Malware Analysis Report

2024-11-30 07:13

Sample ID 240601-jezv6sfa35
Target c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac
SHA256 c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac
Tags
discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac

Threat Level: Likely malicious

The file c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence spyware stealer

Sets file execution options in registry

Modifies Installed Components in the registry

Executes dropped EXE

Deletes itself

Checks computer location settings

Reads user/profile data of web browsers

Registers COM server for autorun

Loads dropped DLL

Checks installed software on the system

Enumerates connected drives

Checks system information in the registry

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Runs net.exe

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Modifies registry class

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 07:35

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 07:35

Reported

2024-06-01 07:38

Platform

win7-20240215-en

Max time kernel

149s

Max time network

148s

Command Line

C:\Windows\Explorer.EXE

Signatures

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\109.0.5414.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\109.0.5414.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ServerExecutable = "C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\notification_helper.exe" C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\INPROCSERVER32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ = "\"C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\notification_helper.exe\"" C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\INPROCSERVER32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\N: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\T: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\P: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\M: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\K: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\H: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Y: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\W: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\U: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Q: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\L: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\G: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\X: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\V: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\O: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\J: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\I: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\E: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Z: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\R: C:\Windows\Logo1_.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_cs.dll C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2468_1432754129\Chrome-bin\109.0.5414.120\Locales\es.pak C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\en-US\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_ar.dll C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\es\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2468_1432754129\Chrome-bin\109.0.5414.120\notification_helper.exe C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Reference Assemblies\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_vi.dll C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Games\More Games\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\sd\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Windows Mail\fr-FR\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Windows Photo Viewer\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\nl\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Uninstall Information\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Triedit\es-ES\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_no.dll C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\_desktop.ini C:\Windows\Logo1_.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rundl132.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe N/A
File opened for modification C:\Windows\rundl132.exe C:\Windows\Logo1_.exe N/A
File created C:\Windows\vDll.dll C:\Windows\Logo1_.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ProgID\ = "GoogleUpdate.CoreMachineClass.1" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\ProgID\ = "GoogleUpdate.PolicyStatusSvc.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\ProgID\ = "GoogleUpdate.PolicyStatusMachine.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html\OpenWithProgids C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ = "IApp" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A50E9E56-BA18-4FCD-8DDF-B91F12D0B6B9}\InprocHandler32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\ChromeHTML C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ = "ICurrentState" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods\ = "12" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ = "IAppBundle" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\NumMethods\ = "41" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation\Enabled = "1" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\ELEVATION C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine.1.0\ = "Google Update Broker Class Factory" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\Application\ApplicationCompany = "Google LLC" C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A50E9E56-BA18-4FCD-8DDF-B91F12D0B6B9} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ = "IAppBundleWeb" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID\ = "GoogleUpdate.Update3COMClassService" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc\ = "GoogleUpdate Update3Web" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\Application\ApplicationIcon = "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe,0" C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\ = "IAppVersion" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods\ = "9" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ = "IAppCommandWeb" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32\ = "\"C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\GoogleUpdateBroker.exe\"" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation\Enabled = "1" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ = "IGoogleUpdate" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine.dll" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ = "IAppCommand2" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\109.0.5414.120_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\109.0.5414.120_chrome_installer.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2204 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\SysWOW64\cmd.exe
PID 2204 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\SysWOW64\cmd.exe
PID 2204 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\SysWOW64\cmd.exe
PID 2204 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\SysWOW64\cmd.exe
PID 2204 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\Logo1_.exe
PID 2204 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\Logo1_.exe
PID 2204 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\Logo1_.exe
PID 2204 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\Logo1_.exe
PID 1744 wrote to memory of 2720 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 1744 wrote to memory of 2720 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 1744 wrote to memory of 2720 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 1744 wrote to memory of 2720 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 2208 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe
PID 2208 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe
PID 2208 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe
PID 2208 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe
PID 2208 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe
PID 2208 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe
PID 2208 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe
PID 2720 wrote to memory of 2708 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2720 wrote to memory of 2708 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2720 wrote to memory of 2708 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2720 wrote to memory of 2708 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2576 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe
PID 2576 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe
PID 2576 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe
PID 2576 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe
PID 2576 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe
PID 2576 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe
PID 2576 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe
PID 2960 wrote to memory of 1000 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 1000 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 1000 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 1000 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 1000 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 1000 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 1000 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 2320 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 2320 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 2320 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 2320 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 2320 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 2320 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 2320 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2320 wrote to memory of 1548 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 2320 wrote to memory of 1548 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 2320 wrote to memory of 1548 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 2320 wrote to memory of 1548 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 2320 wrote to memory of 880 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 2320 wrote to memory of 880 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 2320 wrote to memory of 880 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 2320 wrote to memory of 880 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 2320 wrote to memory of 2196 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 2320 wrote to memory of 2196 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 2320 wrote to memory of 2196 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 2320 wrote to memory of 2196 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 2960 wrote to memory of 1520 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 1520 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 1520 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 1520 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 1520 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 1520 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 1520 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2960 wrote to memory of 2352 N/A C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe

"C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\$$aE24.bat

C:\Windows\Logo1_.exe

C:\Windows\Logo1_.exe

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe

"C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={8AAD12A4-65DE-0917-DBE6-EFF0E6F9079E}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xMzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4xMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEZCRTk2MTgtNkYwRS00REM4LTk0OUUtNzIzQjEwRjkzOTk5fSIgdXNlcmlkPSJ7MUVEOUFFOTYtQUVCMy00NDM5LTgxNTMtNjE2NjVGRTNBODNEfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezEyNDcyMUQ4LTE1ODctNDVGQy04QTA1LUU0OEZERjlDNTAyQX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjE1MSIgbmV4dHZlcnNpb249IjEuMy4zNi4xMzIiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7OEFBRDEyQTQtNjVERS0wOTE3LURCRTYtRUZGMEU2RjkwNzlFfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI3OTYiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={8AAD12A4-65DE-0917-DBE6-EFF0E6F9079E}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{0FBE9618-6F0E-4DC8-949E-723B10F93999}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\109.0.5414.120_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\109.0.5414.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\gui7649.tmp"

C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\gui7649.tmp"

C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140311148,0x140311158,0x140311168

C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{CA714D94-1D96-4558-9B90-25234819BF46}\CR_B721E.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140311148,0x140311158,0x140311168

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xMzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4xMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEZCRTk2MTgtNkYwRS00REM4LTk0OUUtNzIzQjEwRjkzOTk5fSIgdXNlcmlkPSJ7MUVEOUFFOTYtQUVCMy00NDM5LTgxNTMtNjE2NjVGRTNBODNEfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0IwMzg5Mjg5LTI2MjMtNDU4RC1BQTRGLTg4NjZDNUI1M0E1N30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuNTQxNC4xMjAiIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTA3IiBpaWQ9Ins4QUFEMTJBNC02NURFLTA5MTctREJFNi1FRkYwRTZGOTA3OUV9IiBjb2hvcnQ9IjE6MWc4eDoiIGNvaG9ydG5hbWU9IldpbmRvd3MgNyI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9lZGdlZGwubWUuZ3Z0MS5jb20vZWRnZWRsL3JlbGVhc2UyL2Nocm9tZS9jemFvMmhydnBrNXdncXJrejRra3M1cjczNF8xMDkuMC41NDE0LjEyMC8xMDkuMC41NDE0LjEyMF9jaHJvbWVfaW5zdGFsbGVyLmV4ZSIgZG93bmxvYWRlZD0iOTMxMjI2MDAiIHRvdGFsPSI5MzEyMjYwMCIgZG93bmxvYWRfdGltZV9tcz0iMjAwMzEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjMxOTgiIGRvd25sb2FkX3RpbWVfbXM9IjIwNjcwIiBkb3dubG9hZGVkPSI5MzEyMjYwMCIgdG90YWw9IjkzMTIyNjAwIiBpbnN0YWxsX3RpbWVfbXM9IjI3Mjg1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fa6b58,0x7fef5fa6b68,0x7fef5fa6b78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1608 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2108 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2116 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3080 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1092 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1552 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3620 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3740 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3728 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3784 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3804 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4012 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3936 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=736 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=624 --field-trial-handle=1348,i,13573030801402030281,15704962249623168186,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 142.250.187.195:443 update.googleapis.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.187.195:443 update.googleapis.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 142.250.187.195:443 update.googleapis.com udp

Files

memory/2204-0-0x0000000000400000-0x0000000000436000-memory.dmp

memory/2204-17-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aE24.bat

MD5 65820220d25749b58c8340e442a75030
SHA1 0293a8603d1d19a867e94b329b44f89d9e02ab66
SHA256 4602e76c213a907099d56e0e208ea9e115845d0b294b12612998316157172489
SHA512 8e72f67b1e4968b240a8c5e3bde65ce55ecbdc92eead0ec72391b54b2160bcb1fac18bcdc8d99ebd2937007919b7c161f345163fdac4b53de46d40c586b74e4f

C:\Windows\Logo1_.exe

MD5 1dc4c13db0162b1cf771d1680c495035
SHA1 e6e7f77a143720745026bf8361a3c1ff416ea504
SHA256 5a4d5c517dca50a68945268792d76d5326d2947030e67bb0856f73190766e29a
SHA512 c17cfabaa3050aad04dffa28699ebe9d720e1b271ccfc1ab9f6198ead8fec01435a1540c377b358e1b702529ec157fc8857a86eb0ca0272d3b180dcec1fe54b7

memory/2204-12-0x00000000003B0000-0x00000000003E6000-memory.dmp

memory/1744-19-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe.exe

MD5 eaff8391713a5d813e7435593f681289
SHA1 5b92e22a95dfcbc14ca9542540deab986d4d5c2e
SHA256 cb17ed6b06e557853a58772d0d0781061940cc4a54160787664e002cee6e1978
SHA512 2e3adc761ad52b4f8e0f2faa9c04e8e63eb88288f6a90e0473fcf6b0256ee65cd24bdee224e81f7358deb1aa2bd79161710c5ba7066807efd4679bd855828e41

\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdate.exe

MD5 e885bf92c289c674cd32f3e85ab2b922
SHA1 c0a98fd8c74d031f54fda658a1c67d8886b5e076
SHA256 63854e78780866d2ae56a58958a1fda017a71f54b71fe70cf5403958e961862a
SHA512 618d0cb1e6b50716ad877616da547d45099d92c6d00158da0ee2a76cf08f13ee540d365f747a031f0da96b238acc7fc9c0996c8de3feb7753966a9458e5f2512

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdate.dll

MD5 c0afc2fd557628f98ac9b7834ce7d966
SHA1 7ddfcc41f315d807d36dfef3b0217614aadb0151
SHA256 b31ed15eeb3e535d1318a566000adc069b793fd0f19ba9ae18342f7656121596
SHA512 b3a68dc8a2707d247f6224936c629bf162b72a29e50f48d763d151d0aa83d2b95e0e9a6110005f98e40e819fb41535f4c4e90a6ba95c94b4404b7e7eb1f4d4ba

