-0x0000000000400000-0x0000000000C56000-memory.dmp

memory/3016-333-0x000000000048F000-0x000000000075A000-memory.dmp

C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\setup.exe

MD5 b42b8ac29ee0a9c3401ac4e7e186282d
SHA1 69dfb1dd33cf845a1358d862eebc4affe7b51223
SHA256 19545e8376807bce8a430c37cab9731e85052103f769dd60a5da3d93ca68c6ec
SHA512 b5269e7392e77a0fa850049ff61e271c5aab90d546945b17a65cc2ea6420432ae56321e1e39cfd97ccdb3dfc37ddbd6ff77907f5685cc2323b8635c8cdb4a84f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Temp\scoped_dir2492_344342326\14337d6d-4d2b-43e8-95ce-5410bfea1ed7.tmp

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000004.dbtmp

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Temp\scoped_dir2492_344342326\CRX_INSTALL\_locales\en\messages.json

MD5 dbedf86fa9afb3a23dbb126674f166d2
SHA1 5628affbcf6f897b9d7fd9c17deb9aa75036f1cc
SHA256 c0945dd5fdecab40c45361bec068d1996e6ae01196dce524266d740808f753fe
SHA512 931d7ba6da84d4bb073815540f35126f2f035a71bfe460f3ccaed25ad7c1b1792ab36cd7207b99fddf5eaf8872250b54a8958cf5827608f0640e8aafe11e0071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en\messages.json

MD5 91f5bc87fd478a007ec68c4e8adf11ac
SHA1 d07dd49e4ef3b36dad7d038b7e999ae850c5bef6
SHA256 92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9
SHA512 fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT~RFf76fe3c.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ce322941f740a68987c664eed9b9aca8
SHA1 7ae44dad80f120aa9c6934a778f47345622832ef
SHA256 823ec9f0f5dc4061dcea58efa278b0160b3ba98f2b64d74042e2fe29a8800e1d
SHA512 2b168c6f07195a4d9d761e77af29a3d12bea95415ab2953145b395281e4e0c70c8f4af2ed4b5929824a08587d2b2fde164de62fb98a5928604206ed7da9134f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cc30ae18-4998-42f5-82b9-721ee23b93e4.tmp

MD5 ec5d857c7a44909e3a49cc1c72d157f2
SHA1 57de8ece42a7da3975f8c50ff2805a6be57fcc59
SHA256 37f7ccc51576dd82bd8e34e1bd6e075b2a6f3055416ce3ef92bf6ec088bd7409
SHA512 25c4145d75294b63f21fc8d67305d5feed55456514bd4de3a34f09e2dff9432ebf64b11b487ac66a435bdc9c46c09c2d8296587aa24dfa0cf2ea66125915218b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a471244f151ac6dd660e49a33494a5df
SHA1 3d88328d453af734a497851a7ef8cdc578b7386c
SHA256 c8eb0e81f2293bad43eeaae9f4d4788fa72569b03f6c2b04e3222ad43a18589b
SHA512 32f9c1fe1a595405bdff5ecbe91ccd6eb80c5417f8bb4f4cb73df32f507d01fc8424dc2ec33192321369624d293a8ea9bb49fc9a57a788a213b0a0cce3dd5668

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 409d508426e72edec383fee3a19545e0
SHA1 5706551f75e9bd5585e67371c63054bb7ff7805d
SHA256 ae568e0095cd1d173c93364dfe38787192427ff0a8616d4714ee1d1bcd652002
SHA512 16f361d6d86f5303fa44549267b87a19c64c952bddd5ca634b925d66080e3418aa10f3a5440e8d4f39b7afd758c91f0a5cbe71a022236d1d78898de7a511b6e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 945de9717ea078d8d0671831b9552f10
SHA1 453d2aa4156e7e96832978416b6fe60d8492bf09
SHA256 5b50135036e44060c585294065d8341e9f5ca659fba24b7136d0f335002f10a9
SHA512 675b9deb08cd177feb15e0992b0e2bcaea83992807a8dfc9e0e0e43cd375ed289c9315d5e241899d783132c2f201f956de65c23e2e32755bc5c639a6b815b2a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b2786c8cb7b4db93cd0f9d35dd4ea1ae
SHA1 8a0a9ec77104a8686163f02ccaea5b5fee1f2c99
SHA256 401f15fdf4e7a8997e0e03431bae9362374d3332a2ba6691516de7502d2906cf
SHA512 93547f8e57ea1ce24b06160f4311eaf9eaade582b3845b1f2c964d9d52efe877fa93d922a5cecb6408ba9d395866e230a168698ba7037be3051f70be26f3ab51

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-12 02:00

Reported

2024-05-12 02:03

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe"

Signatures

Vidar

stealer vidar

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\124.0.6367.202\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
N/A N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\124.0.6367.202_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\124.0.6367.202\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Reads local data of messenger clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ = "\"C:\\Program Files\\Google\\Chrome\\Application\\124.0.6367.202\\notification_helper.exe\"" C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\INPROCSERVER32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ServerExecutable = "C:\\Program Files\\Google\\Chrome\\Application\\124.0.6367.202\\notification_helper.exe" C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses 2FA software files, possible credential harvesting

