Malware Analysis Report

2025-01-06 07:47

Sample ID 240530-qe9tpsah26
Target chromesetup.exe
SHA256 e0ea789539cddd03cf75bfed7fc050aa7e9b259b85562b1d6e241f2954857a09
Tags
discovery evasion persistence spyware stealer trojan
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e0ea789539cddd03cf75bfed7fc050aa7e9b259b85562b1d6e241f2954857a09

Threat Level: Shows suspicious behavior

The file chromesetup.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence spyware stealer trojan

Reads user/profile data of web browsers

Modifies Installed Components in the registry

Checks whether UAC is enabled

Drops file in System32 directory

Checks computer location settings

Checks system information in the registry

Registers COM server for autorun

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Modifies registry class

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-30 13:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 13:11

Reported

2024-05-30 13:13

Platform

win10v2004-20240426-en

Max time kernel

94s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\chromesetup.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\125.0.6422.113\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google840_585983759\updater.7z C:\Users\Admin\AppData\Local\Temp\chromesetup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\updater.log C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\am.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\hu.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\zh-TW.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\VisualElements\LogoDev.png C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\chrome.dll.sig C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\settings.dat C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\1594521d-bd5f-4f7f-8f6b-498278cea7aa.tmp C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\icudtl.dat C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\ar.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\es-419.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\pl.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\notification_helper.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google840_828420796\UPDATER.PACKED.7Z C:\Users\Admin\AppData\Local\Temp\chromesetup.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\CHROME.PACKED.7Z C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\SETUP.EX_ C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\ur.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\mojo_core.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe57d707.TMP C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\settings.dat C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\metadata C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\metadata C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\manifest.fingerprint C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\d3dcompiler_47.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\vulkan-1.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\default_apps\external_extensions.json C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\hi.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\chrome_wer.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\updater.log C:\Users\Admin\AppData\Local\Temp\chromesetup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\metadata C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\25c6d37d-6069-4219-85f5-66d7ee6744b4.tmp C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\manifest.json C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\chrome.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\optimization_guide_internal.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\ms.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\tr.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\libEGL.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File opened for modification C:\Program Files\Crashpad\settings.dat C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\6afd59d1-236a-4f01-945e-1c560905d79d.tmp C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File opened for modification C:\Program Files\Crashpad\metadata C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\metadata C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\metadata C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\metadata C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Extensions\external_extensions.json C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\gu.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\nb.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\uninstall.cmd C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
File created C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files (x86)\chrome_url_fetcher_2652_1242630688\-8a69d345-d564-463c-aff1-a69d9e530f96-_125.0.6422.113_all_aogspox4cotu6xggqyym7s5hye.crx3 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\8b3def57-30df-400f-9fe9-f4c2828f606b.tmp C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files\Crashpad\settings.dat C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\MEIPreload\preloaded_data.pb C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google840_585983759\bin\uninstall.cmd C:\Users\Admin\AppData\Local\Temp\chromesetup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\he.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\ta.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1912_1534582759\Chrome-bin\125.0.6422.113\Locales\kn.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ServerExecutable = "C:\\Program Files\\Google\\Chrome\\Application\\125.0.6422.113\\notification_helper.exe" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ = "\"C:\\Program Files\\Google\\Chrome\\Application\\125.0.6422.113\\notification_helper.exe\"" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19 C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Google\Chrome C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133615483564435297" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Google C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Google\Chrome\InstallerPinned = "0" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\win32\ = "C:\\Program Files\\Google\\Chrome\\Application\\125.0.6422.113\\elevation_service.exe" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\TypeLib\ = "{F4334319-8210-469B-8262-DD03623FEB5B}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{B4168B26-4DAC-5948-8F80-84C2235AD469} C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{DF978A78-4301-5160-9D81-9DA6EED2B58F}\1.0\0\win64 C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{F966A529-43C6-4710-8FF4-0B456324C8F4}\1.0 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\1.0\0\win32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine\CLSID\ = "{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77} C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\1.0\0\win32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\ = "IUpdaterObserverSystem" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\1.0 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\127.0.6490.