Malware Analysis Report

2024-09-22 06:32

Sample ID 240617-vqaafa1ckk
Target 17062024_1711_DEMANDA JUDICIAL.REV
SHA256 eab69698803ac7f5d21ac2394c386fd92161f83fc704240a93f51fa78da78155
Tags
asyncrat default rat discovery evasion persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

eab69698803ac7f5d21ac2394c386fd92161f83fc704240a93f51fa78da78155

Threat Level: Known bad

The file 17062024_1711_DEMANDA JUDICIAL.REV was found to be: Known bad.

Malicious Activity Summary

asyncrat default rat discovery evasion persistence spyware stealer trojan

AsyncRat

Reads user/profile data of web browsers

Modifies Installed Components in the registry

Checks whether UAC is enabled

Suspicious use of SetThreadContext

Checks computer location settings

Drops file in System32 directory

Checks system information in the registry

Registers COM server for autorun

Loads dropped DLL

Drops file in Program Files directory

Executes dropped EXE

Checks installed software on the system

Program crash

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious behavior: MapViewOfSection

Modifies registry class

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious behavior: AddClipboardFormatListener

Checks processor information in registry

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-17 17:11

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 17:11

Reported

2024-06-17 17:13

Platform

win10v2004-20240508-en

Max time kernel

143s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe"

Signatures

AsyncRat

rat asyncrat

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1916 set thread context of 1512 N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe C:\Windows\SysWOW64\cmd.exe
PID 1512 set thread context of 2400 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Enumerates physical storage devices

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe

"C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 briana2024.kozow.com udp
US 8.8.8.8:53 briana2024.kozow.com udp
US 8.8.8.8:53 briana2024.kozow.com udp
US 8.8.8.8:53 briana2024.kozow.com udp
US 8.8.8.8:53 briana2024.kozow.com udp
US 8.8.8.8:53 briana2024.kozow.com udp
US 8.8.8.8:53 briana2024.kozow.com udp

Files

memory/1916-0-0x0000000074D50000-0x0000000074ECB000-memory.dmp

memory/1916-1-0x00007FF8CF2F0000-0x00007FF8CF4E5000-memory.dmp

memory/1916-8-0x0000000074D50000-0x0000000074ECB000-memory.dmp

memory/1916-7-0x0000000074D62000-0x0000000074D64000-memory.dmp

memory/1916-9-0x0000000074D50000-0x0000000074ECB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\b7b28bad

MD5 56a089c58ddbf21093103d7403e65b62
SHA1 53371686bd210b59c5a18a4cba89b5415cc11dc9
SHA256 a8914b7cea5818aa0bddbbd898da3f70d6e3ed6ea7b227163bd642cf640693c0
SHA512 6585f9e4f61c31a2ded1e1302f11430861878bbfc660e226a42da92d4167f98ce7ba460144f2f784653c50740d8facbc15424ea658cc5727de249158ed8ac994

memory/1512-11-0x0000000074D50000-0x0000000074ECB000-memory.dmp

memory/1512-13-0x00007FF8CF2F0000-0x00007FF8CF4E5000-memory.dmp

memory/1512-15-0x0000000074D50000-0x0000000074ECB000-memory.dmp

memory/1512-16-0x0000000074D50000-0x0000000074ECB000-memory.dmp

memory/1512-19-0x0000000074D50000-0x0000000074ECB000-memory.dmp

memory/2400-18-0x00000000731E0000-0x0000000074434000-memory.dmp

memory/2400-22-0x000000007451E000-0x000000007451F000-memory.dmp

memory/2400-23-0x0000000000F50000-0x0000000000F66000-memory.dmp

memory/2400-24-0x0000000074510000-0x0000000074CC0000-memory.dmp

memory/2400-25-0x0000000005D20000-0x00000000062C4000-memory.dmp

memory/2400-26-0x0000000005950000-0x00000000059E2000-memory.dmp

memory/2400-27-0x0000000005940000-0x000000000594A000-memory.dmp

memory/2400-28-0x0000000074510000-0x0000000074CC0000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-17 17:11

Reported

2024-06-17 17:13

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

51s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ASUS_WMI.dll",#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3088 wrote to memory of 3688 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3088 wrote to memory of 3688 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3088 wrote to memory of 3688 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ASUS_WMI.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ASUS_WMI.dll",#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3688 -ip 3688

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 564

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3688 -ip 3688

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 832

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-17 17:11

Reported

2024-06-17 17:13

Platform

win7-20240221-en

Max time kernel

118s

Max time network

119s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\AsIO.dll",#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2336 wrote to memory of 2220 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2336 wrote to memory of 2220 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2336 wrote to memory of 2220 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2336 wrote to memory of 2220 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2336 wrote to memory of 2220 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2336 wrote to memory of 2220 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2336 wrote to memory of 2220 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\AsIO.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\AsIO.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-17 17:11