spyware stealer

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\th.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\MEIPreload\preloaded_data.pb C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\elevation_service.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\goopdateres_da.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_ko.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_ro.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\optimization_guide_internal.dll C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\ar.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\goopdateres_ar.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\goopdateres_sv.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_cs.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_zh-TW.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\goopdateres_pl.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_am.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\dxil.dll C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\vk_swiftshader.dll C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\psuser_64.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\fr.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\ms.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\nl.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdateHelper.msi C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\goopdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_es-419.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\psuser.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_fi.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\VisualElements\Logo.png C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\am.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\ja.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\WidevineCdm\LICENSE C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\chrome.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\goopdateres_el.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\goopdateres_zh-CN.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_sl.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\chrome_200_percent.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\lv.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\goopdate.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_de.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\hr.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_sv.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\vi.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\goopdateres_fi.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\goopdateres_gu.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_kn.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_pt-PT.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdate.exe C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\fil.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\goopdateres_vi.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_hi.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\te.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\pt-PT.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\124.0.6367.202\Installer\setup.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdateCore.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\GUM6D50.tmp\goopdateres_es-419.dll C:\Users\Admin\AppData\Local\Temp\Chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\psuser.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\psmachine.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.34.7\goopdateres_en.dll C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\Locales\lt.pak C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3988_743608157\Chrome-bin\124.0.6367.202\chrome_pwa_launcher.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\browser.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\AppName = "GoogleUpdateBroker.exe" C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\AppPath = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7" C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\Policy = "3" C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\AppName = "GoogleUpdateWebPlugin.exe" C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\AppPath = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7" C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\Policy = "3" C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133599528897447638" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19 C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography C:\Windows\system32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C} C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{315958A0-F5F6-4D47-85E3-F328675E42BC}\InprocHandler32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE} C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass\CurVer\ = "GoogleUpdate.CoreClass.1" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalizedString = "@C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\goopdate.dll,-3000" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods\ = "5" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods\ = "8" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32\ = "{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ServiceParameters = "/comsvc" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{315958A0-F5F6-4D47-85E3-F328675E42BC}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine.dll" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ = "IAppBundleWeb" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4} C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Google.OneClickCtrl.9\ = "Google Update Plugin" C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32\ = "{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\ProgID\ = "GoogleUpdate.CredentialDialogMachine.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods\ = "7" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalizedString = "@C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\goopdate.dll,-3000" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods\ = "24" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ = "IGoogleUpdateCore" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID\ = "GoogleUpdate.Update3COMClassService" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods\ = "13" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ProxyStubClsid32\ = "{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221} C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ProxyStubClsid32\ = "{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ = "IApp2" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{315958A0-F5F6-4D47-85E3-F328675E42BC}\InprocHandler32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.34.7\\psmachine.dll" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ = "IJobObserver" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\NumMethods C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\ProxyStubClsid32\ = "{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LOCALSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods\ = "43" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc.1.0\CLSID\ = "{534F5323-3569-4F42-919D-1E1CF93E5BF6}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync\CLSID\ = "{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ProxyStubClsid32\ = "{CDF5DD86-4F10-4386-92AF-DF0F30719FDF}" C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine\CurVer\ = "GoogleUpdate.OnDemandCOMClassMachine.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
N/A N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\browser.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\124.0.6367.202_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\124.0.6367.202_chrome_installer.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4972 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\browser.exe
PID 4972 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\browser.exe
PID 4972 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\browser.exe
PID 4972 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4972 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 4972 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\Chrome.exe
PID 1676 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe
PID 1676 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe
PID 1676 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\Chrome.exe C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe
PID 3980 wrote to memory of 3136 N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3980 wrote to memory of 3136 N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3980 wrote to memory of 3136 N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3980 wrote to memory of 4952 N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3980 wrote to memory of 4952 N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3980 wrote to memory of 4952 N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4952 wrote to memory of 4020 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 4952 wrote to memory of 4020 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 4952 wrote to memory of 1408 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 4952 wrote to memory of 1408 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 4952 wrote to memory of 4980 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 4952 wrote to memory of 4980 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
PID 3980 wrote to memory of 2940 N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3980 wrote to memory of 2940 N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3980 wrote to memory of 2940 N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3980 wrote to memory of 1940 N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3980 wrote to memory of 1940 N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3980 wrote to memory of 1940 N/A C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 436 wrote to memory of 868 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\124.0.6367.202_chrome_installer.exe
PID 436 wrote to memory of 868 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\124.0.6367.202_chrome_installer.exe
PID 868 wrote to memory of 3988 N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\124.0.6367.202_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe
PID 868 wrote to memory of 3988 N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\124.0.6367.202_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe
PID 3988 wrote to memory of 3408 N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe
PID 3988 wrote to memory of 3408 N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe
PID 3988 wrote to memory of 2940 N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe
PID 3988 wrote to memory of 2940 N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe
PID 2940 wrote to memory of 744 N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe
PID 2940 wrote to memory of 744 N/A C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe
PID 4756 wrote to memory of 2176 N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4756 wrote to memory of 2176 N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4756 wrote to memory of 2176 N/A C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 436 wrote to memory of 2144 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 436 wrote to memory of 2144 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 436 wrote to memory of 2144 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2176 wrote to memory of 4984 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4984 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4984 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\37a9d80141dc56998cfc13f109a9956e_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\browser.exe

"C:\Users\Admin\AppData\Local\Temp\browser.exe"

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

"C:\Users\Admin\AppData\Local\Temp\Chrome.exe"

C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F6CE0C8-AF2E-DAF3-D281-F4C1C2954E5B}&lang=ru&browser=3&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNC43IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzQuNyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntBMjlGNzNFMS00NkUxLTQ4MEItQkEwNi1DMkIyNzAwQzJERUR9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgcmVxdWVzdGlkPSJ7QjhFRTkwN0UtQUM1OC00MkFGLTlCODItODMzMTAzRUY0RjhDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins0MzBGRDREMC1CNzI5LTRGNjEtQUEzNC05MTUyNjQ4MTc5OUR9IiB2ZXJzaW9uPSIxLjMuMzYuMTUxIiBuZXh0dmVyc2lvbj0iMS4zLjM0LjciIGxhbmc9InJ1IiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7OUY2Q0UwQzgtQUYyRS1EQUYzLUQyODEtRjRDMUMyOTU0RTVCfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxNDUzIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F6CE0C8-AF2E-DAF3-D281-F4C1C2954E5B}&lang=ru&browser=3&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{A29F73E1-46E1-480B-BA06-C2B2700C2DED}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\124.0.6367.202_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\124.0.6367.202_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Windows\TEMP\guiAE70.tmp"

C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Windows\TEMP\guiAE70.tmp"

C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=124.0.6367.202 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff602b496b8,0x7ff602b496c4,0x7ff602b496d0

C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{C99192EE-86F0-479E-B2B3-CD773E44587C}\CR_12276.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=124.0.6367.202 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff602b496b8,0x7ff602b496c4,0x7ff602b496d0

C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNC43IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzQuNyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntBMjlGNzNFMS00NkUxLTQ4MEItQkEwNi1DMkIyNzAwQzJERUR9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgcmVxdWVzdGlkPSJ7QkJBQzM3RTEtODg1Ny00QUNELTlBNTktNjI4NUIxQkZFMEJCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M0MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjQuMC42MzY3LjIwMiIgYXA9Ing2NC1zdGFibGUtc3RhdHNkZWZfMSIgbGFuZz0icnUiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxNSIgaWlkPSJ7OUY2Q0UwQzgtQUYyRS1EQUYzLUQyODEtRjRDMUMyOTU0RTVCfSIgY29ob3J0PSIxOmd1L2kxOToiIGNvaG9ydG5hbWU9IlN0YWJsZSBJbnN0YWxscyAmYW1wOyBWZXJzaW9uIFBpbnMiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vZWRnZWRsLm1lLmd2dDEuY29tL2VkZ2VkbC9yZWxlYXNlMi9jaHJvbWUvb3R4MzRoeXJyb2xzaXNzZ3F2cnh6MjRnenFfMTI0LjAuNjM2Ny4yMDIvMTI0LjAuNjM2Ny4yMDJfY2hyb21lX2luc3RhbGxlci5leGUiIGRvd25sb2FkZWQ9IjExMjAzNjQwMCIgdG90YWw9IjExMjAzNjQwMCIgZG93bmxvYWRfdGltZV9tcz0iODI2NiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQzOCIgZG93bmxvYWRfdGltZV9tcz0iOTAxNiIgZG93bmxvYWRlZD0iMTEyMDM2NDAwIiB0b3RhbD0iMTEyMDM2NDAwIiBpbnN0YWxsX3RpbWVfbXM9IjI5MTU2Ii8-PGRhdGEgbmFtZT0iaW5zdGFsbCIgaW5kZXg9ImVtcHR5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=124.0.6367.202 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc4be2cc70,0x7ffc4be2cc7c,0x7ffc4be2cc88