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{C4622B28-A747-44C7-96AF-319BE5C3B261}\1.0 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4} C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{F966A529-43C6-4710-8FF4-0B456324C8F4} C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib\ = "{463ABECF-410D-407F-8AF5-0DF35A005CC8}" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B685B009-DBC4-4F24-9542-A162C3793E77}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\127.0.6490.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\1.0\0\win32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib\Version = "1.0" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DF978A78-4301-5160-9D81-9DA6EED2B58F}\1.0\ = "GoogleUpdater TypeLib for IUpdaterInternalSystem" C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4} C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\ = "IUpdateStateSystem" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0\0 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ServerExecutable = "C:\\Program Files\\Google\\Chrome\\Application\\125.0.6422.113\\notification_helper.exe" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B4168B26-4DAC-5948-8F80-84C2235AD469}\TypeLib\ = "{B4168B26-4DAC-5948-8F80-84C2235AD469}" C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\127.0.6490.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\TypeLib\ = "{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{D106AB5F-A70E-400E-A21B-96208C1D8DBB} C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\1.0\ = "GoogleUpdater TypeLib for IGoogleUpdate3WebSystem" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{DF978A78-4301-5160-9D81-9DA6EED2B58F} C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\ = "IUpdaterCallbackSystem" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine\CLSID C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3} C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\1.0\0 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77} C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\ = "IAppCommandWebSystem" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\chromesetup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\chromesetup.exe N/A
Token: 33 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 840 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\chromesetup.exe C:\Program Files (x86)\Google840_585983759\bin\updater.exe
PID 840 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\chromesetup.exe C:\Program Files (x86)\Google840_585983759\bin\updater.exe
PID 840 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\chromesetup.exe C:\Program Files (x86)\Google840_585983759\bin\updater.exe
PID 2820 wrote to memory of 2680 N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe C:\Program Files (x86)\Google840_585983759\bin\updater.exe
PID 2820 wrote to memory of 2680 N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe C:\Program Files (x86)\Google840_585983759\bin\updater.exe
PID 2820 wrote to memory of 2680 N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe C:\Program Files (x86)\Google840_585983759\bin\updater.exe
PID 2784 wrote to memory of 3340 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
PID 2784 wrote to memory of 3340 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
PID 2784 wrote to memory of 3340 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
PID 2652 wrote to memory of 3744 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
PID 2652 wrote to memory of 3744 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
PID 2652 wrote to memory of 3744 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
PID 2652 wrote to memory of 3504 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe
PID 2652 wrote to memory of 3504 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe
PID 3504 wrote to memory of 1912 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe
PID 3504 wrote to memory of 1912 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe
PID 1912 wrote to memory of 4524 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe
PID 1912 wrote to memory of 4524 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe
PID 1912 wrote to memory of 2516 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe
PID 1912 wrote to memory of 2516 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe
PID 2516 wrote to memory of 4644 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe
PID 2516 wrote to memory of 4644 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe
PID 2820 wrote to memory of 2720 N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2820 wrote to memory of 2720 N/A C:\Program Files (x86)\Google840_585983759\bin\updater.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 1176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 3948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 4356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\chromesetup.exe

"C:\Users\Admin\AppData\Local\Temp\chromesetup.exe"

C:\Program Files (x86)\Google840_585983759\bin\updater.exe

"C:\Program Files (x86)\Google840_585983759\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={E41F2270-7C92-1876-808C-0A628107E00F}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&brand=NZSX&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2

C:\Program Files (x86)\Google840_585983759\bin\updater.exe

"C:\Program Files (x86)\Google840_585983759\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x27c,0x280,0x284,0x278,0x288,0xab758c,0xab7598,0xab75a4

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update-internal

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x8e758c,0x8e7598,0x8e75a4

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x8e758c,0x8e7598,0x8e75a4

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\748ce08e-5625-45ab-8450-3520235bd70b.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\748ce08e-5625-45ab-8450-3520235bd70b.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff75fb52698,0x7ff75fb526a4,0x7ff75fb526b0