Reported

2024-06-17 17:13

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ChromeSetup.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\126.0.6478.62\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\metadata C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\0f5644a9-70df-4caa-b6a8-8e66af0093cd.tmp C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\manifest.json C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\chrome.7z C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\fil.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\fr.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\pt-BR.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\libEGL.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\metadata C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\settings.dat C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\CHROME.PACKED.7Z C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\126.0.6478.62_chrome_installer.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\126.0.6478.62_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\default_apps\external_extensions.json C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\ms.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\ru.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google636_1076947791\bin\updater.exe C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ChromeSetup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\el.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\fa.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\ml.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\sk.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\sv.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\chrome_proxy.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\libGLESv2.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4824_227905054\crl-set C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\a86204b7-99fc-4c95-b0fc-d74eef0fb774.tmp C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe577b1b.TMP C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\he.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\chrome_elf.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\bn.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\ko.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\eventlog_provider.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\updater.log C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\it.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\ro.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\v8_context_snapshot.bin C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4824_1843077016\LICENSE.txt C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files\Crashpad\settings.dat C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\MEIPreload\manifest.json C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\WidevineCdm\manifest.json C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\vulkan-1.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\5f0c5937-b17c-4eb9-b203-2a8dd63e606c.tmp C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4824_227905054\manifest.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\899ec81a-5fcc-497a-9fce-e4d143490e2b.tmp C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\updater.log C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\prefs.json C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\_metadata\verified_contents.json C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\c7024f09-2e95-4d27-8237-36aa82744894.tmp C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Extensions\external_extensions.json C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\vi.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\VisualElements\SmallLogoDev.png C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4824_1843077016\Filtering Rules C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\metadata C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\fi.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\pl.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\chrome.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\af.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\Locales\hr.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\VisualElements\SmallLogo.png C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1312_1970908590\Chrome-bin\126.0.6478.62\chrome.dll.sig C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4824_1843077016\manifest.fingerprint C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\126.0.6478.62_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\126.0.6478.62\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ = "\"C:\\Program Files\\Google\\Chrome\\Application\\126.0.6478.62\\notification_helper.exe\"" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ServerExecutable = "C:\\Program Files\\Google\\Chrome\\Application\\126.0.6478.62\\notification_helper.exe" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Google\Chrome\InstallerPinned = "0" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19 C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Google\Chrome C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Google C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631179206768788" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography C:\Windows\system32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\127.0.6490.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544} C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\ProxyStubClsid32 C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{34527502-D3DB-4205-A69B-789B27EE0414}\1.0\0\win32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{05A30352-EB25-45B6-8449-BCA7B0542CE5} C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{7AA668AD-44C9-562C-B3B0-104376A71AFE}\LocalService = "GoogleUpdaterInternalService127.0.6490.0" C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\AppID = "{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{6430040A-5EBD-4E63-A56F-C71D5990F827}\1.0 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{27634814-8E41-4C35-8577-980134A96544} C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{4DC034A8-4BFC-4D43-9250-914163356BB0}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B4168B26-4DAC-5948-8F80-84C2235AD469}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4} C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8} C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalService = "GoogleUpdaterService127.0.6490.0" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\TypeLib\ = "{5F793925-C903-4E92-9AE3-77CA5EAB1716}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\TypeLib\ = "{C4622B28-A747-44C7-96AF-319BE5C3B261}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F4334319-8210-469B-8262-DD03623FEB5B}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\127.0.6490.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\1.0\0 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\ = "ICurrentStateSystem" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{6430040A-5EBD-4E63-A56F-C71D5990F827}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4}\ServiceParameters = "--com-service" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\127.0.6490.0\\updater.exe\\4" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib\ = "{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\127.0.6490.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\ = "IProcessLauncher2System" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0\ = "GoogleUpdater TypeLib for IUpdateStateSystem" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\TypeLib\ = "{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4DC034A8-4BFC-4D43-9250-914163356BB0}\1.0\ = "GoogleUpdater TypeLib for IPolicyStatusValueSystem" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib\ = "{D106AB5F-A70E-400E-A21B-96208C1D8DBB}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{34527502-D3DB-4205-A69B-789B27EE0414}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\1.0\ = "GoogleUpdater TypeLib for IAppCommandWebSystem" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{B685B009-DBC4-4F24-9542-A162C3793E77}\1.0 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\TypeLib\ = "{F4334319-8210-469B-8262-DD03623FEB5B}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{708860E0-F641-4611-8895-7D867DD3675B}\LocalService = "GoogleChromeElevationService" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98} C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\ = "IPolicyStatus3System" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\TypeLib\ = "{0CD01D1E-4A1C-489D-93B9-9B6672877C57}" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ = "IPolicyStatusValue" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\1.0\0\win32 C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID\{7AA668AD-44C9-562C-B3B0-104376A71AFE} C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C4622B28-A747-44C7-96AF-319BE5C3B261}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\127.0.6490.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ = "IPolicyStatus3" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\ProxyStubClsid32 C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\1.0\ = "GoogleUpdater TypeLib for IAppVersionWeb" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{B4168B26-4DAC-5948-8F80-84C2235AD469}\TypeLib C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ChromeSetup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ChromeSetup.exe N/A
Token: 33 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\126.0.6478.62_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\126.0.6478.62_chrome_installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 636 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ChromeSetup.exe C:\Program Files (x86)\Google636_1076947791\bin\updater.exe
PID 636 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ChromeSetup.exe C:\Program Files (x86)\Google636_1076947791\bin\updater.exe
PID 636 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ChromeSetup.exe C:\Program Files (x86)\Google636_1076947791\bin\updater.exe
PID 4360 wrote to memory of 1540 N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe C:\Program Files (x86)\Google636_1076947791\bin\updater.exe
PID 4360 wrote to memory of 1540 N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe C:\Program Files (x86)\Google636_1076947791\bin\updater.exe
PID 4360 wrote to memory of 1540 N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe C:\Program Files (x86)\Google636_1076947791\bin\updater.exe
PID 5096 wrote to memory of 2988 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
PID 5096 wrote to memory of 2988 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
PID 5096 wrote to memory of 2988 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
PID 3612 wrote to memory of 2952 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
PID 3612 wrote to memory of 2952 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
PID 3612 wrote to memory of 2952 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
PID 3612 wrote to memory of 1920 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\126.0.6478.62_chrome_installer.exe
PID 3612 wrote to memory of 1920 N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\126.0.6478.62_chrome_installer.exe
PID 1920 wrote to memory of 1312 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\126.0.6478.62_chrome_installer.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe
PID 1920 wrote to memory of 1312 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\126.0.6478.62_chrome_installer.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe
PID 1312 wrote to memory of 2912 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe
PID 1312 wrote to memory of 2912 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe
PID 1312 wrote to memory of 1192 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe
PID 1312 wrote to memory of 1192 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe
PID 1192 wrote to memory of 892 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe
PID 1192 wrote to memory of 892 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe
PID 4360 wrote to memory of 4824 N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4360 wrote to memory of 4824 N/A C:\Program Files (x86)\Google636_1076947791\bin\updater.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 3472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 2708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 2708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4824 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ChromeSetup.exe