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,17695806924306959636,3739114724652590549,262144 --variations-seed-version=20240425-050055.366000 --mojo-platform-channel-handle=2024 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,17695806924306959636,3739114724652590549,262144 --variations-seed-version=20240425-050055.366000 --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,17695806924306959636,3739114724652590549,262144 --variations-seed-version=20240425-050055.366000 --mojo-platform-channel-handle=2292 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,17695806924306959636,3739114724652590549,262144 --variations-seed-version=20240425-050055.366000 --mojo-platform-channel-handle=3164 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,17695806924306959636,3739114724652590549,262144 --variations-seed-version=20240425-050055.366000 --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\124.0.6367.202\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\124.0.6367.202\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,17695806924306959636,3739114724652590549,262144 --variations-seed-version=20240425-050055.366000 --mojo-platform-channel-handle=4608 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4796,i,17695806924306959636,3739114724652590549,262144 --variations-seed-version=20240425-050055.366000 --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,17695806924306959636,3739114724652590549,262144 --variations-seed-version=20240425-050055.366000 --mojo-platform-channel-handle=4944 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4956,i,17695806924306959636,3739114724652590549,262144 --variations-seed-version=20240425-050055.366000 --mojo-platform-channel-handle=4920 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5192,i,17695806924306959636,3739114724652590549,262144 --variations-seed-version=20240425-050055.366000 --mojo-platform-channel-handle=5052 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,17695806924306959636,3739114724652590549,262144 --variations-seed-version=20240425-050055.366000 --mojo-platform-channel-handle=5652 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5724,i,17695806924306959636,3739114724652590549,262144 --variations-seed-version=20240425-050055.366000 --mojo-platform-channel-handle=5672 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 hotticketsale.com udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 update.googleapis.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 hotticketsale.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 216.58.201.99:443 update.googleapis.com udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\browser.exe

MD5 a21f7e816b13c1f119d4cc1a57078976
SHA1 1ae66044315852faf578581c550d7ee5db8091e6
SHA256 13c394e82486b280d002f70a8990a6b4b3ecae901957097b4915d374f30e73d4
SHA512 1cc8f18fff60e01a078940036b6b0bc145588c7791832b99ecc4cc05b56dba2899246371b9f5cc2ce033afb3938f3312aebe96ce61745e0dcc98acd4f42d4ab5

C:\Users\Admin\AppData\Local\Temp\Chrome.exe

MD5 62d35b3faf97e52c805dc76dfd15374a
SHA1 d5cd597a6f841104f8f7f9d99078168a4e064887
SHA256 c04deb9d282671fde862f56948fde1fc48d9b432db761e3df489ddde7145629e
SHA512 c23faf19b251f82bfb3fb63b3ebf40e1d90eb8944fbe19236303e659ee96b9dce00a1f7a449e34de6be83ba50f9185366c3f2e62dc5c256c831b74d30f889b33

memory/4972-30-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Program Files (x86)\GUM6D50.tmp\goopdate.dll

MD5 0e93218f6de56ff1859c75d7784eefde
SHA1 f1447e3c58f82b8000d629b4d20935b5df2458b0
SHA256 1a788ae8af762aa5031690800ddec8cd7eee1560404c5d01ebf5b37886f05ed6
SHA512 e2be852f5114c587b5647404e2302ad8a8b97f387ec22638dd6b6274602de43f555282cd3404d77131d5c2260430fcbaca70670449769812179551c9467f8ac9

C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdate.exe

MD5 fbc17bba12b23433afeaa9da138b9b1a
SHA1 b314733d2280be96df8a8dd87950fa3758db80a4
SHA256 4d3234649d557a63d2b5dbe3600da69ab4a4c9d9979e700d4b536589c4a00234
SHA512 5ecef04bc32b63e18743fd3112bb01c5a4f369122abbfbfb0207b403f0ff08ca02e7768940d6099a4bc5a6d4041ac12e475fbe6e71b5429672295a929075a08d

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_ru.dll

MD5 8b190d1dfff5c5b0a02369a4b50c1d99
SHA1 3917067d6b4b4bf764e12df84d4c11d94e4bc508
SHA256 d28deaa247c86ae8552e83fc4b39178f38aaa19513897d7928fa98852fb6a672
SHA512 c0555d4b552741caf80fb1e1f27f7dc0a24f98d02a186cfa692e47286fd9f407a765b1b17a51bb32d479ad72eb1b408cd2052da5d023762ae84441138d978e7c

memory/4228-108-0x0000000000DB0000-0x0000000000DB1000-memory.dmp

memory/4228-112-0x000000000048F000-0x000000000075A000-memory.dmp

memory/4228-109-0x0000000000400000-0x0000000000C56000-memory.dmp

C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdateCore.exe

MD5 6d37412968a6e3242710255a8015f6e1
SHA1 ab5bb487d0879343cf8f4f409ed62a2c08ffe212
SHA256 8bab2c5de1dca54eb609a5093c1ad92b4396aa43fab87a5fef48f5df3283c26b
SHA512 3cfad0b80f2ff5049e3ec97d2ff9b66c24b4f464ab6d3c4450755c7c8cf617416e087608a52993aedbb1e3817b271df834a9b2da713d45fa68efbf8e130d815f

C:\Program Files (x86)\GUM6D50.tmp\GoogleCrashHandler64.exe

MD5 d92f091d2c3d686fd17ed0f441768425
SHA1 c9d9736fb42e14dd8796087770eb1700fc2583b4
SHA256 b622e96ccdc66d7ae2a04e53da81d9667b0fa14b19e49a80ad8b6083cb0fe836
SHA512 4c1fe4f498f2552dc526bda274e85224114ad4c34a2c9cb7b963298737ed2ef1399634aef02b1ee2f12b36c25c58db901c49a96ff4be56d7ba8b05da1daf54d2