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdateCore.exe

MD5 2c6849cca1783f20415a54ff80bd6a82
SHA1 555691825d70c89152ee00932412a59eb7585ff6
SHA256 eae6d2053a0f4ea3af887c9244770d31cbacab69f165d4ac5fa49b619f0d6bc3
SHA512 a1e66f6260dd2e63f7b2e0cee4b45e35f5d2740e6c2f129b6ba1af88cc9c12a669d76d41a59a7a067ec610b53ddfc56e8beb31659fa79734655510d182bdc075

memory/2960-107-0x00000000001C0000-0x00000000001C1000-memory.dmp

\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_zh-CN.dll

MD5 2ecb7bf53926caaf91035cd73b155d86
SHA1 6131d76190b7647631be855081fde967a6dff2d6
SHA256 bb9ecd7eb6c1b54e9a451b8fcfb7f86b7b0c00964544ef7d520f34e31af48132
SHA512 f1b31c8e0125300b50ad387f3cfedef73ab74c2975b47b89305e1eca55c3d1baec4e753c56ac4f06fa95c529c16a0f8ff7fabb9cfbc231882eb17a58f259cbd5

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleCrashHandler.exe

MD5 b6b844cba41f7c190a001941a9a34e9a
SHA1 9496eba9714f323c7e17b61ea536acc6bbbe05ff
SHA256 03e91a5144ab49e6a39df0d920987e718fd36f8d5ca34e243506025e8da1db78
SHA512 4a4a6452234f56221743e0a2ac5efe2f546201b1ca3e97fe5bf3b82ef179918f0b0479845225ac4f459c349ac71894295a6bc0efa1e57da3d9c9267d265e725e

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleCrashHandler64.exe

MD5 71e73162f75ef1c1094f8e8ac5e9bed3
SHA1 083bccb889e8a01cabe52941dfeb8bf51e560c70
SHA256 2ae4d76b2037bf4ea615e92c7064272c93fc6a5cd649a95502234f6f32b9b151
SHA512 6e05aa298723a52d27f3897c8332d6c3e3c4651fe0a1cbd55e6034810556162f0c3d07056f276577925de647a5ba847846d203c3b230f9fcfd012b03e15ba295

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\GoogleUpdateComRegisterShell64.exe

MD5 54fdef34ec0349a9c8ee543cafa25109
SHA1 2b0c0ae0a7ef0ea23d5d9e0c3406cf5df969d50e
SHA256 974ec719d34ac9af4d37681a8a6dfeb24f3dd136b2681be09dbc86afb6d9f616
SHA512 02a381991259df41a15f2cd49e906fa926a5d979913596f8d606aa652a500ec3316d6dd7b35d836307081b1dc5344b352de92e6bd6f2f2c882764f3f976cb561

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_bn.dll

MD5 949aae7ecde2e0d1ec1e78e925dd86ad
SHA1 7836d5c2f0b22b22a2c3c03f3b88eb93577da660
SHA256 adc617b5e3e647355e47006d5b9a130341323c1345fadd25ee880bba89eb95d3
SHA512 2e89840a58c9109799846514474d09808e6c7c0bab3e09dfa0fcaaca74c966225e31586be3e47fbf04a1000fa5f0ded58915183b94ad2e3c11e3632dac31f510

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_ca.dll

MD5 a6bf27ef56da45d41cccd66490addf04
SHA1 c6f29f1c0ef1f34d96a6339cb77ee6e54fae7c90
SHA256 83898433d55d80a230b260af4f746621124c35d2a9814339372de47a57cf6619
SHA512 5379586153249969e2edb0b95cac883cb98646264d20d7e837ee96b46b9cc6f54925e1518bde07ac3052edb8ba7bf48f9cb1dbdf6fa1d6855ea181fa32e06579

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_bg.dll

MD5 db8908b6627859104bfca1e777743b25
SHA1 c8f25b474747183c7d453616e82c0cbee299b5f2
SHA256 bb6569ad79623eed5f042982c2fe2808d8a9cd2b85b98d9bd0a0cf8999c31eba
SHA512 435f779820588cb885fcbf6aefd2dda37eccd569856a144621417aa8a8ea577ef0a11d4cc708af7cb2cfafe897c75d8e247de0fad6f0ea8e87e00c11b36a1519

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_ar.dll

MD5 7129735aa717dae6a2dab0574e31ceff
SHA1 7851be57ed9f76de24ec2a9264352679fcf9ff8c
SHA256 f4a1a5b7749bafd84927ae0a281db0eee2e2a1ce9cd77ca08165f8bc587cc3b3
SHA512 cadf0a4c93798139ad7a5e95b12411a927d5cc78980389aa94be7a86b6d61e6c64f807bcfe2a494a02e9ef242cc4515566c004acf8fa5d6c33685171e87a6e32

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_am.dll

MD5 3d047b2327fdc1490d35de702cabfd87
SHA1 7e95b34cdd0e778c5f8e99a719084d6058752647
SHA256 dd0e5047fe6036f3fbea9d04c7563afdb31bd88e42f19879d75299c685c08dd5
SHA512 bb0103fe46fa005d4b979b0304f6c4df225427d4d5ead92c3ed6deb36feae26429664a2a6d4ac046db9ff3387dade1f9ef757f3e26b9a392663f99e920ff1837

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_cs.dll

MD5 5613fbf25517fbed703346cfcb5c9c4d
SHA1 0ff5e78e51217c7234c2c03047ef0431272132bf
SHA256 dff5216c302bd82c514e053f0a7091b315b98229c9a7c67bd37a41a9a825798e
SHA512 c150adf69b458ff174594ba1e994d90f16a6d2371a69eddf56ab9f1ce3ddd3e3a46ed23301c299bb4b20b641bfb326f945cab55c54c758f851c98c957626675f

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_da.dll

MD5 de1a987c14f42ff6635643465fa2c60b
SHA1 efc5b757c1076991bb8c3fa9b5eba30146a94c37
SHA256 c768ff1ccfece2edfd19ca3c90f67a32e061cc153987d3865cc1146587b1cb26
SHA512 bbd258b319786752d8ad4cc285f211f2ad269e8282c9442dcdd658d16cf0f60905d921ccd10c568705974195ac45f0a1e8fc23d9f52b73a6b5e9404ce205d7a5

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_de.dll

MD5 35e401fe16fcb9c81aff7bf56becac57
SHA1 b23eb49d5dc11265b86d74c7eb93b76d5de23fc7
SHA256 5267fbbfb123d5603cbbb60f2d00a0d446dd5885a1e5f032887a49a8a3da08f1
SHA512 7f84d08778a83f32cad5b297ea559cc05cb6b52ae0e72c660e9d0ac8bdf903b797333953f8fc9aff63f997ba35bbb2012b2551e83b85ce985eb3503e30ba54bb

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_el.dll

MD5 9dddfb7ca127c2d1e61a6ca4961e9c0a
SHA1 ab0255abc59d74e02fd6fde7f5f0893fa8e7045e
SHA256 be8800221c1ffa7c0a28bbd2042bdd14bfcb8536f8ffab569b07a8c80f8252bb
SHA512 981cf8ead9ea81bdbf70d2556d1843ebb49a5f3b2278d680b264b5f0b83cc50caa351325e4ab62af758e6a8ca41474d4f54355df84c796ca1dd3c6cd689067cc

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_en.dll

MD5 2d042e395936029bce585828ebfdbb7f
SHA1 f329cd1fd339a3bae7aa296c7c9059ed106c5146
SHA256 22b51dc5d66d1487b5371353253ec26a6cb99c5425e800d06e670b4321e52472
SHA512 f08617418537c031653f3a675cddc1a7d422301a6d639381766f8eb80efc1be92ec3c35f0e5e12aadb6fa7daa4bd854004253ac8bf2960d0a32a68c7e59bfda9

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_es.dll

MD5 452eef818bfc9cfb0b25c8fcbfc87aab
SHA1 7a6bda3d78588b8bf979fa231fcf3ddf21c972ee
SHA256 113def0d64b16936e317fe1cd64d8e76c6b0d3aa2dcf510c69205b733d6edba5
SHA512 8115b59eee3acfd80ce51546af65dfb150f6ce355b0aa09c93a48774e6d97e3f6c69e34e06ccd829a60095f11681b24a8ad0bd14062f50cdda85b0540721f514

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_en-GB.dll

MD5 cebb69519acdc7dd799eed5c196c6c82
SHA1 cbb2d6717df5a48526968e7e269d4825cbda3257
SHA256 8ac7bc668a8e1c317e9f84796b4df2f804d6ad47a60f8759f54990bf243e6981
SHA512 e57f9a568d32e7fad73a7ad43bbcf1afb44361e894f1b336c0251ad21c4de09f6c1d61ef3b09334dab664c32b47f8a5c921053cbcb72ee4f3281f747c2a139ea

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_et.dll

MD5 3734e667b7ac97726ff4e77b30eb47ea
SHA1 13e223c19933dda3d13db6aaac23a93dd0854082
SHA256 1687cc0d1b9948221fa2d005dc6aeacbc730dd5f79073118318578eeceeb0a11
SHA512 e2d41c8c7bc9ba30df30ae2805a0189a901c1c05c423622099e6fdca10a5b26d7271715dd51389afeb3732d7a052d30a8bdec0b1cdcf84b01ce2b485c435a81a

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_es-419.dll

MD5 154e315c8210c0b4a0c33a03c1f2c0f7
SHA1 c432d540d85bc8995bbc80f2ae748e22abe8ddcc
SHA256 d6ef58c4f99d160dcb0690e17fc53c4cbba9584995b5c787efd7d5a03f461856
SHA512 47e84f07baddeb1ef91f84f9ff0c02872b749dfcfe293fb994edc35cdf74d44235c1c75cc31e1c638ed9d9b251abf41cf9f159b8ebe844708f183f15b04e19ec

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_fa.dll

MD5 49a43c647de8381f1ec6aa7fdec9e40b
SHA1 3573dd447925707b7ab4f7dc20aa167e055d4c7d
SHA256 107940a04c9392143b9693437832b60413e496f3a4152568001e370ff5c63b6a
SHA512 c2b3c3378223d4b14dc47b9e08077cde1d631ed0a4ea1b2bdb8d056d3537b8802c2c1e7f78cf8afbf388e947a22c5e797a582fb2c3489feca491c180374fbec7

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_hr.dll

MD5 e47b4a862dddc6fa892bff0fd3e6c6a0
SHA1 dea727187788b56e621fac92721f22f35616977b
SHA256 bab75e543851c62d9f7b1c71cdaecd2aadc1bb7c6769f8341db817f2616c6b68
SHA512 8dff1d00924dcd3395179a5f531ef8005b6eb3a6e577abc4204f3c41a234f8c19de76e87786934138efa996d188469bfe89c30b2a03a00979ae99275286654da

