Malware Analysis Report

2024-09-09 18:09

Sample ID 240618-rprasa1fpn
Target 5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe
SHA256 25c5ab5180ce56a329beedc920d01452d9c3f648ad9b109c859be0da3cf65e86
Tags
discovery evasion persistence privilege_escalation spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

25c5ab5180ce56a329beedc920d01452d9c3f648ad9b109c859be0da3cf65e86

Threat Level: Known bad

The file 5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

discovery evasion persistence privilege_escalation spyware stealer

Modifies visiblity of hidden/system files in Explorer

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: Image File Execution Options Injection

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Checks computer location settings

Checks installed software on the system

Adds Run key to start application

Drops file in System32 directory

Checks system information in the registry

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Enumerates system info in registry

Scheduled Task/Job: Scheduled Task

Suspicious use of SendNotifyMessage

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-18 14:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 14:22

Reported

2024-06-18 14:24

Platform

win7-20240611-en

Max time kernel

150s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe"

Signatures

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\svchost.exe N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\109.0.5414.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\109.0.5414.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\svchost.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\svchost.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_sw.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_zh-CN.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_bg.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_iw.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\Locales\hi.pak C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_gu.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_ro.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_th.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\Locales\es.pak C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\Locales\lv.pak C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\vulkan-1.dll C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_bg.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\WidevineCdm\LICENSE C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\chrome_proxy.exe C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdateSetup.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_id.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_ja.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\Locales\fi.pak C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\Locales\ms.pak C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping556_495794770\manifest.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdateBroker.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_ar.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_fi.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\chrome_200_percent.pak C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_ml.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\WidevineCdm\manifest.json C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_fa.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\VisualElements\LogoCanary.png C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\psmachine.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_lt.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_fa.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_sl.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\VisualElements\LogoDev.png C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_ar.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateCore.exe C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_uk.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\resources.pak C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_lv.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\Locales\el.pak C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\Locales\sw.pak C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_cs.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_te.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_mr.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping556_1813034275\manifest.fingerprint C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\psuser_64.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_hr.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_id.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_am.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleCrashHandler64.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\VisualElements\Logo.png C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping556_495794770\LICENSE C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_es.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_pt-BR.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_ta.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\Locales\tr.pak C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdateCore.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_da.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_tr.dll C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2036_44869753\Chrome-bin\109.0.5414.120\109.0.5414.119.manifest C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe N/A
File opened for modification C:\Windows\Resources\tjud.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification C:\Windows\Resources\Themes\icsys.icn.exe C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
File opened for modification \??\c:\windows\resources\themes\explorer.exe C:\Windows\Resources\Themes\icsys.icn.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID\ = "GoogleUpdate.CoreClass" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.352\\psmachine.dll" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine\CLSID\ = "{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603} C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ = "IAppBundleWeb" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods\ = "43" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ServiceParameters = "/comsvc" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ = "IAppVersionWeb" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\ = "IPolicyStatus" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6365D39F-2E73-4837-BC59-2014AAA20FA7}\ = "PSFactoryBuffer" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2} C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\win32\ = "C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\elevation_service.exe" C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ = "IApp2" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\NumMethods\ = "16" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods\ = "6" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\CLSID\ = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods\ = "24" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503} C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\ = "Google Update Policy Status Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ = "IApp2" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID\ = "GoogleUpdate.OnDemandCOMClassSvc" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4} C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ProgID\ = "GoogleUpdate.CoreMachineClass.1" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\109.0.5414.120_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\109.0.5414.120_chrome_installer.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2020 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 
PID 2020 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 
PID 2020 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 
PID 2020 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 
PID 2020 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 
PID 2020 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 
PID 2020 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 
PID 2188 wrote to memory of 2540 N/A \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe
PID 2188 wrote to memory of 2540 N/A \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe
PID 2188 wrote to memory of 2540 N/A \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe
PID 2188 wrote to memory of 2540 N/A \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe
PID 2188 wrote to memory of 2540 N/A \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe
PID 2188 wrote to memory of 2540 N/A \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe
PID 2188 wrote to memory of 2540 N/A \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe
PID 2540 wrote to memory of 1652 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 1652 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 1652 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 1652 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 1652 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 1652 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 1652 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 2332 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 2332 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 2332 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 2332 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 2332 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 2332 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 2332 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2332 wrote to memory of 1948 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 2332 wrote to memory of 1948 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 2332 wrote to memory of 1948 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 2332 wrote to memory of 1948 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 2332 wrote to memory of 1364 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 2332 wrote to memory of 1364 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 2332 wrote to memory of 1364 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 2332 wrote to memory of 1364 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 2332 wrote to memory of 1956 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 2332 wrote to memory of 1956 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 2332 wrote to memory of 1956 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 2332 wrote to memory of 1956 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 2540 wrote to memory of 1320 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 1320 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 1320 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 1320 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 1320 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 1320 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 1320 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 108 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 108 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 108 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 108 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 108 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 108 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2540 wrote to memory of 108 N/A C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2020 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 2020 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 2020 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 2020 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 2732 wrote to memory of 2736 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 2732 wrote to memory of 2736 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 2732 wrote to memory of 2736 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 2732 wrote to memory of 2736 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 2736 wrote to memory of 2812 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 2736 wrote to memory of 2812 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe"

\??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 

c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={B0C7E753-364C-4C0A-0948-96A34C5F7CBB}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjBDN0NBNTQtNTkwNC00NTNDLTgxREEtQ0NBMTM3MzIwNDExfSIgdXNlcmlkPSJ7NjkwMjFGQTEtMTY0Ny00NjMyLTkwOEYtRTU1RERGNUYxNzgxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezNFNkJDNjUwLUVGNDMtNDRFMi04ODhGLTYxRjI3NzcwQUU4MX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjE1MSIgbmV4dHZlcnNpb249IjEuMy4zNi4zNTIiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7QjBDN0U3NTMtMzY0Qy00QzBBLTA5NDgtOTZBMzRDNUY3Q0JCfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI3MTgiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={B0C7E753-364C-4C0A-0948-96A34C5F7CBB}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{B0C7CA54-5904-453C-81DA-CCA137320411}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Windows\Resources\Themes\icsys.icn.exe

C:\Windows\Resources\Themes\icsys.icn.exe

\??\c:\windows\resources\themes\explorer.exe

c:\windows\resources\themes\explorer.exe

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe SE

\??\c:\windows\resources\svchost.exe

c:\windows\resources\svchost.exe

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe PR

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 14:24 /f

C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\109.0.5414.120_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\109.0.5414.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\gui4BD1.tmp"

C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\gui4BD1.tmp"

C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fae1148,0x13fae1158,0x13fae1168

C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{1113C1A8-2B5F-444F-AF6B-F6BBB7895039}\CR_CEE8A.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fae1148,0x13fae1158,0x13fae1168

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjBDN0NBNTQtNTkwNC00NTNDLTgxREEtQ0NBMTM3MzIwNDExfSIgdXNlcmlkPSJ7NjkwMjFGQTEtMTY0Ny00NjMyLTkwOEYtRTU1RERGNUYxNzgxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezM0MjhENzBBLUU2RjgtNEY1Ri1CNjQ2LUM3MDA5QTI0N0JCOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuNTQxNC4xMjAiIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNiIgaWlkPSJ7QjBDN0U3NTMtMzY0Qy00QzBBLTA5NDgtOTZBMzRDNUY3Q0JCfSIgY29ob3J0PSIxOjFnOHg6IiBjb2hvcnRuYW1lPSJXaW5kb3dzIDciPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vZWRnZWRsLm1lLmd2dDEuY29tL2VkZ2VkbC9yZWxlYXNlMi9jaHJvbWUvY3phbzJocnZwazV3Z3Fya3o0a2tzNXI3MzRfMTA5LjAuNTQxNC4xMjAvMTA5LjAuNTQxNC4xMjBfY2hyb21lX2luc3RhbGxlci5leGUiIGRvd25sb2FkZWQ9IjkzMTIyNjAwIiB0b3RhbD0iOTMxMjI2MDAiIGRvd25sb2FkX3RpbWVfbXM9Ijk0ODQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjMxODIiIGRvd25sb2FkX3RpbWVfbXM9IjEwMTcxIiBkb3dubG9hZGVkPSI5MzEyMjYwMCIgdG90YWw9IjkzMTIyNjAwIiBpbnN0YWxsX3RpbWVfbXM9IjI2ODQ4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5f36b58,0x7fef5f36b68,0x7fef5f36b78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1584 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2140 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3100 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1400 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1344 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3700 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3820 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3900 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3992 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3844 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4076 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:1