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_am.dll

MD5 ef01658f6b280903ff33554e690ed7b3
SHA1 827af1610165a3a116dd34f4c0f96328e226d72f
SHA256 d6ba1025296713523f611d472c785676b3b2753d6e583feb95962f0eb6aa84c8
SHA512 f929e1c70c910c6fb12786ab2374b980d7960fc8ec68b23142e21e6f6f406ad2a0382c462610010667b09c9020fcbe2b98f17b50981b29aa8687b7d258e292a4

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_de.dll

MD5 85b10c8a06a430d47f6f51078a16267f
SHA1 8440bd51fb36239cd9eceeb7370f2a892ee04db0
SHA256 509e2200941c59ea0e2881853fd1eb76d15eb9a49ff72171445f4ee8a397dd75
SHA512 b192c43e468b134bd178a5bf414d9b40167813d095305ac7f63316076d46e233698662f65652091c7bc32be36e4549c82b51c5e56f6cd33fdd0a66dce4edaa02

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_da.dll

MD5 814948b06e4a5e55c80414cf53a49b4d
SHA1 8ef5e329d4dd80beec9307b53b36e3d32c88cd7a
SHA256 932a2f0868b3ae2b3d6aeb9f3e9d7db8e4807c1f92d4094560e4992ca957cb8f
SHA512 c3a32b1508ed1117d17587fc03a05e6f930f5876b21e9951cdf22342f614e0ed0ca58d57ead41833d6bbeeb7f994e9ed5e0b58d664b9a32e5d5afdcff0d7378d

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_cs.dll

MD5 6fee6358d2fc63a0360d7b7062e0b71b
SHA1 eb689d7f21e3fe9eee39467f28060d2cc9a53dda
SHA256 a5300b63b29418cf492f1adb49f90d28b6522127eb870baecc5f6c7ffb928140
SHA512 fe35d988d4187e1442a185e838970d5e2407ade28d9103e92280367157a8f18c0a6ca379baa64c706c43ae2c8f12b6c93ef7689ef8844784d472227e0fba9992

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_ca.dll

MD5 76897f3b34f5406fad2a73bf9c949c6d
SHA1 3f6ab5d06a07b776a109a6298698e2db3beddc52
SHA256 05c13e54eefa41b7ca25d05842ab9f2a677cfe8dd47297b8642bc92622e1909c
SHA512 27e8c9410b7c1d4087bda9ff44714239e4a441ffac07678a992944d5d6565ac714b7d225d6f340b3c1cf1d065668e98c317e7832fde109fc29a5adc6992e1dec

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_bn.dll

MD5 182496a1548fa2c3994cd28c4f45f81e
SHA1 d5ad874183b5e7f9ffc63ef5a1e3f26bf4c94226
SHA256 2c5bfb13e6ffdded3150e677b1aac38cfed7e07184a6598c21ab0c9d4e19e471
SHA512 4998b9cffc222a731b8eafa0c1be95e660868b15a200cbbb75ca6c99245f635964addc028ed71384440bc551e99d5c98bc9a05c65f81099abd08aa5ab7a4c128

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_bg.dll

MD5 23b476d8a50a24dea83bdadb5d18ba3b
SHA1 4d0e653d51eb82e2afc507f0a91d4fa95bfa88b3
SHA256 42a6eeda06c310e225a4202fb95134b0f75355b6c3df05ff64c8f6f020bb0bc3
SHA512 1204525a3e63e0478ed200b0ecd82efaaeeab5e0f7012279c0f4afdc50f9b88bd6fc467dd49adb32e2f4a9b921589c066d729130839fa2e60e3dc2368e7cd60f

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_ar.dll

MD5 af761be9f504a907cee26f8b84e78a0c
SHA1 73f50190255d3534415554b586c4129c2f3b1c54
SHA256 3c9777876cba5f28b23ce6275d409290d42dcd13b6d7dde6293085567de5117e
SHA512 54eba2f3804861caaba1871feeec9eba7c9f7d4dd1e000708d2991bc5e253d8ac22ea2bbde0ce103aa7e718fe94382a3c984037d775d2d88d638fbe3043a0875

C:\Program Files (x86)\GUM6D50.tmp\GoogleUpdateComRegisterShell64.exe

MD5 7d4a5d2c3be057eea014dd3d7a08d3c2
SHA1 0b5902e1c70b2d9c93d0e2d38f41a37155272fb1
SHA256 26d4c072249d9220e18e481e89caf426234f34b726f8d1fa3b4940dcc75dd338
SHA512 08beb60edea9bd7fddd276072b4c9bb0f96a77dd4320ac6c60172919339adade455db0354f428b87d65d90c9d6f0d288fbdd169a67ee832241be743ab65ab07c

memory/4228-122-0x0000000000400000-0x0000000000C56000-memory.dmp

C:\Program Files (x86)\GUM6D50.tmp\GoogleCrashHandler.exe

MD5 27322c0a2f2b96d47eba58e550fc85f2
SHA1 9f781c016bc1c3a81fbe47a97a82378731885ad1
SHA256 c054e7261bc72489ff575009a6532e19373e3b76679735a4ec1f140314abd327
SHA512 00933b536e9c0c8b4c8c749a543a90f57bf42f3be59914fe15d5678b31f7588aa61eb75652af8cec00d19804ab480fc0ae675e07916aa1637b4629881b435da4

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_el.dll

MD5 13da9b858609e47afad908324829c39f
SHA1 4e817d1de441c066aefbda94b29d9426b6233514
SHA256 0044d817f3e24e400031eb7017f062992565ef2c283377f832bac84e25cd3f00
SHA512 fc1ca5dcb1596302edc7317edd3298882436caf551b292e77efc29e3f59f8caa246ea808c3078643a1c71c8652c39b940eca5d5b3594fcb816fbc96bebaf38aa

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_fr.dll

MD5 e05db677de98fdfaca0ef75150bdf0bf
SHA1 683ae620a6ed9d7e3985d93f9fd1a4a2057209f3
SHA256 aaef9f2a44b100ced71685587f2dea01b5711b48c1b08a5ae730549ec1a9b248
SHA512 b47080dc788011aa857bf27ac3d945f54fb9ce61bce09c7b1662736a1ad967d1610a1bc36ffb02100c97484e9c4b5b23f6260e8f8a02207c977d958115f8c4f8