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_hu.dll

MD5 36f712250df4a20e5a28ab54354608a4
SHA1 2057995d379d70b8ecd1d9b93197383f99edacae
SHA256 e7005ab9665440218bd456e0512c0c7f6bdee837724a6ff28848df22baa83ae7
SHA512 7fa014767238a0f490c56e75bfe27a64078479d490a4f95dfb3292236d3d6eba67e39564b2dcf4e44850c7222db530d846fb0503eca4e659bb57c627da6233ea

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_hi.dll

MD5 1af755c765cdadb74de6f4b546588720
SHA1 8508af996cbe21b630095ff1afff0763b9030836
SHA256 bc4d28cf08cb49c6a96f11e837b862c2570b8feae40a320979fef4689292f262
SHA512 b8aaa9b789b54a07ece1e410f50e36c35943d85dda6baabb0b99ef4ce50f18db5aca61fff6ec0acc78af0f56598104f99109ae32c93bd79911c66a5d1cd8fd54

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_gu.dll

MD5 b261ca243143132113962d060983c600
SHA1 342b514ddb1566ac8d89d432b1e607536828bf85
SHA256 b3111f3e780a788bb10232408a7a13bd16304cd99d6be5b2415798827f70003a
SHA512 9491446f975f9ac27dd97f3459a9d463b62805440461c241ed27af0957ff0974325d58a61189bec60f626b8d3dc93caf3ae4e776e696bc92b4d6208bacbdbcd3

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_fr.dll

MD5 3769c44cc293a7894c7014b2cceb8578
SHA1 d9bc63916a2d96e5c0ba2cf3e533aecc6463270c
SHA256 484b8c7997926aa611bf15665f6a3482b35d5a99d91493cc822ef90d70719ba5
SHA512 dd135d5e6f4af7e46233bf41e743ef25802a41f92f7fdd36da680f1edda0941ac53aaca276a38f3ec34f7b47f706d15f26e21c613d09b2a823a4bbd0d7ab60aa

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_id.dll

MD5 9ddf346af7105078f3c5f6ca15b062d6
SHA1 890727a3efb6c1752b060b12a78811bdb05c8429
SHA256 3d125804addff9eb36b7fb9afeacdf7866fc2120b8e35f06aaf0bd5f98e8dfa5
SHA512 d82f6bc3c532a7b61839c5a038414d9c16195cd4d0ff9a69b31bcb3afdebc24f13be53cecf931957bbf1dd3d879b15ad70375096f4bc2bbfcd62e938ae730d3b

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_fil.dll

MD5 b1c8a5d0e251ad0f88c33ac82daaee6c
SHA1 c575c763de138d96550fd7022ee8bf737c528e3e
SHA256 48e3f78b12fd65fbfa64344c86c0aaf84b3f1bbeaea4bbe71c35fc8ebef9cff2
SHA512 4ab68b42d485c3d301ffd787e320dc6efb5b41d17e58e0f8cd76a02038512785b9af7599e029839218dc41abb1d5e5f4f922364edca3d691ea4f7f1b544c433e

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_fi.dll

MD5 0cea0902425885aa28ce33941ac5ba86
SHA1 f7075b25ed4acb54863af75f2847461840b538c0
SHA256 7b398f815cbc97a0c2182356a860f58a929beae897423fb2c918f0f6f19348b5
SHA512 2c5aff3d2a6125888158e560ae85c56c4ca2d908bcdfc3df4dbeb353c01be8606aa563044a4e19a8971e197fdb1aaa03d04e4d4bc9fa525d6cc6f012eb02c028

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_is.dll

MD5 5c79ef8f4467dbfcf0161c384677f2dc
SHA1 4e31e1ac60c85c01f622166682550c615c240f99
SHA256 b7ebd5f63c0268b423a37ed5606be4c5a98ac7b79c3b2c7a908e7758736ac486
SHA512 5a6015f3428c3952aaf87b16a1b6bb344f42f155304172078f05cb862f386e371140ccd14798646e69ce80d8cf432888aa0d2f69245f9f33affea16cef3c3bfa

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_ja.dll

MD5 2d8aa5109d9c85ef618b58869f178253
SHA1 7d339a31f10438cd48edfaec408c56b22a72ae88
SHA256 2c50b3a69a2aeab774a6b9f3b394d928ae2bf9b77b89912ef2a7f8c3864b5e43
SHA512 1d5a0e11929c88520ab5d21465229c2e47a63c22965df4d3759f62032b5b3d1769d55ad414d040ce037a89e86f02d47b1234827822fed94ff55255b5571182e1

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_iw.dll

MD5 2312d6b5e536f90691fd56d9552370fb
SHA1 af2485771bbec5305d4928821d1b7b0695760ec1
SHA256 cc985b473bb9984124d28b2d8f12b95b01ea82df9abcad99d45f0da8b38d7383
SHA512 217bfbdb3e601866f820bc0bc1bef6449475848be0754ac9ce15473082892aaef64e918b3bd7ccbb423aa09ad5884247a96f75e679a425f6d33d8b3747d63797

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_it.dll

MD5 e1835371ee49dddcb6898b2a8015c1c4
SHA1 2dc11fe158cabbddaad18fe5c90a90cf02cb8468
SHA256 e7f301cb7c6deb08aaafd289d4b669cb55e5979cc7703fe28e044ca7d41c40d1
SHA512 57240774fc9dfe57ac58888de8ea80699a2e0b628c01ea371e0deba3564ad40a16a0c76dafb7cc6a1658117edd48e25cff8e2241a893c28717634e2ddf56951e

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_kn.dll

MD5 8fbede52d1f0fa0b60bdc5848195e305
SHA1 ec8afc7ca1d065b9a1347a4b6e13afaca7297bea
SHA256 f874b0a857cb1942ff026ba0ed5fac59de972febd5132cc79dc43c556351c970
SHA512 66fba1aa39a63d3555b83fc981ffc3dac2448f5d611c1ab08663b4f873ed6724ff9a14cffab15c30d5d1936c400166022c90fb31a42a048b6f8f71d73f4999d6

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_ml.dll

MD5 299876173bd1d287810f2b228676b2d2
SHA1 8869960af433f7834cc52856beb4477fe4934ea0
SHA256 4ccd80bba3e5c68ff394233d1888ae0be69bc6530c8c86a397ec88778644f678
SHA512 463b5b3cc1bcea025c57bdf333d155c8883c113820b712355e937c2fa3aebcc8066a7e567244590c897009b7af13da9e33fe7fa7cc8daa04a77cd8b42530a757

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_mr.dll

MD5 e0036f65e81f061474f5b02b8a5d0cbc
SHA1 b123e7b261a6c76d857dd6ff8a42079c3c82e00e
SHA256 9b21202d5d8f5040f096b66fcb4485bc0767b75f3d62bcc8fa4a2d215a049562
SHA512 1b0a473c3413f6bf226a6ecfee3b7961bfcbf7b1a8c05aea164a3aa3c989d78cea920bbb7abd3e9317985adda9b7fe7d76fc091853f2810ac676e08eb9669209

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_lv.dll

MD5 0a9b66838b78c6495747bd0771faf528
SHA1 5f20b60dd6bfc66a33f5c548a4c2d4ca3a9c523c
SHA256 4e23c5bb7ee2729b7a3900c8893c63e25b578962e481e06479d11071704c3935
SHA512 3fd7c467098d0151aa46516d246fc5b49b088ed326eca75324dfcdfd92a414374c41b1f47a790fc9289d48b6b156faa2f4c232f8170738a14ddd221580d07fcc

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_lt.dll

MD5 ef4a6970622f9aec0d07878506f53428
SHA1 431a38893d85cb56da24b04edb84cb9d8a2db562
SHA256 1e3567d589f9065c07f23568d72484129369b312000fcad39b3c396a16ca4a79
SHA512 bce29c943b1a98c78fd7da729498efeeb10c0e6b73790c8bc9c0bd7203818268ac1639c9022a462b3b2904fadbed26f44e9995fbc7887a9ee2784091ef15a5c1

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_ko.dll

MD5 521b303acba2fdc8f4188577b96bc30a
SHA1 c7bea12d9c28c6fa5c5949f23a9c20a9f5f2f70e
SHA256 2488aef59063829972e7b5bcee9ca191807e89adc594fcacd8ae6007470ffaa6
SHA512 6de536de414ec2a5d68323dd77c2d6c0cd5b8c8503c94f9eca0a89f68f04892b374ab047686fe96a2ca8c9ced7da8c83d5a7ba2a793642529e28ee75cc37a048

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_no.dll

MD5 4de9242fd0e24bf965b3b55484d66d8a
SHA1 f946444d5bda76fd758e5bfce49cffbe01def0f2
SHA256 a9b7e5d5bb1e4d9a177996f460fe2d27b0d165257d761581b803c975f5d70d88
SHA512 41d3f12f4c14a12a571038ce40f84ff8df212b2168db6240e733336ef4aad55bb60ad5b90189a25a61de6bf7cede104ea11fd3aac7db720db36af1557bb88b1d

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_nl.dll

MD5 77eea5029625fbf5ea4e7935c258018f
SHA1 cfcd17ec9547220cfcb49bf3987286b87583579b
SHA256 755a1bf1e8dd39927feafaba7cb9f0986f426904e8549b24fea7c14e2aa1d744
SHA512 a0284682936584996ab8e301f2db960062b55ff0fa0bf07f5d0bd43965bd19ac118741bce34e145d771fa16476ad537b00f1846c250215338662e2d54e2764ea

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_ms.dll

MD5 9be02e84c8a2d7276e235bb9beb98269
SHA1 fec638bc9f0fe1c39bd98b4693a2e02a505db81e
SHA256 cb6c561e082a14da36c4dd918b21fa8fffec89d9a9ca0f0ebf4d52ab0a6ac043
SHA512 52702e02609e3afba1c1776db09540226beb7c72487adf4ec6a286883103d2dfdf8ea0ea282c7f2502b4f1ef548567d696d6130e5fd4612bea7a24456bb0c9dc

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_pl.dll

MD5 a3af28940d85e5e8471953d5fc0711bc
SHA1 a9ab4ba000b0a48340d87c287ab1dd330ec6ade7
SHA256 2abefeda97eb2c572415ccba1b62a76a6526e25a2156dd7a9c20fa3c9228ed4e
SHA512 49e210b0c6ea267610eaee6410281072f4ac34038959349f8341ad095b6da733f854e3a8bee23e3172b738da0970ee2f77ecc7b421980b1ee89918b7326de5cf

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_pt-BR.dll

MD5 ada7f4da7f765305cf374a3a671cde1b
SHA1 1a64312059ebc84d62c4c3350881bd2cdde3d582
SHA256 62debb832e3f44455c9f99befbe9246ebe5e7d9eefab19a2192f7d2cc39198e8
SHA512 c613cacca9a7854bac82fec7d7383825420af0ad87287c34ccc9b0b9f8a34c4205019f30e8de151098857a64fb98a6285a123613377d44c76adf04578c6f9e51