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 14:25 /f

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1096 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=856 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:8

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 14:26 /f

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1112 --field-trial-handle=1152,i,4470576215895094019,8050190907134193656,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 216.58.204.67:443 update.googleapis.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
GB 216.58.204.67:443 update.googleapis.com udp

Files

memory/2020-0-0x0000000000400000-0x000000000041F000-memory.dmp

\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 

MD5 39bf8879ff9c5ab55acb38ac910a3286
SHA1 017d0d3d393c52526490fe63bedb5079a261f8c2
SHA256 dcec31b978fa86190c59888ed40ed901dfac809d200c8c5bcd2dec7345f0d2eb
SHA512 3a8d7dba2ee7afe11da1014b69987a86d003eb0fbc75ec0c8f8a40706310208e6e19e6173b0c892ae48642372ebff23a7f19a8a11c3cdc9eb728f1e84512e71c

\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdate.exe

MD5 bfb045ceef93ef6ab1cef922a95a630e
SHA1 4a89fc0aa79757f4986b83f15b8780285db86fb6
SHA256 1f6b69d11a3066e21c40002a25986c44e24a66f023a40e5f49eecaea33f5576d
SHA512 9c1bfa88b5b5533ede94158fa3169b9e0458f1ceae04dae0e74f4c23a899ce27d9109bd298a2053fb698e2ed403f51a9b828ee9fa9d66b54a18cd0d969edc194

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdate.dll

MD5 2fa183e7b8b744b6761a008f6bc56b87
SHA1 63696ad0541611afc3fb61abdc9e1474d044625a
SHA256 e80fce87f2f4b87282fa38260acfe5435e47fd2e0884db4c7446ac00635a7ccf
SHA512 8b2fbe57ce75348d6606d0beaf2f69452f7480ad7b9a914b5a9c1a6624d2e32df757e3002c5eb26515a9bd35bf84586dbf6272204ef56c3a6e9a541b14aeb338

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_en.dll

MD5 1feaa8ae6b558b8fd45f566cd5e6272b
SHA1 8284338c519adaf91fec6ce69bad2bfe34bc3c8d
SHA256 784e8a03c6f5df231a08e0671ddd66c554a68be2b14224521e72d8c50076d7a5
SHA512 ab5009663e5e59b8c7f7341b4970a39749c7f419c15423fd0d2686be518dfdf07578acde86207ab4da204f4d82898be164d3b6d5a1020ef7440f67452ca19d3f

memory/2540-91-0x0000000000370000-0x0000000000371000-memory.dmp

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdateCore.exe

MD5 e0e328e353efdfccf4aba39bed38ae5c
SHA1 35388f3a1d5f30b913e5ec442ccee88a03df11bd
SHA256 b8ca3d7d6f8f875b88128f9968d7ad2718300115c1bf455fcc3d128c923b2c14
SHA512 32af8dcb139f1c0dc0e23641ad8f87e9cda2071c001405db6a44fce2226a189217dcd5aa47f260eaa3d482aa8bd20f797fc7cb48b3e9195be9e0dd94e79651b5

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleCrashHandler.exe

MD5 8eb5a3bca26acb6688a0cd7b35cfdad9
SHA1 209c79d6b18a00f378efa75c7a3e44686f1850a1
SHA256 24dfdf400d8514d3fbfc5f4aa5dd2143f38b160ad142417bbf83e4d2e425dd0c
SHA512 9dc20a43174f103ace495986cda9870ed4b899c74fe85cfd941fe2cc312e883caf9d0f8835fc59f8a7fd82ee350e479896fb31c7d0cd170ff6932fd9e24a0417

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleUpdateComRegisterShell64.exe

MD5 4b0bf7525348fd3b55b189c42f90633c
SHA1 3861f8dad235032ff0d68065fde4082b379f02b2
SHA256 f318deb222e9f635f3a7b7de3202169732ebdb4ccf0be5fa8bb94e2e83913b74
SHA512 ae87acaf33c4cc1a1368b427128432b94a8030f8837490ecaf6a394a5e2e5a9340e243f436b894fa269a8bec3d22da93b9e480d33911938e995055c3e7a8cb76

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_am.dll

MD5 6b662cf1c75bf32f3f26a945c3f420d9
SHA1 a410ed831e4cd56b8d108be5ee193be3305d92bd
SHA256 cd426d502f1b039f4d9bb8c199271c68b63700cd2203567be7f3324a5755654f
SHA512 b5937a1513012b3b74f52348f67bf26415f311c8a5a7506ccf43d8724848629a1f3c16fa8e2ed251332886d32f9e8a423cbe0d675b2320104131f1760d144b8b

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_ar.dll

MD5 adae3c47edd1bd2e078f46e7dd448ff9
SHA1 e05b32b580286d45a9a3011cb209deed6fe964fe
SHA256 41a395dc1c9b6e10a32e39fc9bcc3c45611b30723c5a895ab46bd2abdac31d3a
SHA512 c05774d97c45fad2821526f852035954fd6dd9f1320d958657201d3fb378f763b8ff075848e7513c9872405dbabb656895193efda26a2a7587b0ba014a9abe38

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\GoogleCrashHandler64.exe

MD5 15c1cadd3729ae6a4c1f8fa08d61bdc6
SHA1 1486f4eaa1b41b0f2101559ea24630d002bc2d25
SHA256 ce1dd1ba63273aacc0d1ef4e25d8338577d612e88f27d29466168099d3548342
SHA512 70eb764a53647d178278c743f964e03671bd445cc121f8e5a5b17441483b8b150ddf0d91316b8da1a7e289f6d6ebaf7f4952c8745530a700d21269309807f341

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_bg.dll

MD5 848d712a48ee972e87517818dede7e41
SHA1 cf58fc4fd8d021f703ee7e5b1674b341059e65d6
SHA256 b17e3507aa13334e21fb0fc98eea44ade4793a5b2edf2d76694da0772bf6feb1
SHA512 7ca11c5a86b81efc72ef044ffc8bf90a0ce9eec5e25e36d3cf499059d6c0e54a44dc21cde7862b00381eebc55c5bba896f7263aefa321be4cd1f9cbd2ba1d5ce

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_bn.dll

MD5 1d1e2d66464c7237e667fc8813847d27
SHA1 99f340f03747b025106a4ab40b1f19ba475d2c91
SHA256 825428867f14ce18169fe8705c0a5c941b87a7feec84f4e3dd4344bbe5fc7972
SHA512 2f102a69d0fa1b2583a56a290d351551a0edd0fd9591a25c8e80c3e59df06b1335b0d3e4418416f089cf80650fad842c6a2d060bcee722e2000348083d00135f

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_ca.dll

MD5 8a178eedd7627e0b655ee3714fbf6766
SHA1 5b24081d284814005eaad0b158318258e2de76e6
SHA256 bd6013798ad45b2791c829e01ef74ce123cbdd138f298e7a6ec762a643340d12
SHA512 524569f7acf97ebd56a6f04fa4b38497850c466f63ed6a2972e35d392e14a3c3c7e6e64a5f2e21e859d88eff55de637ce6aa0266b1bf316dcd7c37c966d516e0