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff75fb52698,0x7ff75fb526a4,0x7ff75fb526b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa1e091c70,0x7ffa1e091c7c,0x7ffa1e091c88

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=1964 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1840,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=2000 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2296,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3824,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4736,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:1

C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3888,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3672,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5028,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\Program Files (x86)\Google840_585983759\bin\updater.exe

MD5 675c9a53a09d5385bbdb3a43a88f2493
SHA1 71d1c311eadd4d5949c0b48def8ad0f2186bc243
SHA256 ebb428a4c1e29192617e7699513ec78512735110bba68bbee54dee34807094ae
SHA512 e3b1d8351b6d208678673e4c69aea745de5b2576a43d2cf9e06c1ea0780dcbc2ca56d5d5fc712b80309ba7950b90130ca2780185b71c990ea6c6062bd29f5136

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 cc40e3787a777a1c93223792b54a9c46
SHA1 a0d96c05c7818b6267ce459e9d416cc58dce40f5
SHA256 30b7a4d224af8ac73facd4a883d01d1b3ec2134a7e710bb4105dd931158a3d77
SHA512 e2d06f9dc50fc0e63ac012e45774dd213ae3613d57b092c22b9691c7ab99aeb41a18c56aec865396e768e3a290560b9557869c51ca096321c7dedd111d05bf47

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 e1e1659c90d86af5b351ff8752286796
SHA1 8509037fb1026d1614b3e020389219807be96ae6
SHA256 0a083476796dd532b4c2c1344847426e03d8a9a0ee1887fdef7eae74bbbc700d
SHA512 b242215bc285f92688cadd705f5d1cc6efb38bc12cda9976e8b7732d2c187c5254b70aff3b848910805017d858fbd6d977ecf46b347ff60d461b406b296c1784

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 a5feb64c636e70b5c16828429c998c72
SHA1 ce3b7b0feaf2e1047f3aabfe058665d1cc6d97e9
SHA256 62cc2fe9f75821f4bd9c3448c5067a19d40721ab5fcd87a2b60317109676f51d
SHA512 c58d67fb023fba154ebedcfa4e401d3eb45a6081a660a9c2b2b88e6750e8ffff1c0133d66f3c2f39c991b7b6f019fd4608857b492bf836c0606651daba6bdcd6

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\settings.dat

MD5 cfec73a9244c66ee701334d1708b348f
SHA1 c62a35a1266b1d310bfe37ec89820e325dd267b2
SHA256 158ae6ce668e6c6b2aada579f99ca9e3822533889b5ce43da0c88a0eed19646d
SHA512 b6e4bbe1e83546b4e07b0b1ef1457e9f8eeabeccced1da9a6253032d8db55b8d378c55d74fa87f3ffff78220e06a2da8a4bb5adee5ebb5b8f56e1407bf136ebd

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 bdce395b453a0a3ffcf742feb2a210ae
SHA1 8bfc909ac17238d49d93a3668256b92766391452
SHA256 82f7226a5b6be7356507c368ca2468c5d9b7d4a4036fa18d85c6a99e2f0eae41
SHA512 cf4d12cecd6d749990265779d1f9ec5e505b54cf283580f611cd346aaca17816b4c58547bb61c451190c07b651d967f2d03c13b74e2210195514f8087b92288e

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 6cac67cac010146fa74726d026d9f47b
SHA1 e145a7aa4d8696f14550f9ab38069b0359897758
SHA256 7f1daa56bec0f7f0ca5862773f00730f09e16a8403e69d899d6cde28e050a529
SHA512 4f8b954d15e6c38c82fee7444445a46ba08564bf12cd2cc4001f266544a6ef2c977d328b46fc51c0b80ddc83591f0726f8c31aafeaf5010110b09f00ccd2d9ed