"C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ChromeSetup.exe"

C:\Program Files (x86)\Google636_1076947791\bin\updater.exe

"C:\Program Files (x86)\Google636_1076947791\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={D5C1DB9C-4F8E-35AB-6515-935E8209D71C}&lang=es-419&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&brand=CHBD&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2

C:\Program Files (x86)\Google636_1076947791\bin\updater.exe

"C:\Program Files (x86)\Google636_1076947791\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x72758c,0x727598,0x7275a4

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update-internal

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x1e8,0x284,0x76758c,0x767598,0x7675a4

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x76758c,0x767598,0x7675a4

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\126.0.6478.62_chrome_installer.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\126.0.6478.62_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\c7024f09-2e95-4d27-8237-36aa82744894.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\c7024f09-2e95-4d27-8237-36aa82744894.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=126.0.6478.62 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff6084446a8,0x7ff6084446b4,0x7ff6084446c0

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=126.0.6478.62 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff6084446a8,0x7ff6084446b4,0x7ff6084446c0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=126.0.6478.62 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe82b41c70,0x7ffe82b41c7c,0x7ffe82b41c88

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,16899931224665540157,9734473165846202738,262144 --variations-seed-version --mojo-platform-channel-handle=1900 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1960,i,16899931224665540157,9734473165846202738,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2268,i,16899931224665540157,9734473165846202738,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,16899931224665540157,9734473165846202738,262144 --variations-seed-version --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,16899931224665540157,9734473165846202738,262144 --variations-seed-version --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files\Google\Chrome\Application\126.0.6478.62\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\126.0.6478.62\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,16899931224665540157,9734473165846202738,262144 --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4836,i,16899931224665540157,9734473165846202738,262144 --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4976,i,16899931224665540157,9734473165846202738,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5052,i,16899931224665540157,9734473165846202738,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=4984,i,16899931224665540157,9734473165846202738,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5544,i,16899931224665540157,9734473165846202738,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5740,i,16899931224665540157,9734473165846202738,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
GB 216.58.204.67:443 update.googleapis.com tcp
GB 216.58.204.67:443 update.googleapis.com udp

Files

C:\Program Files (x86)\Google636_1076947791\bin\updater.exe

MD5 675c9a53a09d5385bbdb3a43a88f2493
SHA1 71d1c311eadd4d5949c0b48def8ad0f2186bc243
SHA256 ebb428a4c1e29192617e7699513ec78512735110bba68bbee54dee34807094ae
SHA512 e3b1d8351b6d208678673e4c69aea745de5b2576a43d2cf9e06c1ea0780dcbc2ca56d5d5fc712b80309ba7950b90130ca2780185b71c990ea6c6062bd29f5136

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 f7170c3b08955a4ca223b3a4646f2fcd
SHA1 4d0758e5f3234822998e0695072b786201123218
SHA256 435f20be1e6edf77d6cb6fbadf2439e2f6d0c703ec7e92f240da55393b739cdd
SHA512 b137c64af282b76c06626bdb45612640c6607505f403849e6091fbad0748c28ae65d91346c2a97a30ac5a9481f23619f68116e3aa8f60b69bbfee10be089dad3