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_cs.dll

MD5 5cf5dc21628df3d52c372a3033918fdc
SHA1 cf10f6f02a4e43a852996ea23ccc905192429bb4
SHA256 487957b3eb2daddf00808350c3cc52f8574ea585ea4a2ea742378b97ae4bbc71
SHA512 553175a77c6434c93c638c3e5ea6ecd5a4d44f887e682aa2b57284e9a7ebeabcf652e12af08ee25d1ce393b6593930dff053232d1036b38ab8ddb605c7d78559

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_de.dll

MD5 35c9a26ea3cc527cf812edf6b20624d7
SHA1 dec5b58d039cfe7992a9fa58cdd80a2b03128054
SHA256 0f9022abd367d05db56b0b6158d4afa8b938ea78c87d86259544bdba83019af1
SHA512 40b5c2c7b56f035fbd2aa28f0fa169b864279dd169f1e019a8454a8a03ef97b6cdb6a82de065a110c75c8c541c973085e7a7d30d6d3741840b89214f438919cb

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_es.dll

MD5 2e147e4e176468a9a242598a6bdf1e20
SHA1 80db4da2da23f71210fdeb34b437d538f4721078
SHA256 915a8b251b22157119abb16748907f2866e51b71a0ad13c0b3c52f3a8ae5a489
SHA512 4edc4632d4556bd34c254497a754f1cc33ab63e081ff420c4384e4e84d4f5c9730f00349517f682b77074953ca314d296248a1af4bd102265ae1d841017c505f

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_en-GB.dll

MD5 02acce9239e5805169b4c5d181d8c9a5
SHA1 0020fdfacfa745589818382052aee3818eedfeee
SHA256 38b97394a4a2d2ddbde72cd49c70ea4670bb7eb3e2f14f17428fa9328200bd51
SHA512 41539b9319f8ef41726bc4b2912473c0a4e175978b61643740107a00710fb678b9a5f06fffbb2b70b1b9e9b69b20290afabfe1bed43f16d111918a7e19fff46a

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_el.dll

MD5 0b607c22c8cfb0c32086c9dba5626dce
SHA1 20d3278fe52514dce5c844892923a115de479162
SHA256 2e01f0b326d233a14c8179ba8da32c6ed7b5edecac9ba19c4b110d09cc7c29a5
SHA512 601cb02e7249727cdcce01884932bdd7aecdc32322b8b4c1713747b7c0dcea3977036aa1e53cb1fd3239447ba46ec9a35c62ff5b94303a04ff9b3339fb316513

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_da.dll

MD5 f2676455a6cc1749b55f904fef73cbe1
SHA1 c8cdcfc7b253198acbbaf2a69328904fc07a6d2c
SHA256 70ca4eb73a4f8d03e750929a4afdb876076d39499f2016588f8b6fe85a80b0e5
SHA512 71b23fe2a956f2d8b35331ebbbf3d9e097f1c328f67af15d9a27315ef44421276bad40fb318d68764617e589296840c8f9fecf63dbe4bce1e527325ccec19bf8

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_es-419.dll

MD5 7fc614569f8a00c7f6c105dc308a05bb
SHA1 e48f2cc5f8a647d82ffbd604f802b585dd9bd51e
SHA256 f824300af9088e1ad03c07e3f5c2c24ccfdbfae552f134d2cd1314e2c6842375
SHA512 efc5c114d5a26d4444b5a9b67d03c5b62e8fc376ccfa16f73773d1b738b38f12e20cf1dc891df3898b039356196e130f432aa69aa166b9e0bab9be1e3b1f1534

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_et.dll

MD5 0495217e97c7f9584f1a949e52ab6719
SHA1 89632cb99cac75aa6e0ba2c97eb6fbd7fed2c53a
SHA256 02943198f3d5f8d335681c2f234e28bd625a4344d580726e6832ebb917a8c564
SHA512 fdc46d8f0c6523706d5836ae085dbf1e6d490de3c9104d1b19bd5bf6ef0610a8c5edbfb30a669a9bcb1c587e945d25a1d4d6233ad56dae5920cb66baba189513

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_fa.dll

MD5 b7c188cc894700632f0abbdc14d05118
SHA1 06054e584dc48723cc1c3df4d12b44c714068f85
SHA256 793e4facbdd8aaee208ce16960c20497ce5b73c3fcc8ae685e1d2d9a6c9df857
SHA512 17e6184548e533bb10f6d78912c77e8e9b555b0ec91417879154fada0bad515b6d6bb6cd4d0569818da02a8cb7311fe1be343c5245991a3f942aee8a53129156

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_fi.dll

MD5 c943b9809dfaf64374b6b0df35a6fb6c
SHA1 579dd6771c37a2dfaee6ecdea8fe0ec045e68152
SHA256 4ee8c1fcf9c8cec7650503bce686f297baec74675001c1d9143be2ee5106b14d
SHA512 abe33f629a00ff4ae8639f73c5fed250674530fbca96dfdbec8d843bacf2a23ebcf5b663ade641c0ed7b819c2933caca27749e6f5855e5cc8f72b63343e24730

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_fil.dll

MD5 123225552b7e78596df8bc4c1bc4e061
SHA1 f685678593546573f92b1cca29f7a4b0beaa515e
SHA256 34f796d2747881b015c276e732a56dde1ca0391a92e6056fa3ba035079ea89a4
SHA512 d66ca5004e69dec64574d735dae2ab3aba39a135c4e6836fd0f235fb756c8feebe4b3e596c2538201c37b75d930c076d798edddd3abe352ccd3778e4d4912a2c

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_fr.dll

MD5 7a14ae39e800dabbd68d06a8342b8648
SHA1 cb4690182796eaab35939ab170b68fbe08004bc9
SHA256 4591262991f9987ae96536b810c581620519aaebe019a1ff59449bcd7a48c93d
SHA512 f1e0c261e4bf057bd1760841ca58dc3c5965c299d404eafaa06482d745b0fe0754f19b5bb34752636e66321b1f5769f5f13b624a246c9384c4dd740a214d9071

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_gu.dll

MD5 5832a382e0fc97ef6077044ac2f0c9b1
SHA1 56d5c1b61a1c8e8baaaac5f48711db31c4dcbb4e
SHA256 88ab42e9ca190892538b32edc92ad9e71ea0c9e8eee8d7d9648aa346034c258d
SHA512 25030159432f35c00c44553ceffd70997744215a5d8a76335d1b0a0b6b918852615ebd321a3552cbdf8bfc575920e9d232e1fe4219fc38cf0665bdc3a146fbbe

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_hi.dll

MD5 949823f9d28c169ed117aa008322726c
SHA1 da53a482cc5ba3553943dc2fc58ea77dd7b4e820
SHA256 005bcc8cb546db64daea5e83efa339d5b6248ffdc423de245e1ea1ad0a99e82a
SHA512 2e77a0048c4c2d6c475962031493a63106d18a6fd8a92f9e02faa8be7c73aa518850a55dc9e536179e7c185e7a0ad3896cbb3b5c6d71c173091ca78ae8a9914a

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_hr.dll

MD5 d97fb038ff65b4be4ee32ec3dd913226
SHA1 f6a7dad37a92ee37f63189a81a9463a193da2e85
SHA256 f42d2cca2bf323a80c1998189373d6cf3f57d14a4e311a7e89018b9134e86287
SHA512 040e512825092371fb2dcc58e5ea1c7fb7b7d769e5f26d3259e2df56b80586c5155441572508876ef201ee392b1518ffcbc940bcf4a640ad493b3366430caa57