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 7136b45ffcac6b52d6873f2864471ea9
SHA1 7afb956fccbfa48ec7fcac07cde0f6059a51a534
SHA256 78f60448736dd9d298a2bc503571a91a8f0c342e95ff8cc589d546e84e7384c2
SHA512 66755a95e16371a527df8b702ba8d686a08678aa0d3257ec4775c5fef8c81d422d7a6ce8aa1fa1c150ebe02f14a0df23776dabc42b6da5ed83b79be956fc2ac7

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 f210060538ad9c31e3e20f947b7a17c4
SHA1 6cf868d266e59028cdcc78514ff0c30c324d7404
SHA256 84cf547c62dd1fe0d01052705cb146680046a5e12fd17a0efd296b77dbcb74d1
SHA512 5d8c99cc9c839d23f8428bcad4e28f48dcbd53c449e50c541775ca22bc03671e00ad20a31a72792be9d985019b57dd9caefbaf7d77a90333d2cc1f504178a3e9

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 bbef1145e1483303648c6c300f24ba68
SHA1 46c1f3af114934341a2ca8281ba52a06d0483a29
SHA256 d70172883dc4e6b238c99c802a295bbe7a9de41114f5aae97f105d6165f10381
SHA512 8400f3ea9ba1dd16cb34626a3ebcd2a5f01721bcddce564e10f185aefda79bf2e304f3e33501a02d864337bfe3d68a1803fcdf8fae5993931e6f114f67cdb1de

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 5f741b494cb8e3f7a15a862677087d14
SHA1 c64aa2a60e36c846e28bf6a7d8effcee5ec54033
SHA256 f197c7fb8013f429f3b782a15ffba410469d0990112dc5c99d5b1e8487cf5d1e
SHA512 f51636110543132c7c504e31b57bf660ed4f2be73346334baf3ad35da5b074161024aba75ea352ed7f82c08eabee9f9c6220ba97e64b750883a2574bc86a1585

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe

MD5 e8e4e8f66fa72b10eacc18ff5ce000ba
SHA1 9064de09632d155e2acf236d54c343f276bdf79a
SHA256 ac03c7f78bc590bf6b400c5078a7fa6b1e61d3935cd591868f7f73fff930e4b3
SHA512 7fa4768d6043a4fbe38ba70947e9b5bd8e4111606ce673f8b0ee7dd3d95ea9b3e6dcf0f96bc55634c85a1a3f6a4120ff7461a3463ca36133f57a607bef49b158

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\748ce08e-5625-45ab-8450-3520235bd70b.tmp

MD5 c089c4384640b0c4adfc8efd6e9bd7bb
SHA1 6493eae2a45cddb77fcfd86a6e9fc5023566c461
SHA256 ff5435bc9b547ef318d0b7fe3f9d8240ba437f1b207859dcb516c15553effbd0
SHA512 6f258bc5921c6bc742cae2e4575f4fee23b2e602476c19b6633ce56918dd6dd21b8ee1350cbf6b65b1f58008cf1e0e0362a01a79ae4c9f06905e710d412337ca

C:\Windows\TEMP\chrome_installer.log

MD5 e442dc6381244ec9ba6a8a9d5ae1cbdf
SHA1 78180f581901debae6f2163a325ab9b2d0805fa3
SHA256 063330a944a6fbd418cc9e639f02bc0d9c9b007d9d4464ce9ac88feb393396a7
SHA512 539078a293da7c391b3e4071b56a3476cfc15ce4f0eae3b20892f3d9740bdc48537a6b033207ee49ad9579285afc7e26c5df4e91a76610edc2199786eef6c89b

C:\Program Files\Crashpad\settings.dat

MD5 33de1fba7ac00c88354e2220884b563a
SHA1 d023ec955120896a402fe951ea315b1bee6f93fa
SHA256 75c127032f9249e4342461d99484fb1cc87a7a4955630085df1df23db77bc820
SHA512 b30f584d32ee6fcb1f078338c60c5cb72fb05f101c28fb29405057eebd8ef1dafc47bd1410af559df16797b84993c78a51e318afbc44910ac5d52b0c36a15ecf