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 bd692cd9848bb4a5a78dd28896a599ac
SHA1 990bf87cbd0074f9007b17dda727ac27c1a5e0bf
SHA256 f66d892f755f91b3973be490258451161319773384c89c16dc93770624afca24
SHA512 476807de31cf8d898da4fc688fab511a02ad99e97b831b6903641213589b74eb83923033e492b4c55b4de0499c0a80ac5bfab06776019bd8fe57283745f069ad

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 21daaf158b0800f2c45faded1973450e
SHA1 a4a9366525348b3e86c7e74a05e32ce8caff9120
SHA256 283f48bf3c10d59f98009e7fc55e609d060541e13a756b1da64333d45839eddb
SHA512 d0b8005d564214bf1e036391d29166d5e499cfaa37be786f2ac6054d517127f89346110b9ea7dee07d6bf88cac7a9843148a087622a45c45c1513e6bc4e4107c

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\settings.dat

MD5 b04850b749a9690410f3aa1d8d61a09d
SHA1 03b4994c672c5b587b435476ea5d74319194c2d1
SHA256 844415ddf33eed239e51058e97bb71a620532648cea28cf0bb640154c242dacf
SHA512 922915e7540923020b67a4c341ca219f2388c9bd3fed9ce3a6d58e3a70d24474fb583bb94700e36ad4be6b86ee554d0b6fde3a23485a869b422766e7be5ee033

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 0e7ce209bca339846cbc5928bf64a78a
SHA1 c50b1d84f4fbd693f9c4b1b609954c097a3bd484
SHA256 04f20c555084862e5b415c3cd4c117fc5393b1698a886096a4ffbd857cffd48e
SHA512 e2789b2982ad4e120c56c28758f61a7b22350a6d4ca407adc07dd48c0c1ac4626dce4585005dfef7938cbe7072e0fc5c66f0dc35f45d2d53d9d6542361b79e40

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 bdce395b453a0a3ffcf742feb2a210ae
SHA1 8bfc909ac17238d49d93a3668256b92766391452
SHA256 82f7226a5b6be7356507c368ca2468c5d9b7d4a4036fa18d85c6a99e2f0eae41
SHA512 cf4d12cecd6d749990265779d1f9ec5e505b54cf283580f611cd346aaca17816b4c58547bb61c451190c07b651d967f2d03c13b74e2210195514f8087b92288e

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 7136b45ffcac6b52d6873f2864471ea9
SHA1 7afb956fccbfa48ec7fcac07cde0f6059a51a534
SHA256 78f60448736dd9d298a2bc503571a91a8f0c342e95ff8cc589d546e84e7384c2
SHA512 66755a95e16371a527df8b702ba8d686a08678aa0d3257ec4775c5fef8c81d422d7a6ce8aa1fa1c150ebe02f14a0df23776dabc42b6da5ed83b79be956fc2ac7

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 372ee0a4374fc49958440eb5867995f5
SHA1 a21ef5b2891a3d351313e3bc7d85f433fe2c0051
SHA256 310fdaff6a6d3c124da48c3f909d278cd22ae574ceabab411aff9ac9cddb5a64
SHA512 7f0215fef201cf90f791dc2a013757140641248abb0e12fe57c2fca1c7f982345685e1fdc7da29c12fb3187af1cdee4936ced22bc2109e3c56d35d3d765f624b

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 b300d8b32233b5aed4da4a742b4e8b3e
SHA1 0242771c599ad11d7d01f57e8db202c6915be19f
SHA256 ecad5e6f6f4cf5ecfdd73266d851f266e878e30b6e9c0f0bef555763917e9b9b
SHA512 2af45c8fab493842a0a57595445af8f1c49cad1a6257aac6d0163d753ba050d33411e9c8363a1749e58ef083c1609c1c621aa85a6f35bf45e825038c1ca27d77

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 ba010c07e3e35fa8e94eaa0c8afbfb84
SHA1 120daaa16633b9936bab9301e6e9f265bce75017
SHA256 ac353b024881aba479faa177b0ee9e63ca0569f516c2d9434d1836dabb53dc7c
SHA512 247438d5287f4717d6a3041ecf70a3b931488a318eb259e191cde6f177d1f40c151c4c3dbf70bb00108b2125e6523294908ed31523c0ef717b8b2503d37037f7

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\CR_25B6D.tmp\setup.exe

MD5 33a9ee74a3571ec0d75fa46bbb8434e8
SHA1 f2354d603c692783f6e720890edbd72711a83a8f
SHA256 27f07efb3517c821ad9075490f8926f448b1f21442e5b43180e6ce47bd402d39
SHA512 a5f5f050e7225ef720eafd9605a3abb97a49f35ad39641dc16842e62d3e75b158d3140fc38dc49f461828bf0d36c406593b18b1a0a112845ccdd358c4d6c5f53

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3612_1356348863\c7024f09-2e95-4d27-8237-36aa82744894.tmp

MD5 45446e57dd03d7cf50c3fc2eef4fa54e
SHA1 f31361158a83bffb3c15845eedb4c0b80dac3de8
SHA256 d33bb3499fe6d9d0c653cd91da92447bf3b9a447df61053964f1cc9885da8bf0
SHA512 60e05a6b54bd4908f4cc915f6bc5b0631ed410f81c6fc98a141c177108163ff38b4852992147aa196e85ffe1e305532797a23cebebd8a39c0ec947ebd2c0bf81