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_pt-PT.dll

MD5 7fd5dd5778d37d82205c5040ca70a2d5
SHA1 a3e945242159d23db2b7288086d041e50195e542
SHA256 4b20441e4f8b23981e98469b5c9f85d7739ad65c111e20478be10dc0670abfe1
SHA512 b613fef1623c02c75632903cd11a668f15551fd3caa66495e242f4a92346527f04f09bad6135cfc2b8e69af285a97d1b9c7d189ee9e913cbbd3cc0e9eb2b7989

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_ro.dll

MD5 2711b56ecd2a6fcc85df51514797d6e6
SHA1 ab6026a8150f94968f096f7909a828e7fdf6cfdc
SHA256 952ecac650a4a8072b481d5e7a298140058defe6fa7148e8b2a9025c624987bc
SHA512 2bd567b3b6ebf2506f8e23ed778a00ed762ed03701dc5e1559662ad1480f3c70624083ae1586768a1843053df9428cb352c6607b2ae4da6e19a63bc9c977cc00

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_ru.dll

MD5 1f3a5baae2ef7cc12019890a025bb2e8
SHA1 c4c788f9aa2dafb35f596edaea2f106779e996a4
SHA256 ead8fd54f91c7f0cfaf3ce972f2a90550320cb9e8bc380ba8e938d527cfbe169
SHA512 3102ed0b9913a4f9d4aa5ff1a0ba2539b64355aca6f4ea152f88ad69bf9f02105f08c82c1a065d95757ecfca6ec8ab06b14a34044907fa452d54d781624d5f42

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_sv.dll

MD5 2fa6a257ea8e99c8fc998f7b5b59fb23
SHA1 a27f23f1fafc8eb7e24957d0f24634bf0aabbde4
SHA256 4e789d125fc64baf4c91ff794a0e940c1669b2198148bca2f6e99038efda7463
SHA512 30b6ba4f3fa2a88a9ebb38e40109e32c5fd2c7b1d3c42d001f734f06ebfb6fc88dd7c0b7b5a0e15a53dd324ee4e500e3dbe931f497d7fc1176d253883f759fa1

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_sr.dll

MD5 4779a26f70a514b696c10e8321e61e52
SHA1 033a5b32fe1e4c387c3aca3e851cbcd853bedc92
SHA256 2ad574c16dd25d7ba856d6174f127c29c195a831694e1b9a21a2ce11ab4a8074
SHA512 9208c2ad791ffa77a4b3eb39f0718bf435f7cb0e85fe1459660514d5c8324bf355548101cebd0d38779890e8ba0906f36fd12b8d90a249da48d0d0983b63ce24

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_sl.dll

MD5 52daafc6ff6d922e762d65c6442fa5be
SHA1 0c1db525653c6c49f676700630ce307cd216d0f6
SHA256 d4223c3182a8ecdb02f3ed4b6aeeaf055aed0e88dbed7aa3739aa7863a24147c
SHA512 f478539bb842f1eb60b4742e65ca189b643727a1ddf07a759a58ef9a4e5966b255080f29ca0da41a3df78cc5c0b2e2953e270afbe70a1bfb3a5e61b61bb84a79

C:\Program Files (x86)\Google\Temp\GUMEFE.tmp\goopdateres_sk.dll

MD5 33db6a23eafa0b38a5807da2818f14ea
SHA1 86417b60a3dbc32231d56dc1f0d9e1964c5f3798
SHA256 913570f399ea5c271ab23c72cc5d2599d9e922147307ec66aa9ee52e9eefcdd8
SHA512 24076302aa44ee53b5963aade954102dc682cf871af3ee99ef56672c9ea14cfa87830e0ec93ae64fc53e80c9c1309e4350212a27488de712f1c394b4451f308a

memory/1208-304-0x00000000031B0000-0x00000000031B1000-memory.dmp

memory/1744-308-0x0000000000400000-0x0000000000436000-memory.dmp

F:\$RECYCLE.BIN\S-1-5-21-2248906074-2862704502-246302768-1000\_desktop.ini

MD5 02e4d47cbb9cf2affe1a6d96af753a42
SHA1 fe76259bc3376a8aa287867933c6bfd7fdae1944
SHA256 8079d35a07b892f00cdffeed754377382353a6e5870c06c02dc8dbaf809d291a
SHA512 cc47f23bb8b014458285ee912566350c0d09c49d9e40666790694b4d4d7961abbf7adcf9d54e78571a3b97d27a05c58f3db3fdaaa3f4221130a248ed780a1746

memory/1744-315-0x0000000000400000-0x0000000000436000-memory.dmp

memory/2960-316-0x00000000001C0000-0x00000000001C1000-memory.dmp

C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\setup.exe

MD5 b42b8ac29ee0a9c3401ac4e7e186282d
SHA1 69dfb1dd33cf845a1358d862eebc4affe7b51223
SHA256 19545e8376807bce8a430c37cab9731e85052103f769dd60a5da3d93ca68c6ec
SHA512 b5269e7392e77a0fa850049ff61e271c5aab90d546945b17a65cc2ea6420432ae56321e1e39cfd97ccdb3dfc37ddbd6ff77907f5685cc2323b8635c8cdb4a84f

memory/1744-363-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Temp\scoped_dir2104_1041890290\83bc49f7-21b6-4c0d-8cda-a45cc8756ee8.tmp

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/1744-637-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 60cf2ea82a88d7c13b35d190b505134e
SHA1 f9406203881b623968a7dd5dd8466233b6cbb967
SHA256 4548e1f0603bfe0cbe0160c7a67c484ec61cce48d51723fd925da458d9a66d1d
SHA512 4b713a3954c118622d04fc470a395114818516e98bbd35d63fb339056610b767c250bb75f2e4f072f872eef53d6e27b806d1664b133fb92d7b563b103eb1abda

memory/1744-670-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b0fcb9ff68b2b1eb0645e1ffa5547032
SHA1 84c2208ec84aa53f801d2d5f1b3c649c13eefeed
SHA256 3343032043300ea0cb7c2f20e1c3b1956de1ed61ec7ba0b9b6ef2608a309a0c2
SHA512 82a7e6724c9bb0b6142d2ba4572115f85cff637aff5f2196dacb97aabb0f0e583792a5d53d4fed9221678f09ef6dd93aa1925fe83bf9f95555dda47ad3b16077

memory/1744-2430-0x0000000000400000-0x0000000000436000-memory.dmp

memory/1744-2620-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6d51187a9ecfd1d84c28a20ad5c98045
SHA1 665957a3bc9f68692ac2d1c8018828f900749b82
SHA256 47480bfcceae086b2157de42c9f632c269da66580515ae63e4b5a9d526b801c5
SHA512 e5cff2c36282f8c88cc72816b5865a55a91012a0a96140850e61c8dd0df13fdacc1f3ba2259b4163b19142e142ca288471faa1fc2d73eca4d4707f52d8467917

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7378d1e386bbfa20fb9799d7fd060875
SHA1 c848e19d4045baf4edead6980ebc02e8002cbb24
SHA256 9de0c1978369520d4d851feca9182d55698c1fea987352c48f1952ef967583ff
SHA512 03cf9f6729d653b7731fb889407870966c5a1d3e23f0cc032e1861deab544d17a972690f42f4b0323947478a46e0e13fc9ed55da3cb6fd9d1c64c291f924fdee

memory/1744-3919-0x0000000000400000-0x0000000000436000-memory.dmp

C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

MD5 17e5de36cf448d652adab881a4557ec2
SHA1 c45337444120f4cc4a9a65b2bee63cd61618ca2a
SHA256 32568fb07078e0d4e77efac9ad862454dba63de5c5f920d9a14de709372f2430
SHA512 22678c9ca2d70d9a3377d1f2c6c91d7649adcaccee564acdf1bd6373e60f13f6e21fc09feed5b590475889996287961a1450542741ef0888a4a0b5e9c9812b92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 af205fbe8550b5ca9d69244b27d706c2
SHA1 12d4a92e53a8c01260aeeef534ae67a996627f4b
SHA256 05599fccb8a75518cbacfdf33790cae33352342efbaf027029e6c5a457f1d1f7
SHA512 3562c7c692b081d3944824bcecc4d805516f8735edcc057686abbdbd15fca786716ec6e0abd3c60ff3b78a5e45104802efbc8ccd0e8295d09efd7a3c3650a424