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 3998300d42dfa46c534071833137a1e4
SHA1 cd881ee067bce496a7d271b3dc1c0ebfef923d4b
SHA256 9841226f3175588c51e60e828dc8e3c16c42f9f7af15f363963fc230ce7bf4ad
SHA512 a25eb0bcebcc874548b49c8e3d58e64da2e7c79c01e3bf372d005f56db571c830bc6081a89169fc45e3f7a6aafa3239f9ea64ebf7fc233b80d0ea27fbb532c8f

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 f5e9705edcd9cd1b6ac059f131c39d8a
SHA1 d5910cd2b246bc882de25e498225e40072dcd83d
SHA256 c43e13749b724d9b3eb1469a625dd7236c0a97ac6e17329f102f86b3fcd585d5
SHA512 7adc87d10c67e05b5245ccc9ffdeb76ac89b137ea430fdb2165010fb7a1ab97a72b907d53551a88087428c0bf41555f54d23979b25dbc5d251456749b165dcdc

C:\Program Files\Google\Chrome\Application\125.0.6422.113\chrome_elf.dll

MD5 d8e75711fa2b3dc467acc8a4b9d8c54f
SHA1 560d442ca0773a28e082de55b7fa0be2b9d0ed51
SHA256 c66cbcde3a049b9ce780a6bb78fed467471943cb78d3c83ae28f9f9fa37715ce
SHA512 978384dfe0f9dbf80f9deeeb3bd3d59d39592789329cfb0ab41e12b2a4e34a0f498fdcb26b189e57f2a4160f4337ff09ed7b66d5f0a1d28199ce7939fdd813a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 95710effb7bf9892fd9cce346a01a1bd
SHA1 9453b0c8b0c808355c555c73e042f13f6054dd97
SHA256 5888454648d267d78ad890370670e061e03e04ad93f54c600619b7a515150a9a
SHA512 e8cb7be6dab36e7c5c63a9eee9edf63724e69546f4197e8e9cbbd766d6261e376bfe1be45fd10aba65368ff5ea747a3edf51d638225b2ada8587a2633ce261f8

C:\Program Files\Google\Chrome\Application\125.0.6422.113\libEGL.dll

MD5 916ba1465ae826fa94c715227e70b625
SHA1 ae3281c9bfa530df6e42bdf070fbb5895a9b205a
SHA256 2315b8e49dda72a6f73004769d4c422a9ed157c6046099db7745bc11b0243d52
SHA512 97da6f751f6afb498dd09c7538955320df87699c271881ab968aee2f9e30ab4b162fb0284c7954056f4a5de50ebc359eefeea48203e0a6f289a12c02de9e4918

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Program Files\Google\Chrome\Application\125.0.6422.113\dxil.dll

MD5 30da04b06e0abec33fecc55db1aa9b95
SHA1 de711585acfe49c510b500328803d3a411a4e515
SHA256 a5fe1d8d9caa2ff29daffd53f73a9a4e19c250351b2abe4fc7b57e60ce67ac68
SHA512 67790874377e308d1448d0e41df9dd353a5f63686df4eb9a8e70a4da449b0c63a5d3655ab38d24b145ad3c57971b1c6793ea6c5ac2257b6eb2e8964a44ab0f08

C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe

MD5 05472bb56813c11872a1b7e934fa9f3e
SHA1 2a62b33207e3836208e3d5c46bb8dfde04b09d16
SHA256 f12a1e99ddd7552742fef5827e9d581a70215fa0f31fd344898063e1cc4ceb39
SHA512 cc6359e6d24c350a4b864ce76ed270d08ed7631912f294bc943aa5f877b84a7de8d93dd971e3c35b1811ace7ed8223745d06049cd1ac690f0d67b7e3bc4a0394