C:\Windows\TEMP\chrome_installer.log

MD5 ba6ddabf5a8b075e3aede6790ded17cc
SHA1 ca45f81e2f92d353801f338473c777d2411c0160
SHA256 b946106782f629bdfae9323d16d86be7773fd4f0c3ef59c0e9bff801880832a9
SHA512 9c92b324e708efe3b67cf46d2ab269bec5b57e41c52e4838a4237ff4934835f68a1ca5fe130d23e2e9a21c89621794df56d743377a5bb3eda9e21854d1bd3f5f

C:\Program Files\Crashpad\settings.dat

MD5 af7dd712089bad0fa915dd8fad410888
SHA1 a01c1ee8de12ef513e62065e575fbe3d82ecc559
SHA256 31535eab7634c19579ebd1f165eccc0cfc47e0092aff72c7fceba15e4dfae6c1
SHA512 3aa9bd3c939293ab671df0cd2d7f5b70994dbd56bc0e95a3fc4d820704ee569a271a07db44660b8b699dc1db1645ceb2aab5155b350b6e5b90dc3e34f7fa83c5

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 6ad3c650a03a8ef85edfa3cea3a55dd1
SHA1 953c5f8cdd74c544d7fd65179b69972eae1d6b34
SHA256 0ced41b677c6515584b182c3ad18cdb38c78048251ab3aec50c6a500c2c171d7
SHA512 8fa9fdcc1c22383438c2623a5f5e023df3654cb7058bdcea64afc5ba849cb6c8826294449f52c4a3c0aba5584dcc1367afe93dcf0f5a6ad4ff274e94a9a5c573

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 5f091047107b01b80d85c905fd25dd31
SHA1 0f5ffe4897581e9581aa30f54905742f9d0dffd7
SHA256 9e8fd71b751773329ec6079bb61b4f576cc12efa80c78bd6da7b3946db2de7b8
SHA512 f97746292ff6d29f6cbf0ce334aafe7a31d266568d8e2644d57122282bb26fa5276d16f9799d994e1a3a37059dd9983649a8d68cdb9d5ba2e94c8afa284e1f53

C:\Program Files\Google\Chrome\Application\126.0.6478.62\chrome_elf.dll

MD5 4462a8aaa11f54a6f035b112ede53621
SHA1 5f8a8951903ca8eae8d8f04423b52f62cedc15ac
SHA256 697b1288225a7a19e44d178c0cbaff52169460f8f5a360cd95fa936041bbc098
SHA512 69dd85b57b16c92232511471e36d437755cbe651723c6cb7fbd1b8a7a436f766eecb91f1448a21e86f5aed5c2c9d4910a464a0c10cea2278f73024285a579994

\??\PIPE\wkssvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 338170df052b164bbf4d86e98a9d8af7
SHA1 c2aa4a6c4450e6084e73b206b9a46f69e6f1a5a7
SHA256 09e928aad22f9dcf45680020e6def3b5c4104d79b43b32455ea44f4692540295
SHA512 4ed54fa5d913e7bb444fc4f404403aa7dcfbc19e9f8a2fcb36f4ec7468dca9f8df600446bae5a0fca1e8bc5408309841969ebb5b6554e962e14cb49ebf47c227

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 13eaa054fe01a3f87b50aa3d3994216b
SHA1 1369f7ef5312fe9e1cfce6485bcea5852ab7acb8
SHA256 97ff61376d0493241b9261da0153e451ba0e17a0826ccbb6ba44eb169f18ec15
SHA512 8e637e4c33e8026a26568fa33fc9976d7deb9706e32878cca8552b022f87a66b21ef3c2d8fc4196a8cbe49ca01ae6bae7596f55e4bdfd1c41e772a56aa068cc2

C:\Program Files\Google\Chrome\Application\126.0.6478.62\libEGL.dll

MD5 9b8953ecd66ed9ea7ac861418324a617
SHA1 fac037b0dc4ff1afc83e92ba6d190d01ba00fa2d
SHA256 422b9366ec7a0183e73ba21000aade920ff7f0a1479604033789b9df40c596bd
SHA512 2113b85f72d31eaf3932b95b69ea20402b1fff14e9ba662d730bb79857b087a4ce2910bd8cbb7cdc3166b11d3dfca7f8bcce410494b6cc35b05e5583d3886ff3

C:\Program Files\Google\Chrome\Application\126.0.6478.62\libGLESv2.dll

MD5 6dbbe8f8b99b17374a7a01f305e5f75e
SHA1 f9f1e603402ce693c1cb7db4551499db9a3e49b0
SHA256 6fa04117c3658db1f38af1af9541918543682482e1a4dd75dda65fabc89b56c9
SHA512 77f38146890f1f1c4d7145356006c152cb56f94eaf172cb3c0128a255c9907b300e36b0472dbc7fd4b240a245aca2ff8b90b52a0b107b063952f27e0f9a6de42