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 07:35

Reported

2024-06-01 07:38

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

C:\Windows\Explorer.EXE

Signatures

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\125.0.6422.142\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\125.0.6422.142_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\125.0.6422.142\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ = "\"C:\\Program Files\\Google\\Chrome\\Application\\125.0.6422.142\\notification_helper.exe\"" C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\INPROCSERVER32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ServerExecutable = "C:\\Program Files\\Google\\Chrome\\Application\\125.0.6422.142\\notification_helper.exe" C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\INPROCSERVER32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Z: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\V: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\R: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\J: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\H: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Y: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\W: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\U: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\S: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Q: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\K: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\E: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\L: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\G: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\X: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\T: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\P: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\O: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\N: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\M: C:\Windows\Logo1_.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-gb\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\zh-tw\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ro-ro\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\it-it\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ja-jp\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\zh-tw\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Light\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-ae\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Configuration\Registration\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\MSBuild\Microsoft\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\root\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\fr-FR\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\he-il\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fi-FI\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nl-nl\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sl-sl\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\uk-ua\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\hr-hr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fi-fi\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\MSBuild\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\cs-cz\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\he-il\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\tr-tr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-tw\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pt-br\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jre8\lib\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-sl\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nl-nl\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-ma\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\uz\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\_desktop.ini C:\Windows\Logo1_.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rundl132.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe N/A
File opened for modification C:\Windows\rundl132.exe C:\Windows\Logo1_.exe N/A
File created C:\Windows\vDll.dll C:\Windows\Logo1_.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19 C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617009933658508" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey C:\Windows\system32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachine\CLSID\ = "{521FDB42-7130-4806-822A-FC5163FAD983}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\LOCALSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ = "IProcessLauncher" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods\ = "13" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\NumMethods\ = "17" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\ELEVATION C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds\ChromeHTML C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0\ = "Update3COMClass" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ = "Google Update Core Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ProgID\ = "GoogleUpdate.Update3WebMachine.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods\ = "11" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ = "IAppWeb" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VersionIndependentProgID\ = "GoogleUpdate.Update3WebMachineFallback" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ = "IApp2" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachine.1.0\CLSID\ = "{521FDB42-7130-4806-822A-FC5163FAD983}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ = "IApp2" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\ChromeHTML C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods\ = "24" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods\ = "8" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\win32 C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods\ = "8" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LOCALSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe\AppID = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ = "IProcessLauncher2" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\GoogleUpdateOnDemand.exe\"" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\ = "Google Update Broker Class Factory" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\125.0.6422.142_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\125.0.6422.142_chrome_installer.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5112 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\SysWOW64\cmd.exe
PID 5112 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\SysWOW64\cmd.exe
PID 5112 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\SysWOW64\cmd.exe
PID 5112 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\Logo1_.exe
PID 5112 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\Logo1_.exe
PID 5112 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Windows\Logo1_.exe
PID 2432 wrote to memory of 836 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 2432 wrote to memory of 836 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 2432 wrote to memory of 836 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 836 wrote to memory of 3220 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 836 wrote to memory of 3220 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 836 wrote to memory of 3220 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2188 wrote to memory of 3448 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe
PID 2188 wrote to memory of 3448 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe
PID 2188 wrote to memory of 3448 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe
PID 3448 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe
PID 3448 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe
PID 3448 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe
PID 1300 wrote to memory of 4472 N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1300 wrote to memory of 4472 N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1300 wrote to memory of 4472 N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1300 wrote to memory of 4652 N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1300 wrote to memory of 4652 N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1300 wrote to memory of 4652 N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4652 wrote to memory of 2152 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 4652 wrote to memory of 2152 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 4652 wrote to memory of 4560 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 4652 wrote to memory of 4560 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 4652 wrote to memory of 4640 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 4652 wrote to memory of 4640 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 1300 wrote to memory of 5112 N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1300 wrote to memory of 5112 N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1300 wrote to memory of 5112 N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1300 wrote to memory of 4428 N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1300 wrote to memory of 4428 N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1300 wrote to memory of 4428 N/A C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2432 wrote to memory of 3352 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 2432 wrote to memory of 3352 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 1308 wrote to memory of 3804 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\125.0.6422.142_chrome_installer.exe
PID 1308 wrote to memory of 3804 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\125.0.6422.142_chrome_installer.exe
PID 3804 wrote to memory of 4444 N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\125.0.6422.142_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe
PID 3804 wrote to memory of 4444 N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\125.0.6422.142_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe
PID 4444 wrote to memory of 2212 N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe
PID 4444 wrote to memory of 2212 N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe
PID 4444 wrote to memory of 1912 N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe
PID 4444 wrote to memory of 1912 N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe
PID 1912 wrote to memory of 2280 N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe
PID 1912 wrote to memory of 2280 N/A C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe
PID 1308 wrote to memory of 3980 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
PID 1308 wrote to memory of 3980 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
PID 1308 wrote to memory of 3980 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
PID 1308 wrote to memory of 2136 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
PID 1308 wrote to memory of 2136 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
PID 1308 wrote to memory of 2880 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1308 wrote to memory of 2880 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1308 wrote to memory of 2880 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3112 wrote to memory of 3712 N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3112 wrote to memory of 3712 N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3112 wrote to memory of 3712 N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3712 wrote to memory of 4980 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 4980 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4980 wrote to memory of 3012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4980 wrote to memory of 3012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4980 wrote to memory of 4460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe

"C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a494D.bat

C:\Windows\Logo1_.exe

C:\Windows\Logo1_.exe

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe

"C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe"

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={8AAD12A4-65DE-0917-DBE6-EFF0E6F9079E}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xMzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4xMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTNBNEM4NUEtREYyRi00RUUwLUE3MDUtNzI2MTkxQzQ2NkIwfSIgdXNlcmlkPSJ7M0NDMEY4QzEtMDhCQy00MjQ5LUIyRjktQjc2MEJGNTRGNUMxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezdGRjY3Qjg3LTBERDItNEQwMy05NzgwLTI3NkFDNTA5ODEyNn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjE1MSIgbmV4dHZlcnNpb249IjEuMy4zNi4xMzIiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7OEFBRDEyQTQtNjVERS0wOTE3LURCRTYtRUZGMEU2RjkwNzlFfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI3NTAiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={8AAD12A4-65DE-0917-DBE6-EFF0E6F9079E}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{A3A4C85A-DF2F-4EE0-A705-726191C466B0}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\125.0.6422.142_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\125.0.6422.142_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\gui9182.tmp"

C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\gui9182.tmp"

C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.142 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff791112698,0x7ff7911126a4,0x7ff7911126b0

C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{2D4E7D6B-166C-496C-8462-23FD5F862539}\CR_4FE32.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.142 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff791112698,0x7ff7911126a4,0x7ff7911126b0

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xMzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4xMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTNBNEM4NUEtREYyRi00RUUwLUE3MDUtNzI2MTkxQzQ2NkIwfSIgdXNlcmlkPSJ7M0NDMEY4QzEtMDhCQy00MjQ5LUIyRjktQjc2MEJGNTRGNUMxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezM5NEZERUQ1LUY1RjItNDcxQS1BQjE1LUFEODJBQjhFMDlFQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI1LjAuNjQyMi4xNDIiIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMjMiIGlpZD0iezhBQUQxMkE0LTY1REUtMDkxNy1EQkU2LUVGRjBFNkY5MDc5RX0iIGNvaG9ydD0iMTpndS9pMTk6IiBjb2hvcnRuYW1lPSJTdGFibGUgSW5zdGFsbHMgJmFtcDsgVmVyc2lvbiBQaW5zIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL2VkZ2VkbC5tZS5ndnQxLmNvbS9lZGdlZGwvcmVsZWFzZTIvY2hyb21lL2tka3phanFsdTRmc3VrcjR4ZDRlcDJnb29hXzEyNS4wLjY0MjIuMTQyLzEyNS4wLjY0MjIuMTQyX2Nocm9tZV9pbnN0YWxsZXIuZXhlIiBkb3dubG9hZGVkPSIxMTMwNTQ3NjgiIHRvdGFsPSIxMTMwNTQ3NjgiIGRvd25sb2FkX3RpbWVfbXM9IjkwMzIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjI4MSIgZG93bmxvYWRfdGltZV9tcz0iMTAxMDkiIGRvd25sb2FkZWQ9IjExMzA1NDc2OCIgdG90YWw9IjExMzA1NDc2OCIgaW5zdGFsbF90aW1lX21zPSIyOTIwMyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.142 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffeca391c70,0x7ffeca391c7c,0x7ffeca391c88

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2176,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2260,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=2220 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=3164 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=4476 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4768,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files\Google\Chrome\Application\125.0.6422.142\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\125.0.6422.142\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3696,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=3680 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3692,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=5020 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5052,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=5156 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=208,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=5552 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=5628,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=5648 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=728,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5768,i,10141845576194530238,16928627941954578261,262144 --variations-seed-version=20240507-180133.206000 --mojo-platform-channel-handle=5280 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 142.250.187.195:443 update.googleapis.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
GB 142.250.187.195:443 update.googleapis.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 142.250.187.195:443 update.googleapis.com udp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp

Files

memory/5112-0-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Windows\Logo1_.exe

MD5 1dc4c13db0162b1cf771d1680c495035
SHA1 e6e7f77a143720745026bf8361a3c1ff416ea504
SHA256 5a4d5c517dca50a68945268792d76d5326d2947030e67bb0856f73190766e29a
SHA512 c17cfabaa3050aad04dffa28699ebe9d720e1b271ccfc1ab9f6198ead8fec01435a1540c377b358e1b702529ec157fc8857a86eb0ca0272d3b180dcec1fe54b7

memory/2432-13-0x0000000000400000-0x0000000000436000-memory.dmp

memory/5112-10-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a494D.bat

MD5 344d25dc94419f7a81b55d2243467cb3
SHA1 9b899714598ca492e881f2816541aa05d871aac1
SHA256 cbc82d9849acc583089f3dd0b892d61e999846f9a01a4af8347911275af1184f
SHA512 55424689dd26a7ed8d1dd190de61c4b4986426d5cc3cb96c302ccc967177de27dd6655071e98909dc0a005f0a694b7b50637030089d9b57b4770225110f8f15b

C:\Users\Admin\AppData\Local\Temp\c325080b3a7ebbdf167fe2d5a816dd972c6e7bcb93ba9261ef2c1a7b0841fdac.exe.exe

MD5 eaff8391713a5d813e7435593f681289
SHA1 5b92e22a95dfcbc14ca9542540deab986d4d5c2e
SHA256 cb17ed6b06e557853a58772d0d0781061940cc4a54160787664e002cee6e1978
SHA512 2e3adc761ad52b4f8e0f2faa9c04e8e63eb88288f6a90e0473fcf6b0256ee65cd24bdee224e81f7358deb1aa2bd79161710c5ba7066807efd4679bd855828e41

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdate.exe

MD5 e885bf92c289c674cd32f3e85ab2b922
SHA1 c0a98fd8c74d031f54fda658a1c67d8886b5e076
SHA256 63854e78780866d2ae56a58958a1fda017a71f54b71fe70cf5403958e961862a
SHA512 618d0cb1e6b50716ad877616da547d45099d92c6d00158da0ee2a76cf08f13ee540d365f747a031f0da96b238acc7fc9c0996c8de3feb7753966a9458e5f2512

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdate.dll

MD5 c0afc2fd557628f98ac9b7834ce7d966
SHA1 7ddfcc41f315d807d36dfef3b0217614aadb0151
SHA256 b31ed15eeb3e535d1318a566000adc069b793fd0f19ba9ae18342f7656121596
SHA512 b3a68dc8a2707d247f6224936c629bf162b72a29e50f48d763d151d0aa83d2b95e0e9a6110005f98e40e819fb41535f4c4e90a6ba95c94b4404b7e7eb1f4d4ba

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_zh-CN.dll

MD5 2ecb7bf53926caaf91035cd73b155d86
SHA1 6131d76190b7647631be855081fde967a6dff2d6
SHA256 bb9ecd7eb6c1b54e9a451b8fcfb7f86b7b0c00964544ef7d520f34e31af48132
SHA512 f1b31c8e0125300b50ad387f3cfedef73ab74c2975b47b89305e1eca55c3d1baec4e753c56ac4f06fa95c529c16a0f8ff7fabb9cfbc231882eb17a58f259cbd5

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdateCore.exe

MD5 2c6849cca1783f20415a54ff80bd6a82
SHA1 555691825d70c89152ee00932412a59eb7585ff6
SHA256 eae6d2053a0f4ea3af887c9244770d31cbacab69f165d4ac5fa49b619f0d6bc3
SHA512 a1e66f6260dd2e63f7b2e0cee4b45e35f5d2740e6c2f129b6ba1af88cc9c12a669d76d41a59a7a067ec610b53ddfc56e8beb31659fa79734655510d182bdc075

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleCrashHandler.exe

MD5 b6b844cba41f7c190a001941a9a34e9a
SHA1 9496eba9714f323c7e17b61ea536acc6bbbe05ff
SHA256 03e91a5144ab49e6a39df0d920987e718fd36f8d5ca34e243506025e8da1db78
SHA512 4a4a6452234f56221743e0a2ac5efe2f546201b1ca3e97fe5bf3b82ef179918f0b0479845225ac4f459c349ac71894295a6bc0efa1e57da3d9c9267d265e725e