C:\Program Files\Google\Chrome\Application\125.0.6422.113\dxcompiler.dll

MD5 2d85f8fce028fc1a7cce5cc198f7e7a9
SHA1 eb6ab7c16ce3d9e8675299935b087a1e5e24abb4
SHA256 b567286cc299f492a3879d2e7b162d0767bfbfb13de448e72b44e3d42f70d304
SHA512 7d32a8639d9294ccecb1e4d10ab32fadd91bed2c53a4eaead216a18f90d8475bc9cf686b95ac867df40a14631db33302706e7070b5779432f629aafc6c9bbb66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Program Files\Google\Chrome\Application\125.0.6422.113\vk_swiftshader.dll

MD5 3f41bfdec6263198a1052353e44f0ef3
SHA1 1dad97372e9a715af9029a1f6a4fdf2760a1c590
SHA256 3775a2391025bab98e8dbc0ae6e2b8bcebc113ba65705eef011827a99438aff8
SHA512 759d00d15f6f2b48580b007a6a0e3182806bc42e94e107832d76c7d529b79711bdf69a792fd09f48b4a0b15393277a69af74f22429c93f90844cf841fd621749

C:\Program Files\Google\Chrome\Application\125.0.6422.113\libGLESv2.dll

MD5 d29011fd0d464f424cf26cc5f67d207d
SHA1 9feb6324b6402f545ef8f9e13ff58f4c30560598
SHA256 59b391a6a1ca1647a41fdd4182e95073bcab94558dba7e6d0598e4f802108e0a
SHA512 fa2d47a8c58e90aa32a528c1e733c56e5ed2ea6477a995ef2296e22f8681af1df76fbb9335f9339d7bbb366e7f5913f45b76398948e789b8a0b222fae292027b

C:\Program Files\Google\Chrome\Application\125.0.6422.113\d3dcompiler_47.dll

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

MD5 36a65a1c622f47e18c62b14f3a4a0ca4
SHA1 6ee360836785ba5ef967e8e0a85202bac7814bf9
SHA256 e65125eb218c89a71185f9d3f898f87ec55a29d34f2a2cf4976f42a839c3a035
SHA512 d07d295fc1583b890d2a61cdbb675822c4caf81f8605e0fe6abc00fe5cd560d7ced50b72f3216a4f10e30e3a3b00e0f42e1cae2c30d3e0879f7d713ef8172ad6

\??\pipe\crashpad_2720_FVODBOBBSOSFXEHF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8f56d16ee43b41748b82331536026758
SHA1 38a7a82cad9ddd210d16ef5cdeb9d4c959df018a
SHA256 24df00723d8f7363f27bd69eaad829cf66343aa03f9006cf4f34852d027bf564
SHA512 1a46517b8d4ec040c276e3875ad44a501bad110739fe6005421d3c554030f61e48d7378b526569356904e0d8c5df3df3657022b9ba5c4212f55b0d1862a790b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 82c559b530e6f4a4ee8ee76d452ba613
SHA1 fe136c7751ac22fba85670463bf93f632527397b
SHA256 5080d814aa26baace17d8c90ef282959ae04fbb1cbd606c7a065ebb2c84eda80
SHA512 243936a1596fb150e9c662473bbd2eb21551ff0bf8657a59c5baa7e8c3f0744fff2d1c2e370057e05192ee4004b326cf7c49d711ceac7eae7d2f4fda6b3f5770

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1d9408874f7c27c92f01f42cd72b164
SHA1 a5563aac4115e8fac4ac3e555037854d48f81dcc
SHA256 8e9d78628bb855c93b365bea261a355571820b9a5cdaa76b43a5439a281ee5fb
SHA512 ad8e1e87aa6066c9596fdb5ecc526b46d5e406ec4977375c04984eb119940911c268b8d895b822e1a25cb688294240ef88f9f413067dc486178f2f692260c905