C:\Program Files\Google\Chrome\Application\126.0.6478.62\d3dcompiler_47.dll

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

MD5 50a73b13f69ac3170f373b250b002af2
SHA1 22266d9d545d203803de790c493783c0c1befa7a
SHA256 5ebf573bef39db47ee9090e022b1fbf9398b0f172033dc057bf588446d994c64
SHA512 fe7d19dc32fcb443d963a6b27c0619c9d17c16494c0d9255a1842ca58745f1c9301285d3147d14b49965eb5adc15954d143b70466c76d326e8385fa6eedc2747

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Program Files\Google\Chrome\Application\126.0.6478.62\elevation_service.exe

MD5 52632498cb12099f6301d11afbe0f0ad
SHA1 8660e9f765ea3043732c404d590bfcfa072cada9
SHA256 1488c9f7249adb03194a67d5a4dd2a70a9e7a23aa1231f0b6fa8af5381a4e63d
SHA512 cae9b6b6a9bc13f06d486b461c7104e9dcce3f29b5401b6eed1587035496b92334e5d2a7f8c11f99b6b0f081238354d97155ad5f559655fdbd251a068bbeda68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Program Files\Google\Chrome\Application\126.0.6478.62\dxcompiler.dll

MD5 797ccb351cec04ea760ffe663023dcb3
SHA1 16944a705a79cd9b6d478c08703e50bd9889cc47
SHA256 74139cfe8e7dc5994c5e7c8047063e1d36b25205df01fc1dc69f247899f5fa4d
SHA512 afeb05186eac5518dfbe88a2b85d2e5a3886fbfdc9554bccd5938fae752ac7925097067e13dbba744c1572c4da0cae57bf6577af8f8983a50ddebdf93cdf58c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Program Files\Google\Chrome\Application\126.0.6478.62\dxil.dll

MD5 30da04b06e0abec33fecc55db1aa9b95
SHA1 de711585acfe49c510b500328803d3a411a4e515
SHA256 a5fe1d8d9caa2ff29daffd53f73a9a4e19c250351b2abe4fc7b57e60ce67ac68
SHA512 67790874377e308d1448d0e41df9dd353a5f63686df4eb9a8e70a4da449b0c63a5d3655ab38d24b145ad3c57971b1c6793ea6c5ac2257b6eb2e8964a44ab0f08

C:\Program Files\Google\Chrome\Application\126.0.6478.62\vk_swiftshader.dll

MD5 b622404360cc4737b32ebdcee354419e
SHA1 3b85c488f4d1852b270854749a1bd7e28b909c27
SHA256 ed6d35ab4872eea78df57a1e9517ee4881ea57f66d1534b65d204b8e2dd37173
SHA512 53763db7741af1e41f8317c2da1c7c44bb51007332702520890dedc55198c321af6d823d2125fe9ad9d01e1b31a7b9d092180f99de5cbbfb8314a0a43911f05d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2301fe7fdef7a475fdea081112a3fb68
SHA1 2f86b0d66419710bdd43d4ab076f6fbd1380a455
SHA256 2ffcfb29db7d035db9a591fcb81bb842a45ff6c99757788bea1c86e8cd7f5cf3
SHA512 2aa04b53dfd9383e251b8c9572aa445106e25ffefb780c9587390655083f2a16f69c1c83cfbf2bc86a2134ef006671fe61e26155261e8f07dd9a10517918d08a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da697774522d0ffffaf1497560d95c05
SHA1 1195da6bd0384c90baaae9e86690a6fa749dd993
SHA256 15d5c2962c37263e79d910aae2a6e6b4f8415f35bbc418048beeeb27e423b94f
SHA512 aa60dfadbdcd732fd0a42735299eb46a4741250c5cacbf53a9ee73c367641c37fd66c690a4faa95483c076d11d7f4fab595dea4cc995521f25e2ef9912b895f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 8e889cec15ef966342d1d371df3b7d9d
SHA1 5bb88c241330dd3671a2ebb8b029206b1ad91db2
SHA256 2a1f471a2f11a35fd5408fbe814967a914996b8adecde84ad06c4457c24f3ba6
SHA512 65ab2b5b0fbf007f6da9c2c203525b0f184831a191932f0699aa6dbf6ffc6ccf90f4ca5468136f5ca745f7486cddc7ede3e82c4e70cfa03f0a10c09f07243952