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleCrashHandler64.exe

MD5 71e73162f75ef1c1094f8e8ac5e9bed3
SHA1 083bccb889e8a01cabe52941dfeb8bf51e560c70
SHA256 2ae4d76b2037bf4ea615e92c7064272c93fc6a5cd649a95502234f6f32b9b151
SHA512 6e05aa298723a52d27f3897c8332d6c3e3c4651fe0a1cbd55e6034810556162f0c3d07056f276577925de647a5ba847846d203c3b230f9fcfd012b03e15ba295

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_ar.dll

MD5 7129735aa717dae6a2dab0574e31ceff
SHA1 7851be57ed9f76de24ec2a9264352679fcf9ff8c
SHA256 f4a1a5b7749bafd84927ae0a281db0eee2e2a1ce9cd77ca08165f8bc587cc3b3
SHA512 cadf0a4c93798139ad7a5e95b12411a927d5cc78980389aa94be7a86b6d61e6c64f807bcfe2a494a02e9ef242cc4515566c004acf8fa5d6c33685171e87a6e32

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_bg.dll

MD5 db8908b6627859104bfca1e777743b25
SHA1 c8f25b474747183c7d453616e82c0cbee299b5f2
SHA256 bb6569ad79623eed5f042982c2fe2808d8a9cd2b85b98d9bd0a0cf8999c31eba
SHA512 435f779820588cb885fcbf6aefd2dda37eccd569856a144621417aa8a8ea577ef0a11d4cc708af7cb2cfafe897c75d8e247de0fad6f0ea8e87e00c11b36a1519

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_de.dll

MD5 35e401fe16fcb9c81aff7bf56becac57
SHA1 b23eb49d5dc11265b86d74c7eb93b76d5de23fc7
SHA256 5267fbbfb123d5603cbbb60f2d00a0d446dd5885a1e5f032887a49a8a3da08f1
SHA512 7f84d08778a83f32cad5b297ea559cc05cb6b52ae0e72c660e9d0ac8bdf903b797333953f8fc9aff63f997ba35bbb2012b2551e83b85ce985eb3503e30ba54bb

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_fa.dll

MD5 49a43c647de8381f1ec6aa7fdec9e40b
SHA1 3573dd447925707b7ab4f7dc20aa167e055d4c7d
SHA256 107940a04c9392143b9693437832b60413e496f3a4152568001e370ff5c63b6a
SHA512 c2b3c3378223d4b14dc47b9e08077cde1d631ed0a4ea1b2bdb8d056d3537b8802c2c1e7f78cf8afbf388e947a22c5e797a582fb2c3489feca491c180374fbec7

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_hu.dll

MD5 36f712250df4a20e5a28ab54354608a4
SHA1 2057995d379d70b8ecd1d9b93197383f99edacae
SHA256 e7005ab9665440218bd456e0512c0c7f6bdee837724a6ff28848df22baa83ae7
SHA512 7fa014767238a0f490c56e75bfe27a64078479d490a4f95dfb3292236d3d6eba67e39564b2dcf4e44850c7222db530d846fb0503eca4e659bb57c627da6233ea

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_lv.dll

MD5 0a9b66838b78c6495747bd0771faf528
SHA1 5f20b60dd6bfc66a33f5c548a4c2d4ca3a9c523c
SHA256 4e23c5bb7ee2729b7a3900c8893c63e25b578962e481e06479d11071704c3935
SHA512 3fd7c467098d0151aa46516d246fc5b49b088ed326eca75324dfcdfd92a414374c41b1f47a790fc9289d48b6b156faa2f4c232f8170738a14ddd221580d07fcc

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_th.dll

MD5 e969e95952657ebb7e1ab1920fa4dab4
SHA1 6d45bfb33ee2e908f258c9a54eae502d10df9f33
SHA256 fe5a2cf08240957d1ad339bf8954ca9af8c92de008670ef453790093e4c2289e
SHA512 673d3c7c794370c074db4f5055b826e0f89c89aed4f354dd2d34521eff6985e621b000de60716256734ae5d6716ffa74de16d6bed9236d3a8b4811d4761b2900

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_te.dll

MD5 e90726fdb00ae01f27ed42f7586fdde4
SHA1 95d7eca60b09a4b7d64e0e097dac4184ed8f4c23
SHA256 3f28a7afc7bae974cec6fa7711c18a5240d700a6c16549b8a0ff58380a9383f2
SHA512 b165dd4842dd58fb26ec856bc30cd3a367402a0b0cdbd0290179d237de0e541da488aabc94606aaaff4f16d9a2f3af5b6f973587eeb1f1a52a06155474c028f9

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_ta.dll

MD5 927975947073f145daf62ca70648ee96
SHA1 0d89303305c7736f1781da67aa69a6a224d45480
SHA256 9989fac81fe341ca2331c43c3486f0f54629990a829c2a34d18ef6177ef1c156
SHA512 5ab5f5f87b2b6a94190ee683089adc09f59506802cd17e1967c3f9ae2665448f61c06477de389aed96e316b13af74ffb626c94fae0eecf12f40ccdb331a99334

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_sw.dll

MD5 28ad86ac9dcf32d3f94a7753ed60ef03
SHA1 205d5f1d404cef9a5a1ca4c849fc69463b78ce05
SHA256 a31235a4ae88911304d50eb1b1a0ad9e86509213e8725e60324a601401a91108
SHA512 c37ea9c1a29718acb7c07e6b9e0a85c5ce55a2de4fa0525322ece9061e8d6f2f878b603a8320b430400f0b28736781eafbabeec62b5ad50078a2e0838c1e9f43

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_sv.dll

MD5 2fa6a257ea8e99c8fc998f7b5b59fb23
SHA1 a27f23f1fafc8eb7e24957d0f24634bf0aabbde4
SHA256 4e789d125fc64baf4c91ff794a0e940c1669b2198148bca2f6e99038efda7463
SHA512 30b6ba4f3fa2a88a9ebb38e40109e32c5fd2c7b1d3c42d001f734f06ebfb6fc88dd7c0b7b5a0e15a53dd324ee4e500e3dbe931f497d7fc1176d253883f759fa1

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_sr.dll

MD5 4779a26f70a514b696c10e8321e61e52
SHA1 033a5b32fe1e4c387c3aca3e851cbcd853bedc92
SHA256 2ad574c16dd25d7ba856d6174f127c29c195a831694e1b9a21a2ce11ab4a8074
SHA512 9208c2ad791ffa77a4b3eb39f0718bf435f7cb0e85fe1459660514d5c8324bf355548101cebd0d38779890e8ba0906f36fd12b8d90a249da48d0d0983b63ce24

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_sl.dll

MD5 52daafc6ff6d922e762d65c6442fa5be
SHA1 0c1db525653c6c49f676700630ce307cd216d0f6
SHA256 d4223c3182a8ecdb02f3ed4b6aeeaf055aed0e88dbed7aa3739aa7863a24147c
SHA512 f478539bb842f1eb60b4742e65ca189b643727a1ddf07a759a58ef9a4e5966b255080f29ca0da41a3df78cc5c0b2e2953e270afbe70a1bfb3a5e61b61bb84a79

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_sk.dll

MD5 33db6a23eafa0b38a5807da2818f14ea
SHA1 86417b60a3dbc32231d56dc1f0d9e1964c5f3798
SHA256 913570f399ea5c271ab23c72cc5d2599d9e922147307ec66aa9ee52e9eefcdd8
SHA512 24076302aa44ee53b5963aade954102dc682cf871af3ee99ef56672c9ea14cfa87830e0ec93ae64fc53e80c9c1309e4350212a27488de712f1c394b4451f308a

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_ru.dll

MD5 1f3a5baae2ef7cc12019890a025bb2e8
SHA1 c4c788f9aa2dafb35f596edaea2f106779e996a4
SHA256 ead8fd54f91c7f0cfaf3ce972f2a90550320cb9e8bc380ba8e938d527cfbe169
SHA512 3102ed0b9913a4f9d4aa5ff1a0ba2539b64355aca6f4ea152f88ad69bf9f02105f08c82c1a065d95757ecfca6ec8ab06b14a34044907fa452d54d781624d5f42

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_ro.dll

MD5 2711b56ecd2a6fcc85df51514797d6e6
SHA1 ab6026a8150f94968f096f7909a828e7fdf6cfdc
SHA256 952ecac650a4a8072b481d5e7a298140058defe6fa7148e8b2a9025c624987bc
SHA512 2bd567b3b6ebf2506f8e23ed778a00ed762ed03701dc5e1559662ad1480f3c70624083ae1586768a1843053df9428cb352c6607b2ae4da6e19a63bc9c977cc00

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_pt-PT.dll

MD5 7fd5dd5778d37d82205c5040ca70a2d5
SHA1 a3e945242159d23db2b7288086d041e50195e542
SHA256 4b20441e4f8b23981e98469b5c9f85d7739ad65c111e20478be10dc0670abfe1
SHA512 b613fef1623c02c75632903cd11a668f15551fd3caa66495e242f4a92346527f04f09bad6135cfc2b8e69af285a97d1b9c7d189ee9e913cbbd3cc0e9eb2b7989

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_pt-BR.dll

MD5 ada7f4da7f765305cf374a3a671cde1b
SHA1 1a64312059ebc84d62c4c3350881bd2cdde3d582
SHA256 62debb832e3f44455c9f99befbe9246ebe5e7d9eefab19a2192f7d2cc39198e8
SHA512 c613cacca9a7854bac82fec7d7383825420af0ad87287c34ccc9b0b9f8a34c4205019f30e8de151098857a64fb98a6285a123613377d44c76adf04578c6f9e51

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_pl.dll

MD5 a3af28940d85e5e8471953d5fc0711bc
SHA1 a9ab4ba000b0a48340d87c287ab1dd330ec6ade7
SHA256 2abefeda97eb2c572415ccba1b62a76a6526e25a2156dd7a9c20fa3c9228ed4e
SHA512 49e210b0c6ea267610eaee6410281072f4ac34038959349f8341ad095b6da733f854e3a8bee23e3172b738da0970ee2f77ecc7b421980b1ee89918b7326de5cf

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_no.dll

MD5 4de9242fd0e24bf965b3b55484d66d8a
SHA1 f946444d5bda76fd758e5bfce49cffbe01def0f2
SHA256 a9b7e5d5bb1e4d9a177996f460fe2d27b0d165257d761581b803c975f5d70d88
SHA512 41d3f12f4c14a12a571038ce40f84ff8df212b2168db6240e733336ef4aad55bb60ad5b90189a25a61de6bf7cede104ea11fd3aac7db720db36af1557bb88b1d

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_nl.dll

MD5 77eea5029625fbf5ea4e7935c258018f
SHA1 cfcd17ec9547220cfcb49bf3987286b87583579b
SHA256 755a1bf1e8dd39927feafaba7cb9f0986f426904e8549b24fea7c14e2aa1d744
SHA512 a0284682936584996ab8e301f2db960062b55ff0fa0bf07f5d0bd43965bd19ac118741bce34e145d771fa16476ad537b00f1846c250215338662e2d54e2764ea