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_it.dll

MD5 280dd02087c35fa70c2ab97025fc8a85
SHA1 74c6b16eff8731a8198cbd4efe87675881ea396e
SHA256 48b08446e59b5154c52dc75efce5cb7c37f04aacf26401ffe3162dbd4c9e2cdb
SHA512 7467c9a2ca2d6b476cacb6f11b1fea747d57998640ad988306c7a625c76db89a8d182c9019bc294b6dc433ef111f676704ff26974bfbf4dce1b54848fa465915

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_kn.dll

MD5 ed6f177349401cc5081edd6da2432c6e
SHA1 8d5b9bd5488d43d1712875aabc02141136465849
SHA256 e0ce8379f91a4daf5acc3dd8d5560cf7e6be1f0a55b84abdabdaf8d4146808a7
SHA512 2a3ad87390d89e9a0b7a4552012c77621322846778af59460e717dcd8b24f7c0dc3fd76e25a666da7f6b919e19ddbf3043284f89dcf79db7f3b3d7788a4c42cc

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_ja.dll

MD5 f8d66af42bbcd2075f5bdca27811ff80
SHA1 781fb8e9a818b805fd6c5caec823e4bf5705b87b
SHA256 7c068163e1682bc5ba8206a83d4e5fafcfe66ef5af2be9b12d6b68d7ee7a5104
SHA512 7d42db5e7f84bf738296fae26552a5bbebd28abf1982748bca892e2d3ca523e36ca18a90c90ad6531488cf3aa994cc4c5bfe37ab892d4512471da566875315a9

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_iw.dll

MD5 641a65991ba196b3377293c937ed8ddf
SHA1 a644afac01c2431c03131b302612fd34eb72af5f
SHA256 c89048f9cd687bae1edec6312455a183c2d1c30b6f38a59a914f6a72df6117df
SHA512 856231a6515d38dc999d22028fb247242726d2fd3561e46e4b694552abb311c03af479f457344c8b512218765ee5c4f8b3484fdfc133832bfd64b858bf64fd9f

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_is.dll

MD5 05cda4a9e66be97afa5a66bc0cc301f9
SHA1 0bfe10958ebe044ae655005df9d0b1fec4cab6a8
SHA256 b25b4306d7d6e9cd32517d676e9e6bf007c80d3ca44b29ca53ba6654a27e8694
SHA512 6c0a58ecdacb4ed942dc016cdd399f85ac17b5a37f24ebe883fce60105444849e33ecf6e2d8b846e04cbce0d9bc02c69f866b8c7fdd5b147315255c29d3c9edd

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_pl.dll

MD5 2bf2ec437d1bfe1808f216fdec2874eb
SHA1 ca6016a4f9eaba0200dabe119aa5032fdb5e3ace
SHA256 714109d32372b19cd3290b0cff1c2c8b02c70960047c8bf224a91083ab8b5ee3
SHA512 c759e2aa6c961b0091fbdcb324756b3a3643732111774d3d9e5bb1e648489bda18b0d79faa822a2fa74a5a7369a87dbe1acaab06c5d1280b6ff0b3dbadbcef8f

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_pt-PT.dll

MD5 0520866fbced5d4e6eb34064d1473688
SHA1 59a2c86eadc420e0e063cea1467247a52d5276a7
SHA256 6e40142b1680dcab320f5fd430b86d5da167be0d163b60cc5cd629ff29b4ba0b
SHA512 4a6ef707b6b6884a7b351f37ccc7cab28863f70ac1a83efe3088ff30a9698a838edb227e33653ec003c2ff27502e4aec0730bb72e553ba8620a74a9f82d1a394

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_sl.dll

MD5 0e88c3014fd2db4ceaaa83b2b7ca9eb3
SHA1 ca6b3ab3d89ac08cf51da79f27c731e55a7958ac
SHA256 6a2faa1408572820f9f0af57de5620d2a265693107e5f037d3cdea908bfbbf9c
SHA512 c86f74bac58bf219268edbdc240fcf697db97b1eb6d76cc378ddc2ee4dd7672524a3148aea0894d3082e4833284c049b46e243e8908ac9ac502cbfb1d15bdfce

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_sw.dll

MD5 809d886cee49c22894e133db7fd891c3
SHA1 8f67c83d975a498f1cdca60e3c93df050e9ed4e3
SHA256 0be7091cc419a239a203aac413ac7943805853290bfa7fad06e4b0509add52ee
SHA512 181b273c35c75ad5487eaf0cf3a60bc7762a05c0f085e4b31034daae053a941bb8c3427c3e77df791f5bc5799543877635f0089d19105d9ceab722a0132f0177

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_uk.dll

MD5 8374f4c9e46cf4ea674f24a0b92b3bf7
SHA1 1f5cb2bbe841c21026615e7c58d1a40259db3665
SHA256 656e401fac1c8d9c85ff4607c599ed0984dab1a5c0fd0a4465dc2170bf1e41ae
SHA512 d3788c07c2ca0a13e31dccf411907af14965a106aafff5f913816936b2aa94d0557c378f2e1f53b964f199803763e0ab6de6f8ff3c210224a893fd77a102d9da

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_ur.dll

MD5 78b039b42e65c9ac02ff41dd1f3e7857
SHA1 f4e33579a8d97a33d85def6a2b84256d99abffec
SHA256 04b8d96ef40395817a985eb1e202b35ec43422116bf8b5fad24abe252a286644
SHA512 378b1a21dd414fea85e9f99f63dd761a3ba9907096ba3d52f3f1388502e89212c001c0a4c9c4d05de44712c83b58b28c33c50fe97fe870c57154668d468e38ae

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_tr.dll

MD5 3b476ccac64c0e4a33a00088b4402165
SHA1 8096063c97635f88d046e290f1741c08cd8a7aab
SHA256 1f1922a948145fc6be008447ade1d69e45e3ea009993d3577fa8676d2fdfa8c9
SHA512 4561f3c89077981c91f667528bb1788b097a6ef6323efd825b54c81a5ef88a439ec6601de2c3c88fa039cf47bbb12396e30d634fd356f786227de03765c8f42d

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_th.dll

MD5 0896769f1fa07b3d8703b074d69a72bf
SHA1 cef08b31619abc26149c694a6c90c3c889d4874c
SHA256 5d5781e44fccb77f7aff314e09ee3e06d37a4fcacc5acbea21164fe8be5eba88
SHA512 3129003cc3a8d5693ca48c5054127f7eacafed5ce36b1061f0b63c04d59c242326ed7a7a71b0ed206e52ae024abaabdda5479ff84dd9e2e5cf0f4528c0b9cceb