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c7a786f87ce781804a8bf877718afb94
SHA1 430a39990c5bc711db3a119835475bdf90169e92
SHA256 2948afcd9ff15865d6ba4bbee25f15c11de58f611251c9d5dfa19b6ad5a7fefd
SHA512 4558ec1cfc0cacbfd14c3d8d98d226f83e1073492389c570ea509a42bff9b4e5e9a93d998ecb794148439a7cd2f16cf56582d40325ad48ee4549906d5e9c87eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 29c4bb19682e623d873764904af7af68
SHA1 18398bfbb7703e8dce07d88f5d34f96d348165c7
SHA256 e89c15877494c2de36baecd9933ec325203022202cb5589c2191aed3d6cae2e2
SHA512 d1a38f676d64c333df39696c10eadf266c8a1e7b0761b76e750e0d6292fb55b0dff7841c55959d0150bc5ad710e1496e87992b1e6bb562fc495f482023a6f9b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 499a3ced8723b09eb0bb0cdf1afd929b
SHA1 eef01474bd65e8f5a81308213e6a30ab3efeaf41
SHA256 b281ddd66bbd079a143ae349084bff4883fc4c57678991124ed9fe47075a4cd3
SHA512 454780e45807606439fc58974c61d8415aaa62f63cbea6a003badb198e23f0a120b14e5b7f27b5b0dcd0b55af42d062d8446a0eb1a2161a0a5687ae405f89e14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 32e983ece1fa1fab80ddb1a40f03b3c8
SHA1 5b13f0d54d441e43edcc3ab6ac3b877eeba9fd15
SHA256 6ad620bf071c9c9cc89cd1a2eae173c48eb98b37feeafd1e57efc007a2bd0261
SHA512 af5b4f7edb711e9dcb282adf631738d971c09f27af0c9ed5c21705fc2605cb75f59e5e6b141375afc00e5efb099c55afca9d79c45fb2e3212459d74b2f7ffa4c

C:\Program Files\chrome_Unpacker_BeginUnzipping4824_227905054\manifest.json

MD5 e122d14cd5e041a7b4cd6d9de78dedb1
SHA1 abdd7a27561d4a18d8c34e89c2a68c946bc4c174
SHA256 c8dab575ba97fa0bd69aac195f0eb5c19445b0e4e1450f40f2d466a313087865
SHA512 c58a867ad39c5572e1a802783db907120caccdca76d7e4625009408fcc1750ecbe3e4ea1af15dd778159a938dc06f46e6912de0a09b2c143bb23d6dcc4485dba

C:\Program Files\chrome_Unpacker_BeginUnzipping4824_227905054\crl-set

MD5 3043aa0a1c1b384ff11691431fd640fb
SHA1 8149ca743d60f948074651db702b353e22fc5cb4
SHA256 169a9eae617409647e37675331451f668b0fe5784bf34ee533c68a4dd5cad84b
SHA512 e6fcb68346f66fcbabd587df0586e94e12688060863679cb24351501a5fc86e8cdb00dd84281df5e581e5055b1e7064f57c9a9bc4d3e38fca04410ce8153d18c

C:\Program Files\chrome_Unpacker_BeginUnzipping4824_1843077016\manifest.json

MD5 4c30f6704085b87b66dce75a22809259
SHA1 8953ee0f49416c23caa82cdd0acdacc750d1d713
SHA256 0152e17e94788e5c3ff124f2906d1d95dc6f8b894cc27ec114b0e73bf6da54f9
SHA512 51e2101bcad1cb1820c98b93a0fb860e4c46172ca2f4e6627520eb066692b3957c0d979894e6e0190877b8ae3c97cb041782bf5d8d0bb0bf2814d8c9bb7c37f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.49.1\Filtering Rules

MD5 6274a7426421914c19502cbe0fe28ca0
SHA1 e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc
SHA256 ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee
SHA512 bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6f595fea1bcedb46bcbbd7076137043d
SHA1 f38879a093428edf3ae2ac5d0066f88d429dad5e
SHA256 b121438e23925d9095a3adbfd7c837f46a4c428e7ef9441c3a6d37d4e01de7e1
SHA512 a62b2eb534e30c678ecd7ab93662d9318f1ad747a3c1523cabf351ce1e4af53a77eac6d839de62313d4edb500497ee4d1dd68807ca17ecd15f8130aeb7d6f794

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-17 17:11

Reported

2024-06-17 17:13

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

150s

Command Line

"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\import.pptx" /ou ""

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Processes

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\import.pptx" /ou ""

Network

Files

memory/4736-2-0x00007FFB75CD0000-0x00007FFB75CE0000-memory.dmp

memory/4736-3-0x00007FFB75CD0000-0x00007FFB75CE0000-memory.dmp

memory/4736-1-0x00007FFB75CD0000-0x00007FFB75CE0000-memory.dmp

memory/4736-4-0x00007FFB75CD0000-0x00007FFB75CE0000-memory.dmp

memory/4736-0-0x00007FFB75CD0000-0x00007FFB75CE0000-memory.dmp

memory/4736-5-0x00007FFBB5CED000-0x00007FFBB5CEE000-memory.dmp

memory/4736-6-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-7-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-9-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-8-0x00007FFB73A40000-0x00007FFB73A50000-memory.dmp

memory/4736-11-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-12-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-13-0x00007FFB73A40000-0x00007FFB73A50000-memory.dmp

memory/4736-14-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-15-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-21-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-20-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-19-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-18-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-17-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-16-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-10-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

memory/4736-31-0x00007FFB75CD0000-0x00007FFB75CE0000-memory.dmp

memory/4736-33-0x00007FFB75CD0000-0x00007FFB75CE0000-memory.dmp

memory/4736-34-0x00007FFB75CD0000-0x00007FFB75CE0000-memory.dmp

memory/4736-32-0x00007FFB75CD0000-0x00007FFB75CE0000-memory.dmp

memory/4736-35-0x00007FFBB5C50000-0x00007FFBB5E45000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 17:11