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_ms.dll

MD5 9be02e84c8a2d7276e235bb9beb98269
SHA1 fec638bc9f0fe1c39bd98b4693a2e02a505db81e
SHA256 cb6c561e082a14da36c4dd918b21fa8fffec89d9a9ca0f0ebf4d52ab0a6ac043
SHA512 52702e02609e3afba1c1776db09540226beb7c72487adf4ec6a286883103d2dfdf8ea0ea282c7f2502b4f1ef548567d696d6130e5fd4612bea7a24456bb0c9dc

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_mr.dll

MD5 e0036f65e81f061474f5b02b8a5d0cbc
SHA1 b123e7b261a6c76d857dd6ff8a42079c3c82e00e
SHA256 9b21202d5d8f5040f096b66fcb4485bc0767b75f3d62bcc8fa4a2d215a049562
SHA512 1b0a473c3413f6bf226a6ecfee3b7961bfcbf7b1a8c05aea164a3aa3c989d78cea920bbb7abd3e9317985adda9b7fe7d76fc091853f2810ac676e08eb9669209

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_ml.dll

MD5 299876173bd1d287810f2b228676b2d2
SHA1 8869960af433f7834cc52856beb4477fe4934ea0
SHA256 4ccd80bba3e5c68ff394233d1888ae0be69bc6530c8c86a397ec88778644f678
SHA512 463b5b3cc1bcea025c57bdf333d155c8883c113820b712355e937c2fa3aebcc8066a7e567244590c897009b7af13da9e33fe7fa7cc8daa04a77cd8b42530a757

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_lt.dll

MD5 ef4a6970622f9aec0d07878506f53428
SHA1 431a38893d85cb56da24b04edb84cb9d8a2db562
SHA256 1e3567d589f9065c07f23568d72484129369b312000fcad39b3c396a16ca4a79
SHA512 bce29c943b1a98c78fd7da729498efeeb10c0e6b73790c8bc9c0bd7203818268ac1639c9022a462b3b2904fadbed26f44e9995fbc7887a9ee2784091ef15a5c1

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_ko.dll

MD5 521b303acba2fdc8f4188577b96bc30a
SHA1 c7bea12d9c28c6fa5c5949f23a9c20a9f5f2f70e
SHA256 2488aef59063829972e7b5bcee9ca191807e89adc594fcacd8ae6007470ffaa6
SHA512 6de536de414ec2a5d68323dd77c2d6c0cd5b8c8503c94f9eca0a89f68f04892b374ab047686fe96a2ca8c9ced7da8c83d5a7ba2a793642529e28ee75cc37a048

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_kn.dll

MD5 8fbede52d1f0fa0b60bdc5848195e305
SHA1 ec8afc7ca1d065b9a1347a4b6e13afaca7297bea
SHA256 f874b0a857cb1942ff026ba0ed5fac59de972febd5132cc79dc43c556351c970
SHA512 66fba1aa39a63d3555b83fc981ffc3dac2448f5d611c1ab08663b4f873ed6724ff9a14cffab15c30d5d1936c400166022c90fb31a42a048b6f8f71d73f4999d6

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_ja.dll

MD5 2d8aa5109d9c85ef618b58869f178253
SHA1 7d339a31f10438cd48edfaec408c56b22a72ae88
SHA256 2c50b3a69a2aeab774a6b9f3b394d928ae2bf9b77b89912ef2a7f8c3864b5e43
SHA512 1d5a0e11929c88520ab5d21465229c2e47a63c22965df4d3759f62032b5b3d1769d55ad414d040ce037a89e86f02d47b1234827822fed94ff55255b5571182e1

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_iw.dll

MD5 2312d6b5e536f90691fd56d9552370fb
SHA1 af2485771bbec5305d4928821d1b7b0695760ec1
SHA256 cc985b473bb9984124d28b2d8f12b95b01ea82df9abcad99d45f0da8b38d7383
SHA512 217bfbdb3e601866f820bc0bc1bef6449475848be0754ac9ce15473082892aaef64e918b3bd7ccbb423aa09ad5884247a96f75e679a425f6d33d8b3747d63797

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_it.dll

MD5 e1835371ee49dddcb6898b2a8015c1c4
SHA1 2dc11fe158cabbddaad18fe5c90a90cf02cb8468
SHA256 e7f301cb7c6deb08aaafd289d4b669cb55e5979cc7703fe28e044ca7d41c40d1
SHA512 57240774fc9dfe57ac58888de8ea80699a2e0b628c01ea371e0deba3564ad40a16a0c76dafb7cc6a1658117edd48e25cff8e2241a893c28717634e2ddf56951e

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_is.dll

MD5 5c79ef8f4467dbfcf0161c384677f2dc
SHA1 4e31e1ac60c85c01f622166682550c615c240f99
SHA256 b7ebd5f63c0268b423a37ed5606be4c5a98ac7b79c3b2c7a908e7758736ac486
SHA512 5a6015f3428c3952aaf87b16a1b6bb344f42f155304172078f05cb862f386e371140ccd14798646e69ce80d8cf432888aa0d2f69245f9f33affea16cef3c3bfa

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_id.dll

MD5 9ddf346af7105078f3c5f6ca15b062d6
SHA1 890727a3efb6c1752b060b12a78811bdb05c8429
SHA256 3d125804addff9eb36b7fb9afeacdf7866fc2120b8e35f06aaf0bd5f98e8dfa5
SHA512 d82f6bc3c532a7b61839c5a038414d9c16195cd4d0ff9a69b31bcb3afdebc24f13be53cecf931957bbf1dd3d879b15ad70375096f4bc2bbfcd62e938ae730d3b

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_hr.dll

MD5 e47b4a862dddc6fa892bff0fd3e6c6a0
SHA1 dea727187788b56e621fac92721f22f35616977b
SHA256 bab75e543851c62d9f7b1c71cdaecd2aadc1bb7c6769f8341db817f2616c6b68
SHA512 8dff1d00924dcd3395179a5f531ef8005b6eb3a6e577abc4204f3c41a234f8c19de76e87786934138efa996d188469bfe89c30b2a03a00979ae99275286654da

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_hi.dll

MD5 1af755c765cdadb74de6f4b546588720
SHA1 8508af996cbe21b630095ff1afff0763b9030836
SHA256 bc4d28cf08cb49c6a96f11e837b862c2570b8feae40a320979fef4689292f262
SHA512 b8aaa9b789b54a07ece1e410f50e36c35943d85dda6baabb0b99ef4ce50f18db5aca61fff6ec0acc78af0f56598104f99109ae32c93bd79911c66a5d1cd8fd54

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_gu.dll

MD5 b261ca243143132113962d060983c600
SHA1 342b514ddb1566ac8d89d432b1e607536828bf85
SHA256 b3111f3e780a788bb10232408a7a13bd16304cd99d6be5b2415798827f70003a
SHA512 9491446f975f9ac27dd97f3459a9d463b62805440461c241ed27af0957ff0974325d58a61189bec60f626b8d3dc93caf3ae4e776e696bc92b4d6208bacbdbcd3

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_fr.dll

MD5 3769c44cc293a7894c7014b2cceb8578
SHA1 d9bc63916a2d96e5c0ba2cf3e533aecc6463270c
SHA256 484b8c7997926aa611bf15665f6a3482b35d5a99d91493cc822ef90d70719ba5
SHA512 dd135d5e6f4af7e46233bf41e743ef25802a41f92f7fdd36da680f1edda0941ac53aaca276a38f3ec34f7b47f706d15f26e21c613d09b2a823a4bbd0d7ab60aa

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_fil.dll

MD5 b1c8a5d0e251ad0f88c33ac82daaee6c
SHA1 c575c763de138d96550fd7022ee8bf737c528e3e
SHA256 48e3f78b12fd65fbfa64344c86c0aaf84b3f1bbeaea4bbe71c35fc8ebef9cff2
SHA512 4ab68b42d485c3d301ffd787e320dc6efb5b41d17e58e0f8cd76a02038512785b9af7599e029839218dc41abb1d5e5f4f922364edca3d691ea4f7f1b544c433e

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_fi.dll

MD5 0cea0902425885aa28ce33941ac5ba86
SHA1 f7075b25ed4acb54863af75f2847461840b538c0
SHA256 7b398f815cbc97a0c2182356a860f58a929beae897423fb2c918f0f6f19348b5
SHA512 2c5aff3d2a6125888158e560ae85c56c4ca2d908bcdfc3df4dbeb353c01be8606aa563044a4e19a8971e197fdb1aaa03d04e4d4bc9fa525d6cc6f012eb02c028

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_et.dll

MD5 3734e667b7ac97726ff4e77b30eb47ea
SHA1 13e223c19933dda3d13db6aaac23a93dd0854082
SHA256 1687cc0d1b9948221fa2d005dc6aeacbc730dd5f79073118318578eeceeb0a11
SHA512 e2d41c8c7bc9ba30df30ae2805a0189a901c1c05c423622099e6fdca10a5b26d7271715dd51389afeb3732d7a052d30a8bdec0b1cdcf84b01ce2b485c435a81a

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_es-419.dll

MD5 154e315c8210c0b4a0c33a03c1f2c0f7
SHA1 c432d540d85bc8995bbc80f2ae748e22abe8ddcc
SHA256 d6ef58c4f99d160dcb0690e17fc53c4cbba9584995b5c787efd7d5a03f461856
SHA512 47e84f07baddeb1ef91f84f9ff0c02872b749dfcfe293fb994edc35cdf74d44235c1c75cc31e1c638ed9d9b251abf41cf9f159b8ebe844708f183f15b04e19ec

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_es.dll

MD5 452eef818bfc9cfb0b25c8fcbfc87aab
SHA1 7a6bda3d78588b8bf979fa231fcf3ddf21c972ee
SHA256 113def0d64b16936e317fe1cd64d8e76c6b0d3aa2dcf510c69205b733d6edba5
SHA512 8115b59eee3acfd80ce51546af65dfb150f6ce355b0aa09c93a48774e6d97e3f6c69e34e06ccd829a60095f11681b24a8ad0bd14062f50cdda85b0540721f514

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_en-GB.dll

MD5 cebb69519acdc7dd799eed5c196c6c82
SHA1 cbb2d6717df5a48526968e7e269d4825cbda3257
SHA256 8ac7bc668a8e1c317e9f84796b4df2f804d6ad47a60f8759f54990bf243e6981
SHA512 e57f9a568d32e7fad73a7ad43bbcf1afb44361e894f1b336c0251ad21c4de09f6c1d61ef3b09334dab664c32b47f8a5c921053cbcb72ee4f3281f747c2a139ea

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_en.dll

MD5 2d042e395936029bce585828ebfdbb7f
SHA1 f329cd1fd339a3bae7aa296c7c9059ed106c5146
SHA256 22b51dc5d66d1487b5371353253ec26a6cb99c5425e800d06e670b4321e52472
SHA512 f08617418537c031653f3a675cddc1a7d422301a6d639381766f8eb80efc1be92ec3c35f0e5e12aadb6fa7daa4bd854004253ac8bf2960d0a32a68c7e59bfda9