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_hu.dll

MD5 d2be427ba68d1e3c6f23f0f7542671f8
SHA1 6abcfd568d45cf7a286d6c679e2a08617a3783de
SHA256 48cf6d5c45714bb4f08d80ec6fb871b7cc7bf44cf49a4daf858b429225c2299c
SHA512 6fefafb51346a3995c6aaecd14d6deac5bdf774c62987165d8d7ecfb0b76555e661d4df9b2fa50811ff941329a18d5e99691867beaf9f3c1c634470ede0770a8

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_id.dll

MD5 fab8cc2d4e39962bd0b2b8072a12f6bf
SHA1 6dbded4d8098ec47a776fcb3079d774043a42fd8
SHA256 a9012188e55a3379e3afff70c5496f5cdd75835a003f180065793872e2f517ed
SHA512 882d1d261e8db764f1bb0d53e17d6a54ab8fa82a4d97734dacc9748598ae213cf1ae3f4dc60611814dc74372c77bb07e2cb0fdbeec543c1ea46f9e3edf9043fb

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_is.dll

MD5 f317776a4cd6f5634a889767860b8981
SHA1 d5c25756bd0a6d1bce005f4c449b4efd02a2d0a3
SHA256 c42768fb9dd2f67161fd03fb7c6066a58a37db58d568e92e166fb9de77be5cd2
SHA512 8c8238b714c63ae648fc47f1986f18b6553b99711cdb89f9490d173fb8ef7038c9f38308c789ea57a8ba4281b21e564ad8e9412fe2faa240e926a309d4d6cc80

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_it.dll

MD5 b6641153a2d527d485bc6bbde699b8d0
SHA1 6f82b52fae48440b1f18a5385b185794951b106b
SHA256 f93fd977be4730721623fd1b1845e321ac23c8b8e80ce85c982613e1accb9d76
SHA512 04f8debdd211ec536d1d5c9cbe39f96bc99caa8a1d2e5e6a669167bf60d1f2c02c3b7bc82a40e377cddebcdad89cdbbe8826d919fbba8f8d35ac3aa2f77eebd4

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_iw.dll

MD5 02d3b7b940712eb3516507cac2c045e0
SHA1 f4201ad7d882d1efeb9d4b928ea290e1ac81158b
SHA256 f9a67f92ae9b42dded0e50a002e578e34d96f1cde5e478f58634549dfcc660c6
SHA512 32765c66c6d26c171a32a82dec57b54e3ca0e28229b2e3b3b4626e3a33a5bf0e07fcb46f7ab8d03c341a0e79a6f0096630b5e734cbf8cbe876b25e8a64a0fe91

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_ja.dll

MD5 c4406f04dd466c41c8304a25d1ea11c6
SHA1 55579fae6cd7362b505c553f3b2bf06494fd6a66
SHA256 d567fbcd8f5a7bfb827966ceafc7d3dd97e2800672e7de656a88a0b034152847
SHA512 91658b573ad279a1bf2d069570f8e85db92d176f3b912722c75865e267180f9b9c3c3023ebc04f0fe6b1cb95eb4395e2bd8fa646b32b249f7acd58efe95375eb

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_kn.dll

MD5 ad8eb8adfb943e71a75bc7d4710a21f0
SHA1 33c753c6ebb8612392ba84fe6cf2eadc86ee9400
SHA256 49ace637192ab8787f18dfdf04fee63e027056c43b48ec2130d26a7aa14c131b
SHA512 475742ddf3983945cd3b42ce21fdc431bc8643ad478947e4a49153a5cd2563698f839c95991b399b329d98501d0c13c9b3d6499a096b2c7512b2fee106676324

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_ko.dll

MD5 c5c052ab089dbb7c8ea0507150445cf8
SHA1 808620bff66334b10eb287e0adcd1889ef046d70
SHA256 f4e48477f214e51db6da1a3fe412d454997728d2f831909f192d57d7256f6962
SHA512 8fba2f9484e3203a45932c72761ce56e7d19d613b5d8e8d033e07b7c170050e41f3a5455bfc90b31fba6b5a6fc7db91030050ccafbf2f2f8a43aecfd5152ce4e

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_lt.dll

MD5 699adf1a933d5e0257de2cdc5984c289
SHA1 d5b50aa4aeeb2cde74fdcb2ea4a6a91754699d2a
SHA256 b7b9929da674b6cea97055777c1d5bd952cc24bd60f626d942275baa394c6779
SHA512 df5cc06916bab486d354d4d0d207ada10a588af2af0a43df8352547ea33b389b256a17ee311c3042d09f3ca3f1cf74e29ef74224f0cb4169946b2084d2c442ca

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_lv.dll

MD5 e8cde2466986dba8ecfe835878d3dae6
SHA1 9a7806e4dc96604a97921ffd560f14c25473771f
SHA256 a46cf6a2118112f62262dabc2c156dadc6a2d3d224e6f935f57a352a7c173ebf
SHA512 1363dc5d4e4360ee683bcb283b16a23f265e35ee25ac3c8039a43b7df8e7c562babb2b531ba1456825aa5e2235bc14510bf4b1fbdafbd90f2a0da8e2ed705902

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_ml.dll

MD5 6637710aa98d7f8d35edc1ab7564882a
SHA1 b33c9c9fdd26ae38f164d9297c1f1ea7ed6817dc
SHA256 6378351e9dfb25648249269aba52885a55fb8dd7f759800e9f56691a61332450
SHA512 891881c13e5dbacd54fae2e7464f37c5c35941551608580b08995396be737b4b787e99a712139c0b74445372055fb0006d847fe87ead704c76a29406647af7fe

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_mr.dll

MD5 492e2bef61a4838b819afa275ec71a66
SHA1 27027469a9227d2d53b3dbe746f21d8636934e2c
SHA256 7bc2a4f429fa0776f05859086d8c836ff07573abd7c8e2db0b5461a03677e432
SHA512 fd464d9e2c228b2586e14f57598e24b455f855c4d91ae1d2fe4f31e2e03e1f2d1d80cb64c051a849d931e71c4e2d99f5fedb8853e70ab73411980ed236e21225

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_ms.dll

MD5 1d791ea4e0b6bb78d19f011dbe1a2610
SHA1 c64bd9174848bcb80225906743bc8920764a74d6
SHA256 d20e8b0e8850e1cbf534d88bb7ded5d3c8dfe6d420f5280e92e461416b029196
SHA512 1ccf5065b26e9512a1b8869d1d9cbf0a25a4c1d0c8864bf2c6d2ac9c4a7eb59d45728a81fc61a66da9172963622ca5ef6e3c1bb236edc0879034eb036b0c3497

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_nl.dll

MD5 8ab70f8657ddf4454d651a2165f8ec55
SHA1 d27c2f64385bf7926dd7050ef36e18d58e224e51
SHA256 9edc329d8e25eb02aac3fae70f4cc6428d711a98ddbfbad9b9775a983cafc24c
SHA512 7a79e228a30159b7015cd06f5e0819da2627ba52f956b62fcee59d108a9f7e2e6cae48085de92df633e89dad3015727d9e0a57d61142d6d478a6fdca12008e54

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_no.dll

MD5 48f72eebf8e913ed322b79fdfff57b35
SHA1 f00598cd63ec2896d0494c33bebf1899d2faaa80
SHA256 57eb62301f61ed10af075d7c34e5da8aad1050d12307e1c5888dfd3593885e30
SHA512 1def279e4a9e380298a1c27b33317b0f394e10a2b9d1e63e67bf920ae879a3934a66657eccc6cce9d6e19ab862dc60638aafb52b568c813b4e9b9eed7a8092ed