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_te.dll

MD5 03e2a52b5422006bfa748e7a38022329
SHA1 4da4ae25c7f8a0cba14ea334f0a2f6468b94ee87
SHA256 c86d703fcaa7f2aa863975f9808a03a6efcb8bca45585ecfa7de374724440f81
SHA512 d129f88b279428d4e48292959126b71703fd65696c37e18f3fe0fcf8bd7506fedb3458f17be133dc3ca7f1469d17dd15c2bec71cad02282f015f37a4b53e0a02

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_ta.dll

MD5 25667ae01fe46e9f9cfc9b3151cd2d3b
SHA1 b60314669befe647d8df7b2c060d90f7adc71285
SHA256 07eea26166048ff5ae4cd6bf802f5cebd4a73165a053a3ff23d26c769ae90d95
SHA512 60e6473ce73c5f55a2282301e9bcffb7b0fb48c748c750a2887e5f16a9b8c556469186192bcd5da9bf7bc40cd736f40edfb8825e3f521442e349b25d7403077e

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_sv.dll

MD5 f7a78ce1136f3f650596349f08783009
SHA1 d47cd15ce81a873112a881b1bbc877d2e29a3bb2
SHA256 6fc29754f63e16feaa57625fb6a2583acee9226bdd627816a88c68696e62df1d
SHA512 8f6157a934690ca738f26180179e84c16c7931c88769a4eb9c5159f0d4c5991a51dcfe0d3313af84399e11e78e940140eb93a26f814c7bd156273fad958e2a97

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_sr.dll

MD5 1f74ebd791b4345bea3fb1d207c3e2cb
SHA1 6854093d78eb0c6dc4648f2a754414ab587ebb30
SHA256 f5ef7683039420b54ff3524c7d8a6aa6f8e294ae409b1aff8e29a939cb57b1d4
SHA512 89e8e69a967899009f7a4f67ff47d809c95957ace493f81d4d52363015c71758ab732b7ac6449ab6b7404c1022afec39b54d3057c06d9fd2d156ae6b7542c465

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_sk.dll

MD5 62b17ade3b5656dfa49dec1b2ce54b1d
SHA1 c5e792d51bad67e08b3b9ae3380d3ca6a2f5228f
SHA256 e9e37e937f94caf09f491b037f9cde405bd4e3a52d53e1013e4e120d3edf7b2f
SHA512 26ff699d319354f3cbaf15e839bd1dd61556445cf7f89cc37ab6747c60d5e40cf00a857cd6d005cb8bcdcb66e82055041faabdfdd53ba1c87e9937bcf391cac8

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_ro.dll

MD5 bb1df0ae124c34486be19980adde3c55
SHA1 4d866d8e0753e63f6133f60a1b147ca1c1c0b571
SHA256 303583d0b50a0aff7451d94f43af73329ce7eae9fd3f3d8dbcb4a1145fda9300
SHA512 53b083d57de9677b87ed02bbd2e73eb405cf95ed07ef41ab8c319f11fe81249e8306281d73e88f90cb2dbc7af4f0d0cdda1d890e66252e0e6704f2c17ae21d7b

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_pt-BR.dll

MD5 d1b9a1b379e6ac0365569b724c83b907
SHA1 5c4f70f1ac5a9874e702cde82b56d957fd2f270a
SHA256 c68713f46cc7ccec5dfbd2a94333134272b8ccb415f771c9622d0eb20a9595f4
SHA512 cb7ff2cc83d27bb87239b079da558423070eac61dc59cbbec6fd7ff321b2fbfbf604189b96c82dd6e581ba42c222e5b8dbbcaa24ab11f95df97de0cec13d63bd

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_no.dll

MD5 3d84836660e508342ae83fab0c8af3b1
SHA1 ae40d4a79f0ce593126a57ba9911c57952fc2804
SHA256 34eadda69c38d9577255a52153b3bd8e40c10b8729f585f8984f53e0ec61e55f
SHA512 db7605cc55200ba1f67f8be16ed7908df6ec31633eee1db9f7d90c622251d02c916c3bcd81e71f2467ed7a14059da62673d146825bfb06c4b6574012010d5004

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_nl.dll

MD5 ab01af4041a2a953ec0cc2c0db874514
SHA1 7f45dc241b2e15925dfcbd47d0eaed668e2c88bd
SHA256 8ca394bb7b0c46dace740e80ee89f8319d9bbc0e71be66409d66ffa06dc05e9c
SHA512 96b7c186ad8115a5ee5f6b9083f13d6a24ba2f886b6f65370a4c19f6020f65bdaaad28d3d51a236e7c01947136d7cb90ce02d677d1b024dfbe11499ac914ed58

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_ms.dll

MD5 9f7a8b8f7bef01c1b435dd411ba6ca81
SHA1 d509f4d4a98f5f72cc49d9a4b06275dee3a3891a
SHA256 b493b2c3abdbfa9b158d034988cb40bc05bb7d811e8389342d26d2c084e9e746
SHA512 4800d434a4d86a57e533dce6e7ef18b81565c88d264f9ddfd3468f05d2371f52dd3966399539d9e42e6d3e9099df5d4ef8448a6ec2e75f3ad0fe4ea00fb42777

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_mr.dll

MD5 03c2adac9977912c9b814e8693a117a7
SHA1 5c6b024416e99b32de25f8fb921b412583cc6b2a
SHA256 30c068e20891af3c49f38fa6b188a142a0616f257f47d675c5b86b793528740c
SHA512 a405f63d5c27b0bcf6a87328b56e763b2173f6434a6f820cbd0f9137bf87511489290a5e15f36dde23962f96aee72b8468869dff838bf0aabb4321785f1ee1b3

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_ml.dll

MD5 ed8e3a055bf890e3408a28686da2a9bd
SHA1 ce557ebae9ec3819c5677bdd5980713dac97c00a
SHA256 03866f7b47ec851c7c7c0712b005cb40ff6bc7d22d4579483509d55927663988
SHA512 818cdcd2354936069e1a4a3c05f99c0c7bfa1be3748b75a1e687599eda29e817d2c1b582a636bf52197d2243609bf3cd33f7311dea29d76d4485a06b19a1a487

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_lv.dll

MD5 89455ee22c2928c02f625aec7deec1d6
SHA1 40f57392f0b13cff8a12f2c4f21e77d745e88e3b
SHA256 c5d58a24c2ab573f823fea1ab4f178b7b54378e7a6da690d0a5c22f7680fb257
SHA512 1f670a5d51cf8494a2902c5ca09283dab2d5619806227a7ce3ecd2e67a21132747f6ade890f7f134190362d950ffe303ec76abbdcf369a34cf4073235ee24d26