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_el.dll

MD5 9dddfb7ca127c2d1e61a6ca4961e9c0a
SHA1 ab0255abc59d74e02fd6fde7f5f0893fa8e7045e
SHA256 be8800221c1ffa7c0a28bbd2042bdd14bfcb8536f8ffab569b07a8c80f8252bb
SHA512 981cf8ead9ea81bdbf70d2556d1843ebb49a5f3b2278d680b264b5f0b83cc50caa351325e4ab62af758e6a8ca41474d4f54355df84c796ca1dd3c6cd689067cc

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_da.dll

MD5 de1a987c14f42ff6635643465fa2c60b
SHA1 efc5b757c1076991bb8c3fa9b5eba30146a94c37
SHA256 c768ff1ccfece2edfd19ca3c90f67a32e061cc153987d3865cc1146587b1cb26
SHA512 bbd258b319786752d8ad4cc285f211f2ad269e8282c9442dcdd658d16cf0f60905d921ccd10c568705974195ac45f0a1e8fc23d9f52b73a6b5e9404ce205d7a5

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_cs.dll

MD5 5613fbf25517fbed703346cfcb5c9c4d
SHA1 0ff5e78e51217c7234c2c03047ef0431272132bf
SHA256 dff5216c302bd82c514e053f0a7091b315b98229c9a7c67bd37a41a9a825798e
SHA512 c150adf69b458ff174594ba1e994d90f16a6d2371a69eddf56ab9f1ce3ddd3e3a46ed23301c299bb4b20b641bfb326f945cab55c54c758f851c98c957626675f

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_ca.dll

MD5 a6bf27ef56da45d41cccd66490addf04
SHA1 c6f29f1c0ef1f34d96a6339cb77ee6e54fae7c90
SHA256 83898433d55d80a230b260af4f746621124c35d2a9814339372de47a57cf6619
SHA512 5379586153249969e2edb0b95cac883cb98646264d20d7e837ee96b46b9cc6f54925e1518bde07ac3052edb8ba7bf48f9cb1dbdf6fa1d6855ea181fa32e06579

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_bn.dll

MD5 949aae7ecde2e0d1ec1e78e925dd86ad
SHA1 7836d5c2f0b22b22a2c3c03f3b88eb93577da660
SHA256 adc617b5e3e647355e47006d5b9a130341323c1345fadd25ee880bba89eb95d3
SHA512 2e89840a58c9109799846514474d09808e6c7c0bab3e09dfa0fcaaca74c966225e31586be3e47fbf04a1000fa5f0ded58915183b94ad2e3c11e3632dac31f510

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\goopdateres_am.dll

MD5 3d047b2327fdc1490d35de702cabfd87
SHA1 7e95b34cdd0e778c5f8e99a719084d6058752647
SHA256 dd0e5047fe6036f3fbea9d04c7563afdb31bd88e42f19879d75299c685c08dd5
SHA512 bb0103fe46fa005d4b979b0304f6c4df225427d4d5ead92c3ed6deb36feae26429664a2a6d4ac046db9ff3387dade1f9ef757f3e26b9a392663f99e920ff1837

C:\Program Files (x86)\Google\Temp\GUM4AD4.tmp\GoogleUpdateComRegisterShell64.exe

MD5 54fdef34ec0349a9c8ee543cafa25109
SHA1 2b0c0ae0a7ef0ea23d5d9e0c3406cf5df969d50e
SHA256 974ec719d34ac9af4d37681a8a6dfeb24f3dd136b2681be09dbc86afb6d9f616
SHA512 02a381991259df41a15f2cd49e906fa926a5d979913596f8d606aa652a500ec3316d6dd7b35d836307081b1dc5344b352de92e6bd6f2f2c882764f3f976cb561

memory/2432-303-0x0000000000400000-0x0000000000436000-memory.dmp

F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\_desktop.ini

MD5 02e4d47cbb9cf2affe1a6d96af753a42
SHA1 fe76259bc3376a8aa287867933c6bfd7fdae1944
SHA256 8079d35a07b892f00cdffeed754377382353a6e5870c06c02dc8dbaf809d291a
SHA512 cc47f23bb8b014458285ee912566350c0d09c49d9e40666790694b4d4d7961abbf7adcf9d54e78571a3b97d27a05c58f3db3fdaaa3f4221130a248ed780a1746

memory/2432-332-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Program Files\Google\Chrome\Application\125.0.6422.142\Installer\setup.exe

MD5 782b0870300882f2977bed8dd60130dc
SHA1 7d081e093c8b1ab6a35e0afdf7fa265dccd7bd3c
SHA256 997e3f4f45950f00532b7cb8b3d9f4a5305a4dfee3bbc426de7b5ebf82774be8
SHA512 149d4fab0e8d110e477f38995d792f401ea4c66894d33488d6249a7b83137b9f08341ed77a3e1f755be034448c0caa8018e6d19572085d0a648c0e538664440d

memory/2432-357-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d3f16907a86e3cc98e01d9757ad7edcd
SHA1 f60b1d5e898d57ba840a78106627d77efdbf7fe9
SHA256 a6a26338e35da8c3267f6f5c1ac3807de0ef996f432a366d79f73b5363feb918
SHA512 58cc66c7ebc4ced6b9a98b7335289a40c8440626f5a701039a6ff4cb7d85ea2f057f2682729b56535aa4d660b6aac4e784d0a5323073f774a8b52e391b2a21d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 066c5e223d98f1dfc98b6ab9d7c8e78c
SHA1 6896bb4e51e030481e22005841d09d4ded411a96
SHA256 a439f2765dcca8afd8321e102ce676f496c2a994f25528abe2077c1de38d7289
SHA512 b88b2272389ba6fea5ad3f329fbc9ca6f44997820b47cc1260f8ad558d0379b2c44862195cdf23841895509d350836fce7ad2d5ec8546314f4c319a954fe8bde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f7c97b1f673995a547fca8c6b7723497
SHA1 a0b185ed5d71620458963b453c8eda35b01f5de0
SHA256 9c58ec167c85f10b711a61abe3611cc76b26b99c34c401afc7739eeaa174ffd2
SHA512 7358ded7e53a2e893a4e0c160c3a55b3f4a1c73ea46ab655f57afd54536b460b27e20cff99b5b4cb2378c9669804fdd358bfeadb6e80f86beb13eb44ba87870e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6a4581dc59c356913a32615eba75942
SHA1 4db1493ad0716830af0e0ca45baedd371c0211bf
SHA256 2efb184ab3388eea4bb8ff8743d0d037b8fb32716c6ef1a13439a4c0f694ef5f
SHA512 80e996947bee04deb6d4d42de6c1d7de62e0600a4b41f701a827b4295378292eebf0074367e6e2cf9d9701a4df2d80bed2f2bb7b8318c56c0d3eaad9df24b38a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 515608f383ea180274bbfbcdad547094
SHA1 4ad599329d3450d4e0636e49b462c0f0537d6551
SHA256 168bc56005fb13b9c85e94c8c3ee54a2388c3228e1b4fabe5738e8e013b051ff
SHA512 827c18f471086590ed4af8da0bc487fe82ae2bffdacf96bcc635c6a6eafe222d2cb71619186448532e265b108393639d7b31bbcbad13b152006e0509db68d81a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e2ca3f74b665a9068d56acc9e468b5e3
SHA1 aa3dcc57351caa7f642f29cd0555798807d92885
SHA256 e4e9420781120f0ef63dc51c46eaaeeaf364cfd0970eb65e66362253f8685ede
SHA512 aff486f1f07a0f410ad6c311f69b0a6814af35859591da53621b4e0ea862c39bed6196674628642c8a974757fc3401e54076e77d22f72e7bab2c1c42660d2e0c

memory/2432-478-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Program Files\7-Zip\7z.exe

MD5 891389c676b4300e3c3cb47c6b1de505
SHA1 d7c9ea05f4368f587a07a4aab311463f1df0a065
SHA256 72d25e33c9f4d3b0649f0131b5166f8abbd29c8cdded983e157305175eeab5c7
SHA512 ac9ed5b9ee73951f981a9d111ffd708e1ab8eefc8f409b83764e1ccb4eb98fdb3da52d3b533a24d2b2a1ad22a365e9d0f2fe092e9451aedd677416bac28e1cb5

memory/2432-804-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 830f74ee2a95d2d5e1e97ec8281dad2f
SHA1 ee0c1ea0dd287a6008198d1412b842b4031be050
SHA256 6c9de7e24c46042976615b2dbe4154ea0954e494a6e47ba2ebb887ab2bc1b563
SHA512 1ad6a2a6f4c993e58debc42b53b5b87249f8298b8ed2c6194782812c852da6f8cdccd3a9b46f1ea836b26b6cfcdefabaf77850e7f2ccd1b23c307321dd19976a

memory/2432-1699-0x0000000000400000-0x0000000000436000-memory.dmp

memory/2432-5277-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 182883fd4ebbd8d1cec46e7513f3d71f
SHA1 6e2b3475e7ffae5e8abb1a32079a437c451527cf
SHA256 0a992e44f99a0c25eef4a49b75b2afbfdc0d0e1b1c20186e2c6bc646ccfd3edc
SHA512 5d522c92c684cce2985923e9adde3c80d1f9b6a3bff4c881ab12c1164bc7f1ea88656d1f7c6b5fe93ab9483048088dbb67d6125c57613821f9aacb1acc8cb55b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0253425522947da8754839aed2adba2f
SHA1 549803121834070598a8ed6e6a0f500e8bba5682
SHA256 029669c11b6794ea9be75628080649772a7e1145edc33dea01d478f628e6f0cf
SHA512 c0239fcc5833f50d28d9bd833e55f71a6ceadb16a5540ddf4bf90a3908ef26df1e5f812d066787d339087ece553e4ddf419cdc6f1f3280360d70e7efd0cd9035

C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

MD5 cda7714d2ec36fbd5dfd358b3cc885ce
SHA1 410c57ed71630d168738f40cea3ccc65529b0ae1
SHA256 d2c7832ddb52cfbb750dfffae048fd9c6a9cf06a52b7de91a0be255dffadef4e
SHA512 89cc9f52ae02711a9f90f2ba8e6b62c8ac442b967903067e1f3c5c12ff3ca012b62b8af4e4e7c3762b4c3ee255826b509fdb064c0d2861a2c2953a02c4fc1714

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\edbbba72-dc0f-472a-94f5-6af5a6ae5d8f.tmp

MD5 f2a45186d500a8c295c8b6e8526c9302
SHA1 a8c62234b0d2897735037ea6719f1052bcc96fa0
SHA256 195eaa44b91225da23538576a4b61b29bb576c34becd41c5c4e44715b1936548
SHA512 d2cf08338198ec5f286525b6cde80d54c406cbfb341ce0341f62ddfb0fec196ef8223b4e235ed5f495b3973885f4977c2a30a145ce55b589d2a7948a875ea06c

memory/2432-5768-0x0000000000400000-0x0000000000436000-memory.dmp