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_pl.dll

MD5 710c65dde6113525a834d61a7e6bd4ae
SHA1 679b3bd0e684bf5a80cd0ae29c099bb4337e8bd1
SHA256 c8c9db14d1a57ed95d2f9eca9e416ee934f2458bc0e1da4ed5e8196d138fd951
SHA512 5cc17073e52bffd64fabe25190ccc86a4e51f61767d51e27ac27984422b503cf1993b450debd8923b1d23cf25fdaf3b3b4aa9b7c390799092bdb3094a7b979d2

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_pt-BR.dll

MD5 225790c9039c8e926cca5488b15019e9
SHA1 2c58792faa08d2aa123271dbe0f46c367dc5e336
SHA256 afcda3a585654092f8b1e1fbd1dab5a31f05cc5f600ffbace630db1ed2675433
SHA512 98e2ffd85fd29b4a4abb1e3e063ecc47c638b3855aef2e8a33a4b508139dba8587f8ca0958057a0ab2cc034cfcf434c6b36504f402f717bfdb586a13e0f23852

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_pt-PT.dll

MD5 beb9457d9606b1cdb8f8c0877c7323d8
SHA1 9491f9d720b1c5bf5f0d1aa7e9febf4dc5ac5207
SHA256 afed70229e4cb588e8b118eaeca6f934b4d827b71680b737d4ebbebf9ea0c4de
SHA512 7416076701f13d5c48a08adfcb04173f2e804d25948d77090d02e07fa44087f9c9d142a0068f461304f58828af8ec16c56f35b9a9c893b675b722538ef8037cd

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_ro.dll

MD5 c99bd3ae49126dfc588ce72c0ab7883e
SHA1 3a8cc71c487fa9c88ba714dd7ea36cd68f7db896
SHA256 37fbfb5f53f792db6ba8de64447f90dbb6e39e6b4e89be0a6ac8f0ed8d39b500
SHA512 49df6dca13528b973adbe0c02e63992db954b55aad46a5f784d04d4e969c71dd44d86a21a0590488d38cfe169c2bdea29d6c80a1dc2d7ef8686f52285cef96e1

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_ru.dll

MD5 d70ba525c0854fc294afcf6990cccc6a
SHA1 2ec4e77a819d97f5fe53dd02c5dcf5862a5410ec
SHA256 6091364cd0606ed58ca0a5a4a09e48106de3d5816f3612e76aa7ef1e73f15bbb
SHA512 6f1b4c4d16629a03f71893bbeec7caa19d9ca8b4b21a4c365e3ff82367822f541d0a1a1edb8f387423b8dd5df2123cf890cba0964b4df109ecfdacd7e289a6df

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_sk.dll

MD5 ab8fae5d353f20cdbbd5f4d5827e9cc9
SHA1 36bf4a0e5f0bebf7e8c5838f3cc84d80328b0790
SHA256 e0c329f879cfb011adfeb133da8fdf209b760126a562f05191fcb42705c66fdd
SHA512 a49fb6a9daa2ece709e8d52913e546acb0bf6938a0577e77ea6b371f05d8b00dc61f50404cd722edffb4bc94b7acf48c4fea7d5e57cec3aa82dc69a81bff573c

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_sl.dll

MD5 56706d7a652fd5eb9ae07b2817909f1c
SHA1 c3a788780fb1fbda6003c8a842b57200c1a78180
SHA256 7da54573bff067cee9c9d274099778ac22fa5d9e4d0a06d8035fd1009937f8b5
SHA512 bc2d305c1efea968ee68fffeb770e02e04da61a3f11687bcc4811bb540d30621daeb84a0673d93290b2a38edef44aa0167c10cb5700daaeaf9fc9d73e0c963e4

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_sr.dll

MD5 897c2e0db6e086c4948f05517489f529
SHA1 f1a9c3102cc5888e4feeaa2ff2cb9e781d6806e4
SHA256 b41344bce4db11f935d386c9d96427c8ab96fe2e489071579cc410f226fa50b4
SHA512 6397c1280eae4fed3e307eb8b2b2abb399cf29f3b7f05c4ceb50e1dda0d83ca958808f9543904964c0eb9d5c159953e4fb6a80446b1f4429614faee575ff5f82

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_sv.dll

MD5 1af9274ad0138bb8554c8de1a025bc1a
SHA1 3ae92b25c76572099fdc92e958741a47ae160b6d
SHA256 a8d5a9a43e307781d6c97ce037c18334aad921466e023abd141aa78a1e3fbc4b
SHA512 55cb0950a565a33e7296c20d9d1a73aa5352a25bc987db2c8e024f817bd29965e094f2be4e32baf953a571945d57a745ec6ffb9808f45d54bc7f69dff840a0f8

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_sw.dll

MD5 428a4e2742aa371ad2e1666d4f9fc531
SHA1 bf1d6cf6b80faab2cbb6036363851b3ebfbe24a4
SHA256 5ef309a8fbb93e889cc68cdfe2fdb5b8355a08f4fa952720ed912e4bd01464ac
SHA512 d9f2fc4979ab7162f598e12aca329ef7d3c708530f9378fa8431c2fbdb8434cd607c68935f77f9885993fd22ae147cb2d4bfc8b646e11f51d718fdc5039132d1

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_ta.dll

MD5 facb8f2aa423e3857b761cacd77e83e5
SHA1 2af6fabbdc0b7b271deedc7da8999ef917873ce5
SHA256 bfff56ab5e43e209ca84e647417d74f438d9458a310d5e8eaf12f94ea1fe0797
SHA512 c117b87f27fb4a7a7363e5c514b87eafa561477bb32eb9b39140f9cf2ca7a8c01b92563ec19fc44633af5b006ae526b7acbf6a695d5ddeaf6a50b33334e718fb

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_te.dll

MD5 d514ae1d1448b689307787de873b19df
SHA1 9b7a30ccb3548338c750e89b9459e6277f45c426
SHA256 1da62793361b7186f11c5558b6224e20bccdddbb9ce50a46aac59038fafe5503
SHA512 ba3664887eee6ce8ffe27eeb3e7a1ba60461fcda1b4a2991ed501f04fa03338c04a205b9986627c4eb0fa37e1e16df95c55a19acd18f86c535623164990b7629

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_th.dll

MD5 2872feb62b490b97e7b7d00b7b43883c
SHA1 1886fedadc2caeb2f8b5f27f4cf0604365fd0262
SHA256 6a0eeef7b91422acbf8219a9aef8e7748c41372cc5af568beaa4e7f22f5360cf
SHA512 175d20efaeb608d50c8f47e7072a40675bcb8422de8de6933b2e5568a3f82a2114f0028bb3a6a53e5266db5514e2068b47dee00d54627bb0bd92ab246598a070

C:\Program Files (x86)\Google\Temp\GUMD6A.tmp\goopdateres_tr.dll

MD5 696027229b8aef639b28ff34e487e508
SHA1 b06154a676c6fd93405744e0b439b2145abbc463
SHA256 4c810ca4900de1675cafcabda6ba0370c6cab6f724207ee9ce9bf38c79f9e019
SHA512 d1cb5bb35ee406bb35964238653be669dec50093fe448be0ba5071c247c0cb66709625dc6fd9a3112ef51d7235292c3bf0a37cae6497ba6c19df26a2b9349abe

memory/2020-312-0x00000000002F0000-0x000000000030F000-memory.dmp

C:\Windows\Resources\Themes\explorer.exe

MD5 84636e968bdefaf11ef2e39cce9628b4
SHA1 0e5602f197065f081a07139b996e9b1f42fe5d07
SHA256 8cc876f984166c3173d9c104607fbb5e7a067895c4690f06b3d55e23ad687d66
SHA512 f69e187703ccea4a91964af3de66f503d42b4371ea62b14cedd6e293550cc2470958908eef2c95a3e9e0132eeec82eb71f207d5ca01a08bfcbdf22bee41c6027

memory/2736-323-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2732-322-0x00000000005D0000-0x00000000005EF000-memory.dmp

memory/2820-338-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2820-339-0x00000000003B0000-0x00000000003CF000-memory.dmp

memory/2568-343-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2812-344-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2020-345-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2732-346-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\setup.exe