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_lt.dll

MD5 55f9dd7a68c4417e617c909ff7cf7fcb
SHA1 f44d82a44503fac31dfa497c1181c183365415f7
SHA256 382d819cf57824381fc27c858f692c5488708cb9b20b19fc2740f99500939f9d
SHA512 eabf09e277a8692e75ca6b7da4dc773a2d88bce670b9ff793b3e3eafaee739ba531e5bf6e42748ac074b64f736ea180a4d217aba365774f1e3d1174ae5e21515

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_ko.dll

MD5 e9d22ca9a5ec33f126a4c343e9d95dfc
SHA1 a153158915d0b57c8430e811c21e1c683a49feca
SHA256 062e9484cd61c835ec32e202ac04abceda64e00131881d05829a61c599a65e87
SHA512 dc2a6e3183925984d52035ddf729083a29e37bd7923a5d5f3e054734e49b9c1d1598254656d061dd973720ae3350a50b32ea8534d098e4b7eca597d572ede1f6

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_id.dll

MD5 cf18940b86d19a8479a310d26b9c40c2
SHA1 e617f404989036ceb0b47d2e6e264721cd432001
SHA256 498bf2644c5a16a390706547480034ea787efcb896a12d03da2ea25bc279dcb8
SHA512 a48a4039693db6db9ed3a81e98e04b3339d8c19b939fd0b40119fc1174bafb3861f5bb5135471f0a7d0ef1cd9f6a083c97545661c755279a2d7ffca06f6ed304

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_hu.dll

MD5 61f7de3df93eee70324c23b441f8e1ff
SHA1 573702fe11cdccff3ea7da43a40147f2ac582de9
SHA256 a4d8493dbae949ab3d640ed68b1f85801bc87bcd2dff5dd098889d50806a5e7b
SHA512 2773c4b391092f5bdf1128ebc3d9d2fbb536913d230455f3c34132e198e7eab685f2704af539fd26ca984ec98bbb048eab389524ce58ae976b9643669a510d4e

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_hr.dll

MD5 4249c2c361fc8488de3754d624ce364b
SHA1 cb4dff392ede105c26d8ab63361c15d89e0a1f50
SHA256 67d51272b20d386ec81023e199676adcaff93b18e6da6904647326cdb8e36aff
SHA512 acf68c5135af81a09a1b214c73bee5430ce0785646a9a438ec2d0b73748075ab5b9e0e9869f4ebfccc152f2ef30de7073d9edcc12637af9a7a9b8ee8d094538e

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_hi.dll

MD5 0d5c2fb66f5029fc8dc89ab947fde4f8
SHA1 3b1cdcb71f5de2491bc29c512f64f7758c686704
SHA256 3e788372b182ae9f5f5608374566564db00dab62a0cbcc266df20272f8815dc2
SHA512 aa6dc2f1fc9d2bb90ebaa1eb9dfecbe469c44ed083cf8c4b8111aadb7fc99b3aec6743b3d2641b2eb0ed1ae8215bfaef998d471acefff205685f2736c25fba80

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_gu.dll

MD5 faea204297ca2df2bd3f192a5f511c4a
SHA1 175e9f3d9314daa90b4c6674218df76a3f10069e
SHA256 670f472338288207a8800238fe31c82c347d645ea1be7328e29811574ccca1c0
SHA512 5d48e951428cf58db85574a28f7074fd8e4eca4f4cf631245aae4f4f8cd82aa2f8083f15d5ea540d576726a94692c1a0ca1f5a9963144d09820db7f65585b6b3

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_fil.dll

MD5 aaceabdc9793774cc2bb62d3ad11a4b9
SHA1 64d0551362a1ab50bca852882ec0a6f411bed2ae
SHA256 ad53d3117349f32537959ca8b34be39db86d27e9855efee1eba1157635668101
SHA512 8d8c25fc88519bdae0ab872f90d9e3fa0aa2d38ce7c24f3a16d254971d718349276a4d9fd47bee2dfab295a2cbbc715a1a0e3b0ebfe49e03ebbe5f464133146f

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_fi.dll

MD5 80455a0657d6d909f37974555c247ef7
SHA1 b666f179cf12eafa71139146921c90390b88efc7
SHA256 273c8adf5c07429ebaad0332ad5d8638309b55f5f34a35fbc39154c5f84db464
SHA512 8d154a82576b67dc9cb3066ff55a4c9553786377f1c51b26e49da6c305a128d61149314b69244b4b80b7191ed8a46c87498fa470cea3a6b05f916c2a75e47a8f

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_fa.dll

MD5 461cc484eeb6b02e3715f4e110926ef3
SHA1 021c197e770a4ab9dcc3c9f483739678882ffc42
SHA256 518ed07d8f67272e1b1139ffcf925f7d7a602f3ac72bf73bb19d888c91cb254b
SHA512 ba0d2b2195c327fec8ed1ab5883884db682a4704785d207f9c06138a5da432843d51f20cc6a6f7d03374b5c4345453ca242f328516b0a50512e70efd84f6df0c

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_et.dll

MD5 23a742324e15ea331ad6299e0616da87
SHA1 4f0a3630a5629b54173cd76a673b279597c70bda
SHA256 34715560c5070f7424275490293e9737f405f9667c5d8cb9dfb38c4a07e14165
SHA512 91611c6abdb93f85abe1e46b69eb6475c5e0b8d950d32bc200b0085added6245d564640d2d328839889cdb5605eb7028902b5c6f328ffe1ff3062099cee0fe3c

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_es-419.dll

MD5 6ce732221fb44cec239a1adb553bf842
SHA1 cefc8998c5dd27e3ae0e2d3711da7d53ece42fae
SHA256 ba27f0af1b1a91406976533fb650c94b026fe0657c260a7c8ac8dd565ae18018
SHA512 eee58df4b98a2d85da93529289ef348b7d541ab9bdb0978ba4b1528dc3ff576919c0c428078af87a17512beafac34a473150ecd889b45fc7735b1a74e09c85bf

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_es.dll

MD5 249e6a320f3b46d30490f57179384742
SHA1 e2c4fd8e55a9f093ba934f54d692172b1882fbdd
SHA256 ed18042c2b281332ff5127e1429510cd523853b344da4f6c467b7fd8014bc162
SHA512 f4744be7150010f7d7bb91ef119b67ac1795299b2fec6b51592bb7b2929cef97b209e9bf34b35f923c37e0b2032c21176d72975b32b9249c9a4f90297a701c1a

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_en-GB.dll

MD5 0001f0b87063b2dc35b5b1e68c668679
SHA1 e7e8c395ec77548596523b565ee4569b3933fe44
SHA256 867214a3d0735593c12c2de6c407b29b1381664ba17e5b57c863ae39b6159607
SHA512 f3cd4a92fe4fbeb41f34ee35bc4cebdbc5b0a8961b346055848f13531f96b766ef51c04e4d3be701527c375a30919ef4a1731f300564f20e6bf16e7fc5636ed8