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 cdf869a7b2e9d73da62aefef33d76e38
SHA1 da114319c12f776e65139f8dfe6457157f4021df
SHA256 98e1d270ef062feb4282cc97ab4e6f8cb1265daa17a70cd6b3df5d293edd36b2
SHA512 deb841608d08f36de2db71be2aee5a33f25af3b1614e0f004ba2e0d368384aa11be0119f51f4afc81d5d49892505edcb35c041f148aae1c6a9e47757a35e79eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 792e783581d03e5a5dda6bd6b4e038ce
SHA1 099035b202eea03f8f3b751a30908e722e9722a6
SHA256 31d0402e812a548c4417e59d9e87259131d31b4964ed880ef2b213730ff55781
SHA512 1bf31b0b1491d77cac6dd49f7cb1b269cfa197fab9fc7abb800774af41de15d90258644844c62a1cd37e2fbb3a8b91d1c9e8d87c074a1e777e8c8721b6f6b97e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 04541d63b69c2b9a64522e538285ab60
SHA1 d33a1ce7aa294dfb2e04a500f2811f5cbe57a635
SHA256 67c5f827716f378edcd529478241d915e360d20c75bbb500cc093542a8cabdaa
SHA512 f8cd32c2677bf240b760f27efe7f5aee017c2d3e6312834f6bc00f1aedb21ac7e738be9c75106e1abf9859f558b279074fecda65980efbc6fcb169f3aa4de0d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 5565e6fdd319147e2265e3861c2a9eba
SHA1 2d5c1479cedd1db70580dca8e49628c8b9f1f0ff
SHA256 f3c8f96ab06cffba8dd3658551854fbb642964335adcdb7672fafbfb4e3b67d6
SHA512 44e541317d6a5c955dae1f3005a336db879d2645856f6a4a869443f792730d6fe3ca7efdca06f1319468a0ba4ebcab5df04412e30eac2cc38f9965d866e8f9e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState~RFe588b34.TMP

MD5 d5c946e2a51e840013f72c4c55411612
SHA1 f77e791fe57615f3c66b6a2e19922edb78319154
SHA256 6b7514bbcbf1fb2c6911c70f98b8069d821ea52db43ff5f9e261df3d9f38da2b
SHA512 42850e5fa8442bca91185ae6bec36ae58b6e2b04a894c0deeb7f657f4289b1e3cd9991d8cdf3b6d559787a3188767d1b3ed21a195afdc05f9d90773f3018abd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 784665874d8126c4212c6116440bbd17
SHA1 cd45af550c61944b6b742666674a3e032e446677
SHA256 74b066e76acba8cea145735374ce77dd73d1c9944751ce84215d9d3132c34b53
SHA512 6f271861e3dd63ee900870c72197c6b7fb4a0cf7b9a293b5e4d15bdbee8a142169ae7282f6857ea9dfdb936c59198f4bf9a86a4318600d1fc53ac2e61c7e9c6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c2c97bf5f0b75fe15a76015708939d8e
SHA1 a7e6fad8962e68b14e76f621884ae13db867f469
SHA256 1a159713696ec3ff151ad1661f46dcd86bf8e37bb717332018b9dcf36911aa8e
SHA512 628c616264e81d7378195b9944284179195404d08bc401ae97e6a3fd4d9d7368d57b9ade378f700e1c7139e2439d1a3c541e46d83e7766547bd168ca9e1c5158

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3850a2b7d50755b1ebd41913c4a1711b
SHA1 e70fc3c07f867b9e3154f76c75f5b46b655ba174
SHA256 df39a02f0609036ac079b44f8e2b30b6b7bf3c1a037a4ca38f8ee1ab970e033c
SHA512 5c81e8d1ba5a157603a78ec5cd58f8a2a15d42b14617e8ea038e473e4d523919dcde42abc48e8d410ae8cdfa8857d0d9dffc38ef2c576a409fe67a8303eb34e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

MD5 9daf94e87e09618e680d1942d07fd64d
SHA1 2fcf79cc4a067a4be75449b7a4d70cb82439bdf2
SHA256 d56662c23c4e3c59106fce84335f39a985ff519ac08b372b56a32463fbc309c2
SHA512 dce80b424c5faeedbeebb9066aa2ad57caceda12aec8bbf8501b709a83f92ce73d83048643ed2510e3e436fe2e6f7d7c846537fcff79331b645caff7f8b853a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e