MD5 b42b8ac29ee0a9c3401ac4e7e186282d
SHA1 69dfb1dd33cf845a1358d862eebc4affe7b51223
SHA256 19545e8376807bce8a430c37cab9731e85052103f769dd60a5da3d93ca68c6ec
SHA512 b5269e7392e77a0fa850049ff61e271c5aab90d546945b17a65cc2ea6420432ae56321e1e39cfd97ccdb3dfc37ddbd6ff77907f5685cc2323b8635c8cdb4a84f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Temp\scoped_dir556_2138862543\750c9e29-252b-40de-8c5a-bad0c3bed2c4.tmp

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

C:\Users\Admin\AppData\Local\Temp\scoped_dir556_2138862543\CRX_INSTALL\_locales\en\messages.json

MD5 dbedf86fa9afb3a23dbb126674f166d2
SHA1 5628affbcf6f897b9d7fd9c17deb9aa75036f1cc
SHA256 c0945dd5fdecab40c45361bec068d1996e6ae01196dce524266d740808f753fe
SHA512 931d7ba6da84d4bb073815540f35126f2f035a71bfe460f3ccaed25ad7c1b1792ab36cd7207b99fddf5eaf8872250b54a8958cf5827608f0640e8aafe11e0071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en\messages.json

MD5 91f5bc87fd478a007ec68c4e8adf11ac
SHA1 d07dd49e4ef3b36dad7d038b7e999ae850c5bef6
SHA256 92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9
SHA512 fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT~RFf76c552.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6abe71e053c4f483a1538ec6a0e51e6a
SHA1 220d3f1b03d00d69b450bdf313b26f8c7863e989
SHA256 7ed031c47444279f15b551494ca4cfff6ee17b57473c6ffb8c7be9af2ecc4eae
SHA512 7016549d7001218cb2e5c1daaf8067ac293f3bb94be6779f59a7f753ade5d65b28f6e732849b15d12fb08f5bd519f5c9c5fa09c587f7accd26e03608f526395f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1ac6bed3-5d8c-4e02-8d11-f16cea58e97e.tmp

MD5 45aa328345299f8d054187a6eaa7f492
SHA1 fb4358e327f344fc5d6729c3325095905ca06bad
SHA256 d2165b0b3ddd45ebe7f59ac952ccf2e20eb6728ddd85768bf0413c09a2669f32
SHA512 8f2b6394ba39319e9d8cf3e5ab63efe5b9845fdb73d41d81e85a862a5ff9d7a69dee5b8145410c696a26822142e51b7835b2e6b50383a70f0438d667f843d019

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce4b628695ba2ddacc09f88c38913c81
SHA1 f02db3bf236204fb7bc762a2f3a6e103b058972c
SHA256 b38742242a1d775414f1b1d38b191e34ea838d1ad0d0448d2aa70e9f9c282753
SHA512 5ebd65bc519b0a37724da7a7930aa1b9b6c6bc19683202dd5e92b200d1614081525fbff764d00d5278c32bb2b1463d49edfef438dbc79cb31816b7b5a0bf2bde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 06a66109cefde809bfd0a5341f834bff
SHA1 6701c996761b1ed74de26f2edafff6576d4930fd
SHA256 4bb0c4698b70690ff000c7c905184c8b2d7ea1ac8f0adb73b4775e6af66f62a7
SHA512 be3e0178af17ebe53641debd2b5bde0c951474fd300c627e52cc1becac55b37d7a366e99a55cd86347972c7791d4e44f3eec94ed98fd4ac7f3146c781a87bb82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7bbe79c8d15151363e55eb498189bb7c
SHA1 8fa9c974e16c62a458154f1c66b77ba77dff3bfe
SHA256 045b4306e94de64d5e21d3edef4460cf2d380f95759619c54695789498c0bf4c
SHA512 909f665884218954a8a3a4aff17ddb78f39faf326b55fd576b2bc71de815bea664a6809d9d10871591bbe3dd5e944ae689bd51fa2f8629729b665ccbfdc626a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3e7ba579aa0527e8af33b0c150f73a59
SHA1 66a8f1bf6b1ded3a894941e788d6aebba97b2be5
SHA256 e06c7ca4682fcb470e8b79830c33f00d91496981c97f11e947b900ddbd984eb6
SHA512 d935c05e91420255d8ae06a1570bf0eaeabad6db45a88f13222476107adf0f6cde26e86d6755709ec967372e7d28df3b4791d804fe38e735ca01aef6972c9217

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 14:22

Reported

2024-06-18 14:24

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe"