Reported

2024-06-17 17:13

Platform

win7-20240508-en

Max time kernel

134s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe"

Signatures

AsyncRat

rat asyncrat

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2092 set thread context of 2168 N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe C:\Windows\SysWOW64\cmd.exe
PID 2168 set thread context of 2592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Enumerates physical storage devices

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2092 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe C:\Windows\SysWOW64\cmd.exe
PID 2092 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe C:\Windows\SysWOW64\cmd.exe
PID 2092 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe C:\Windows\SysWOW64\cmd.exe
PID 2092 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe C:\Windows\SysWOW64\cmd.exe
PID 2092 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe C:\Windows\SysWOW64\cmd.exe
PID 2168 wrote to memory of 2592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2168 wrote to memory of 2592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2168 wrote to memory of 2592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2168 wrote to memory of 2592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2168 wrote to memory of 2592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2168 wrote to memory of 2592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Processes

C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe

"C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\01 NOTIFICACION DEMANDA.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 briana2024.kozow.com udp
US 8.8.8.8:53 briana2024.kozow.com udp
US 8.8.8.8:53 briana2024.kozow.com udp
US 8.8.8.8:53 briana2024.kozow.com udp
US 8.8.8.8:53 briana2024.kozow.com udp
US 8.8.8.8:53 briana2024.kozow.com udp
US 8.8.8.8:53 briana2024.kozow.com udp

Files

memory/2092-0-0x0000000074650000-0x00000000747C4000-memory.dmp

memory/2092-1-0x0000000076F40000-0x00000000770E9000-memory.dmp

memory/2092-7-0x0000000074662000-0x0000000074664000-memory.dmp

memory/2092-8-0x0000000074650000-0x00000000747C4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\b392e26f

MD5 62da58e7f288708053f4c08d3b093eb3
SHA1 28ce4a03b416fc3c656b4cac16ab46331b0cca2d
SHA256 53afecdc503dd27b7915c990b209596209cfffe80c30cbcaa174ab80a0121633
SHA512 1539ce6b55c33418a5ecd3c1933926dce445f236e2125e8d25d10eaca1da8a0c7f19c0d4670a3ca9146aec9c7ce2c82dcd13b546cf6b2ef8551e88b61fec4948

memory/2092-9-0x0000000074650000-0x00000000747C4000-memory.dmp

memory/2168-12-0x0000000074650000-0x00000000747C4000-memory.dmp

memory/2168-13-0x0000000076F40000-0x00000000770E9000-memory.dmp

memory/2168-58-0x0000000074650000-0x00000000747C4000-memory.dmp

memory/2168-59-0x0000000074650000-0x00000000747C4000-memory.dmp

memory/2168-62-0x0000000074650000-0x00000000747C4000-memory.dmp

memory/2592-63-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

memory/2592-64-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

memory/2592-61-0x00000000724C0000-0x0000000073522000-memory.dmp

memory/2592-65-0x0000000073B7E000-0x0000000073B7F000-memory.dmp

memory/2592-66-0x0000000000080000-0x0000000000096000-memory.dmp

memory/2592-67-0x0000000073B70000-0x000000007425E000-memory.dmp

memory/2592-68-0x0000000073B70000-0x000000007425E000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-17 17:11

Reported

2024-06-17 17:13

Platform

win7-20240508-en

Max time kernel

117s

Max time network

118s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ASUS_WMI.dll",#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ASUS_WMI.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ASUS_WMI.dll",#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 256

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-17 17:11

Reported

2024-06-17 17:13

Platform

win7-20240221-en

Max time kernel

118s

Max time network

119s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ATKEX.dll",#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1996 wrote to memory of 2828 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1996 wrote to memory of 2828 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1996 wrote to memory of 2828 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1996 wrote to memory of 2828 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1996 wrote to memory of 2828 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1996 wrote to memory of 2828 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1996 wrote to memory of 2828 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ATKEX.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ATKEX.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-17 17:11

Reported

2024-06-17 17:13

Platform

win10v2004-20240611-en

Max time kernel

92s

Max time network

96s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ATKEX.dll",#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4304 wrote to memory of 1660 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4304 wrote to memory of 1660 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4304 wrote to memory of 1660 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ATKEX.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\ATKEX.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 31.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 225.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-17 17:11

Reported

2024-06-17 17:13

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

52s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\AsIO.dll",#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1648 wrote to memory of 1084 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1648 wrote to memory of 1084 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1648 wrote to memory of 1084 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\AsIO.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\AsIO.dll",#1

Network

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-17 17:11

Reported

2024-06-17 17:13

Platform

win7-20240611-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\import.pptx"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MenuExt C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A

Processes

C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\PROCESO DEMANDA\import.pptx"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

Network

N/A

Files

memory/2596-0-0x000000002DFD1000-0x000000002DFD2000-memory.dmp

memory/2596-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

memory/2596-2-0x000000007222D000-0x0000000072238000-memory.dmp

memory/2596-5-0x000000005FFF0000-0x0000000060000000-memory.dmp

memory/2596-6-0x000000007222D000-0x0000000072238000-memory.dmp