C:\Program Files (x86)\GUM6D50.tmp\goopdateres_en.dll

MD5 bea053dbe0ed0cbde42ea4c7cfa598cd
SHA1 7ad9801c19f5e57d8b414725e200ddaacb3d3988
SHA256 135d671264330b7d3f0a3d4e33ed128eed05ee51f4d9b5ba4a157c29af94bda2
SHA512 80e9fb32c35b8a73921baaf395b1e4303657ecaae9cb9c5d5e1ee60cd59dfa8d1fdf6f0acbc5096c6079555b604e192d6bd18dfecb0c95768e2ace43509d68c0

C:\Program Files\Google\Chrome\Application\124.0.6367.202\Installer\setup.exe

MD5 e390f10b1ef72d28adc11db97822c283
SHA1 030d1bbf25af5a405046b0ecb9802cee57239318
SHA256 865fbbf10042cf006274c563616017c09b7b27e08fb41ff52e1332240f18ed72
SHA512 d81ad96da404162e93b039a0ae1477cd1a674fe01854a792622feae1a3586a5194310e27c2011e8b24b6378930e65cbce9e85af8d8d33b0359a4df09859181d9

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240512020103.pma

MD5 ab1fcf6cc9c5a625efdfa7c884d54edb
SHA1 8e86fd6731328c6db3e3db85d2106cca700a808f
SHA256 9c647600826c8c6a88765af77f0b399b6daae89ccbed6a0c375ef22de3c6f4af
SHA512 0755a5dadc87a631403f25ecf0e4b71204efae5bc9eb8cbd8dcfc230218f6fbc5d1f6578b44635a6072dec3affe2e36925d1531a08fb8f8c51a5f5185ca49e5f

memory/4228-394-0x0000000000400000-0x0000000000C56000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 24be92724075e9ca166d0ae4a27f4933
SHA1 a8ad4c1766b17a34628bb076299f604d6380d382
SHA256 1cce2e7a07315c2645c86173df580f4bebe50b73afac717fb149b6dd47711095
SHA512 9ca457dea51356616f00f8c2e54150156fa320cccecd5460df691c898c24b9769535cb3a723ea03318c2db8c5b4a84fb3419e848be3eabab36210a09cecccadb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e9bceebecc66ce832a7216e3099ad3ea
SHA1 3b720a85c2ea91fae31e58b307faff0db25dffbf
SHA256 2447fba0d0b61b4113ee8af9c1d91536e0e361d0ec00f975bbff91f67379fa46
SHA512 e42b270da0285be0cbfdafefeca686936255bee128b30cb1d13de620d9bbc55f5d7aa6b632c4f6968dac26597d1a3551fc1d0e5aa170ec2b55a2db00f5e3ecb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0b8c60bef7fe991c620794a6c106a4d6
SHA1 74816bcad4cc4cf325fb6fc193219106901a72c3
SHA256 d16916e8c2a4fe589e401e19028a6636b9219b69efba33ceb27393cf6fbb6913
SHA512 33b8fa6b48e0e49ebcc38da761c211f8d63c59bb25cbf18b051b01379c22faf73d45e0462ebfa0631ce75be2efe48a36783092278b42edc2a682e46f040c393a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 cdf869a7b2e9d73da62aefef33d76e38
SHA1 da114319c12f776e65139f8dfe6457157f4021df
SHA256 98e1d270ef062feb4282cc97ab4e6f8cb1265daa17a70cd6b3df5d293edd36b2
SHA512 deb841608d08f36de2db71be2aee5a33f25af3b1614e0f004ba2e0d368384aa11be0119f51f4afc81d5d49892505edcb35c041f148aae1c6a9e47757a35e79eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 03e84f1ac05c4fed9b41e9fa97c8b986
SHA1 5b1abc3a2ad1031f8df0be840ce8ad4a04b65990
SHA256 0e1147bfbaf0fca963bc8cfa1e18114be98a93d30f4f9a89720ee774256573c4
SHA512 37ada743849a56ca45c8c0ede47d779435c3b19ee4d082df0901109cd6843e4bb087655d1fd47a81c14963e96f6ef3150c1a8eb56b2031cfab7205ddd7053cbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3714f9f7344826f2429618ef6674bf5f
SHA1 e9d50087bf9cf6c4b4363eb7add2e2eb362e53e1
SHA256 d0524f490bc7e04935943845f24e8da90abe68628045c3a69925b04f7f1d5ed1
SHA512 422433d3cafe0fc4c3dfc19cb23014932d73403b25ad06fcb908240567c15aecf8028e4bdf59d4bb8be66125b8b59613d8c7fff6098b042af2d1afa01f1d571b

C:\Program Files\chrome_Unpacker_BeginUnzipping4984_1852224008\manifest.json

MD5 4c30f6704085b87b66dce75a22809259
SHA1 8953ee0f49416c23caa82cdd0acdacc750d1d713
SHA256 0152e17e94788e5c3ff124f2906d1d95dc6f8b894cc27ec114b0e73bf6da54f9
SHA512 51e2101bcad1cb1820c98b93a0fb860e4c46172ca2f4e6627520eb066692b3957c0d979894e6e0190877b8ae3c97cb041782bf5d8d0bb0bf2814d8c9bb7c37f3

C:\Program Files\chrome_Unpacker_BeginUnzipping4984_1852224008\Filtering Rules

MD5 6274a7426421914c19502cbe0fe28ca0
SHA1 e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc
SHA256 ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee
SHA512 bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 725a6aa52d4496cf97761d54755a5c9f
SHA1 36082b2eec18182ada5976e91f8365923a15c92d
SHA256 7f824f9b6da0eaf335cc243acbb1ad4e7c867d86fe9254f7d334722cf43fa090
SHA512 6feff3f28aef04b6d96b5caebe78d1f38639e2a22e16b842638540928876b4d83a396cf0e47f739bd3f8420ab5dc6b53c523bbba56f3123e957c60674b90317a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fe087d4341dca3c747634d87c3f051c2
SHA1 93e63e97f94dba88030396524f8b646ff79b0be6
SHA256 517f5532c2472d7f191b715728896ec8272d1bc954d15902d371fabb27f1ade9
SHA512 f69b0d7821806772d55c9dd889dcaee86f162dd10f3dd46327c1b5ba234821f2ea18c7550254cebb2994e498e3ea7998c878ebd42f8a1f7fa911c4c6d3126964