Signatures

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\svchost.exe N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\126.0.6478.62\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\126.0.6478.62_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\126.0.6478.62\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\svchost.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\svchost.exe N/A
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\themes\explorer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_sr.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_th.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_fi.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_lv.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\psmachine_64.dll C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2540_232184174\Filtering Rules C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_da.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_ta.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_bg.dll C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_es.dll C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\psmachine.dll C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\kn.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_pt-PT.dll C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_zh-TW.dll C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\SETUP.EX_ C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\126.0.6478.62_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\elevation_service.exe C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\chrome.dll.sig C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\bn.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_pl.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_iw.dll C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\am.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\fr.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_uk.dll C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\lt.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\pl.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\ru.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\te.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_ru.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\hu.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\vk_swiftshader.dll C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\126.0.6478.62_chrome_installer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\nb.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Temp\GUT3C40.tmp \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\psuser.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\126.0.6478.62.manifest C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\MEIPreload\preloaded_data.pb C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\optimization_guide_internal.dll C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2540_232184174\LICENSE.txt C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\126.0.6478.62_chrome_installer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_pt-PT.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\en-GB.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_mr.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_bn.dll C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\sr.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\psuser.dll C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\chrome.dll C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_am.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_hi.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_uk.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\d3dcompiler_47.dll C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\ms.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\pt-BR.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\VisualElements\SmallLogoCanary.png C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\chrome_elf.dll C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.352\goopdateres_et.dll C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\es.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2008_1533110960\Chrome-bin\126.0.6478.62\Locales\ja.pak C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_is.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_ar.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A
File created C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_sl.dll \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification \??\c:\windows\resources\themes\explorer.exe C:\Windows\Resources\Themes\icsys.icn.exe N/A
File opened for modification \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe N/A
File opened for modification C:\Windows\Resources\tjud.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification C:\Windows\Resources\Themes\icsys.icn.exe C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631942028014589" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19 C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods\ = "43" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB} C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{37FB52DA-F779-408D-B505-3F83CFBBFC20} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544}\NumMethods\ = "12" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ = "IGoogleUpdateCore" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine.1.0\ = "GoogleUpdate CredentialDialog" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ = "IAppVersionWeb" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13} C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\ = "TypeLib for Interface {463ABECF-410D-407F-8AF5-0DF35A005CC8}" C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID\ = "GoogleUpdate.Update3COMClassService" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback\CurVer\ = "GoogleUpdate.Update3WebMachineFallback.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ = "IGoogleUpdate3" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods\ = "9" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6365D39F-2E73-4837-BC59-2014AAA20FA7}\ = "PSFactoryBuffer" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\CurVer\ = "GoogleUpdate.Update3COMClassService.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964} C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LOCALSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414} C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\ProxyStubClsid32\ = "{6365D39F-2E73-4837-BC59-2014AAA20FA7}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D} C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6365D39F-2E73-4837-BC59-2014AAA20FA7}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.352\\psmachine.dll" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\NumMethods\ = "24" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0 C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusSvc.1.0\CLSID\ = "{1C4CDEFF-756A-4804-9E77-3E8EB9361016}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID\ = "GoogleUpdate.OnDemandCOMClassMachine" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ELEVATION C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID\ = "GoogleUpdate.ProcessLauncher" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6365D39F-2E73-4837-BC59-2014AAA20FA7} C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods\ = "13" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6365D39F-2E73-4837-BC59-2014AAA20FA7}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ = "IApp2" C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalizedString = "@C:\\Program Files (x86)\\Google\\Update\\1.3.36.352\\goopdate.dll,-3000" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\126.0.6478.62_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\126.0.6478.62_chrome_installer.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4840 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 
PID 4840 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 
PID 4840 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 
PID 1500 wrote to memory of 3828 N/A \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe
PID 1500 wrote to memory of 3828 N/A \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe
PID 1500 wrote to memory of 3828 N/A \??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe  C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe
PID 3828 wrote to memory of 3168 N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3828 wrote to memory of 3168 N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3828 wrote to memory of 3168 N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3828 wrote to memory of 5952 N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3828 wrote to memory of 5952 N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3828 wrote to memory of 5952 N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 5952 wrote to memory of 644 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 5952 wrote to memory of 644 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 5952 wrote to memory of 1732 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 5952 wrote to memory of 1732 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 5952 wrote to memory of 1672 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 5952 wrote to memory of 1672 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
PID 3828 wrote to memory of 5260 N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3828 wrote to memory of 5260 N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3828 wrote to memory of 5260 N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3828 wrote to memory of 5068 N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3828 wrote to memory of 5068 N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3828 wrote to memory of 5068 N/A C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4840 wrote to memory of 5604 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 4840 wrote to memory of 5604 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 4840 wrote to memory of 5604 N/A C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 5604 wrote to memory of 2176 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 5604 wrote to memory of 2176 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 5604 wrote to memory of 2176 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 2176 wrote to memory of 5768 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 2176 wrote to memory of 5768 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 2176 wrote to memory of 5768 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 5768 wrote to memory of 632 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 5768 wrote to memory of 632 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 5768 wrote to memory of 632 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 632 wrote to memory of 2768 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 632 wrote to memory of 2768 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 632 wrote to memory of 2768 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 4480 wrote to memory of 5200 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\126.0.6478.62_chrome_installer.exe
PID 4480 wrote to memory of 5200 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\126.0.6478.62_chrome_installer.exe
PID 5200 wrote to memory of 2008 N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\126.0.6478.62_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe
PID 5200 wrote to memory of 2008 N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\126.0.6478.62_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe
PID 2008 wrote to memory of 4544 N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe
PID 2008 wrote to memory of 4544 N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe
PID 2008 wrote to memory of 1056 N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe
PID 2008 wrote to memory of 1056 N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe
PID 1056 wrote to memory of 4552 N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe
PID 1056 wrote to memory of 4552 N/A C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe
PID 4480 wrote to memory of 3056 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe
PID 4480 wrote to memory of 3056 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe
PID 4480 wrote to memory of 3056 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe
PID 4480 wrote to memory of 4276 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe
PID 4480 wrote to memory of 4276 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe
PID 4480 wrote to memory of 2348 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4480 wrote to memory of 2348 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4480 wrote to memory of 2348 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 5292 wrote to memory of 3020 N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 5292 wrote to memory of 3020 N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 5292 wrote to memory of 3020 N/A C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3020 wrote to memory of 2540 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 2540 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 3100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_NeikiAnalytics.exe"

\??\c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 

c:\users\admin\appdata\local\temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={B0C7E753-364C-4C0A-0948-96A34C5F7CBB}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEIzRDI3N0QtQ0Q1RC00MkYwLUFFNjgtMEJDODg4MDYzNzVGfSIgdXNlcmlkPSJ7NjVCRjBFRTYtOTE2NS00MzRFLUIwMTAtMkUzQ0EyQ0EwMTRFfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezhGRUVDRTE2LTNFRTYtNDhBRS1CMjdBLTcyNjFCQzc2RTkyN30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjE1MSIgbmV4dHZlcnNpb249IjEuMy4zNi4zNTIiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7QjBDN0U3NTMtMzY0Qy00QzBBLTA5NDgtOTZBMzRDNUY3Q0JCfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI3NTAiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={B0C7E753-364C-4C0A-0948-96A34C5F7CBB}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{8B3D277D-CD5D-42F0-AE68-0BC88806375F}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Windows\Resources\Themes\icsys.icn.exe

C:\Windows\Resources\Themes\icsys.icn.exe

\??\c:\windows\resources\themes\explorer.exe

c:\windows\resources\themes\explorer.exe

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe SE

\??\c:\windows\resources\svchost.exe

c:\windows\resources\svchost.exe

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe PR

C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\126.0.6478.62_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\126.0.6478.62_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\gui8FFD.tmp"

C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\gui8FFD.tmp"

C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=126.0.6478.62 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff7d58e46a8,0x7ff7d58e46b4,0x7ff7d58e46c0

C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{33F61EC8-D02A-4756-9139-A1BAF39A5FD2}\CR_5AF98.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=126.0.6478.62 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff7d58e46a8,0x7ff7d58e46b4,0x7ff7d58e46c0

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEIzRDI3N0QtQ0Q1RC00MkYwLUFFNjgtMEJDODg4MDYzNzVGfSIgdXNlcmlkPSJ7NjVCRjBFRTYtOTE2NS00MzRFLUIwMTAtMkUzQ0EyQ0EwMTRFfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezMzNThDQTk1LUY1RDYtNEQzRC1CMEVFLTE0MEY3N0VGNTlDQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI2LjAuNjQ3OC42MiIgYXA9Ing2NC1zdGFibGUtc3RhdHNkZWZfMSIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI2IiBpaWQ9IntCMEM3RTc1My0zNjRDLTRDMEEtMDk0OC05NkEzNEM1RjdDQkJ9IiBjb2hvcnQ9IjE6Z3UvaTE5OiIgY29ob3J0bmFtZT0iU3RhYmxlIEluc3RhbGxzICZhbXA7IFZlcnNpb24gUGlucyI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9lZGdlZGwubWUuZ3Z0MS5jb20vZWRnZWRsL3JlbGVhc2UyL2Nocm9tZS9oNnl1Mzd4NGl4cW0zNTdweHE2ajdzYWlmZV8xMjYuMC42NDc4LjYyLzEyNi4wLjY0NzguNjJfY2hyb21lX2luc3RhbGxlci5leGUiIGRvd25sb2FkZWQ9IjExMDQ3NTMxMiIgdG90YWw9IjExMDQ3NTMxMiIgZG93bmxvYWRfdGltZV9tcz0iMTI0NTMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQ4NSIgZG93bmxvYWRfdGltZV9tcz0iMTM1MzEiIGRvd25sb2FkZWQ9IjExMDQ3NTMxMiIgdG90YWw9IjExMDQ3NTMxMiIgaW5zdGFsbF90aW1lX21zPSIyOTE4NyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=126.0.6478.62 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc825c1c70,0x7ffc825c1c7c,0x7ffc825c1c88

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,2087387837436984020,13680134348278446057,262144 --variations-seed-version=20240611-050132.334000 --mojo-platform-channel-handle=1872 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1888,i,2087387837436984020,13680134348278446057,262144 --variations-seed-version=20240611-050132.334000 --mojo-platform-channel-handle=2500 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2152,i,2087387837436984020,13680134348278446057,262144 --variations-seed-version=20240611-050132.334000 --mojo-platform-channel-handle=2620 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,2087387837436984020,13680134348278446057,262144 --variations-seed-version=20240611-050132.334000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,2087387837436984020,13680134348278446057,262144 --variations-seed-version=20240611-050132.334000 --mojo-platform-channel-handle=2964 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,2087387837436984020,13680134348278446057,262144 --variations-seed-version=20240611-050132.334000 --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files\Google\Chrome\Application\126.0.6478.62\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\126.0.6478.62\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4744,i,2087387837436984020,13680134348278446057,262144 --variations-seed-version=20240611-050132.334000 --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4988,i,2087387837436984020,13680134348278446057,262144 --variations-seed-version=20240611-050132.334000 --mojo-platform-channel-handle=4992 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5032,i,2087387837436984020,13680134348278446057,262144 --variations-seed-version=20240611-050132.334000 --mojo-platform-channel-handle=4696 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5288,i,2087387837436984020,13680134348278446057,262144 --variations-seed-version=20240611-050132.334000 --mojo-platform-channel-handle=5208 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5712,i,2087387837436984020,13680134348278446057,262144 --variations-seed-version=20240611-050132.334000 --mojo-platform-channel-handle=5196 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 update.googleapis.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
GB 216.58.204.67:443 update.googleapis.com tcp
GB 216.58.204.67:443 update.googleapis.com udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp

Files

memory/4840-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5075586b88f1231eda328d040468ff60_neikianalytics.exe 

MD5 39bf8879ff9c5ab55acb38ac910a3286
SHA1 017d0d3d393c52526490fe63bedb5079a261f8c2
SHA256 dcec31b978fa86190c59888ed40ed901dfac809d200c8c5bcd2dec7345f0d2eb
SHA512 3a8d7dba2ee7afe11da1014b69987a86d003eb0fbc75ec0c8f8a40706310208e6e19e6173b0c892ae48642372ebff23a7f19a8a11c3cdc9eb728f1e84512e71c

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdate.exe

MD5 bfb045ceef93ef6ab1cef922a95a630e
SHA1 4a89fc0aa79757f4986b83f15b8780285db86fb6
SHA256 1f6b69d11a3066e21c40002a25986c44e24a66f023a40e5f49eecaea33f5576d
SHA512 9c1bfa88b5b5533ede94158fa3169b9e0458f1ceae04dae0e74f4c23a899ce27d9109bd298a2053fb698e2ed403f51a9b828ee9fa9d66b54a18cd0d969edc194

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdate.dll

MD5 2fa183e7b8b744b6761a008f6bc56b87
SHA1 63696ad0541611afc3fb61abdc9e1474d044625a
SHA256 e80fce87f2f4b87282fa38260acfe5435e47fd2e0884db4c7446ac00635a7ccf
SHA512 8b2fbe57ce75348d6606d0beaf2f69452f7480ad7b9a914b5a9c1a6624d2e32df757e3002c5eb26515a9bd35bf84586dbf6272204ef56c3a6e9a541b14aeb338

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_en.dll

MD5 1feaa8ae6b558b8fd45f566cd5e6272b
SHA1 8284338c519adaf91fec6ce69bad2bfe34bc3c8d
SHA256 784e8a03c6f5df231a08e0671ddd66c554a68be2b14224521e72d8c50076d7a5
SHA512 ab5009663e5e59b8c7f7341b4970a39749c7f419c15423fd0d2686be518dfdf07578acde86207ab4da204f4d82898be164d3b6d5a1020ef7440f67452ca19d3f

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdateCore.exe

MD5 e0e328e353efdfccf4aba39bed38ae5c
SHA1 35388f3a1d5f30b913e5ec442ccee88a03df11bd
SHA256 b8ca3d7d6f8f875b88128f9968d7ad2718300115c1bf455fcc3d128c923b2c14
SHA512 32af8dcb139f1c0dc0e23641ad8f87e9cda2071c001405db6a44fce2226a189217dcd5aa47f260eaa3d482aa8bd20f797fc7cb48b3e9195be9e0dd94e79651b5

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleCrashHandler.exe

MD5 8eb5a3bca26acb6688a0cd7b35cfdad9
SHA1 209c79d6b18a00f378efa75c7a3e44686f1850a1
SHA256 24dfdf400d8514d3fbfc5f4aa5dd2143f38b160ad142417bbf83e4d2e425dd0c
SHA512 9dc20a43174f103ace495986cda9870ed4b899c74fe85cfd941fe2cc312e883caf9d0f8835fc59f8a7fd82ee350e479896fb31c7d0cd170ff6932fd9e24a0417

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleCrashHandler64.exe

MD5 15c1cadd3729ae6a4c1f8fa08d61bdc6
SHA1 1486f4eaa1b41b0f2101559ea24630d002bc2d25
SHA256 ce1dd1ba63273aacc0d1ef4e25d8338577d612e88f27d29466168099d3548342
SHA512 70eb764a53647d178278c743f964e03671bd445cc121f8e5a5b17441483b8b150ddf0d91316b8da1a7e289f6d6ebaf7f4952c8745530a700d21269309807f341

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_es.dll

MD5 2e147e4e176468a9a242598a6bdf1e20
SHA1 80db4da2da23f71210fdeb34b437d538f4721078
SHA256 915a8b251b22157119abb16748907f2866e51b71a0ad13c0b3c52f3a8ae5a489
SHA512 4edc4632d4556bd34c254497a754f1cc33ab63e081ff420c4384e4e84d4f5c9730f00349517f682b77074953ca314d296248a1af4bd102265ae1d841017c505f

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_en-GB.dll

MD5 02acce9239e5805169b4c5d181d8c9a5
SHA1 0020fdfacfa745589818382052aee3818eedfeee
SHA256 38b97394a4a2d2ddbde72cd49c70ea4670bb7eb3e2f14f17428fa9328200bd51
SHA512 41539b9319f8ef41726bc4b2912473c0a4e175978b61643740107a00710fb678b9a5f06fffbb2b70b1b9e9b69b20290afabfe1bed43f16d111918a7e19fff46a

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_is.dll

MD5 f317776a4cd6f5634a889767860b8981
SHA1 d5c25756bd0a6d1bce005f4c449b4efd02a2d0a3
SHA256 c42768fb9dd2f67161fd03fb7c6066a58a37db58d568e92e166fb9de77be5cd2
SHA512 8c8238b714c63ae648fc47f1986f18b6553b99711cdb89f9490d173fb8ef7038c9f38308c789ea57a8ba4281b21e564ad8e9412fe2faa240e926a309d4d6cc80

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_id.dll

MD5 fab8cc2d4e39962bd0b2b8072a12f6bf
SHA1 6dbded4d8098ec47a776fcb3079d774043a42fd8
SHA256 a9012188e55a3379e3afff70c5496f5cdd75835a003f180065793872e2f517ed
SHA512 882d1d261e8db764f1bb0d53e17d6a54ab8fa82a4d97734dacc9748598ae213cf1ae3f4dc60611814dc74372c77bb07e2cb0fdbeec543c1ea46f9e3edf9043fb

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_hu.dll

MD5 d2be427ba68d1e3c6f23f0f7542671f8
SHA1 6abcfd568d45cf7a286d6c679e2a08617a3783de
SHA256 48cf6d5c45714bb4f08d80ec6fb871b7cc7bf44cf49a4daf858b429225c2299c
SHA512 6fefafb51346a3995c6aaecd14d6deac5bdf774c62987165d8d7ecfb0b76555e661d4df9b2fa50811ff941329a18d5e99691867beaf9f3c1c634470ede0770a8

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_hr.dll

MD5 d97fb038ff65b4be4ee32ec3dd913226
SHA1 f6a7dad37a92ee37f63189a81a9463a193da2e85
SHA256 f42d2cca2bf323a80c1998189373d6cf3f57d14a4e311a7e89018b9134e86287
SHA512 040e512825092371fb2dcc58e5ea1c7fb7b7d769e5f26d3259e2df56b80586c5155441572508876ef201ee392b1518ffcbc940bcf4a640ad493b3366430caa57

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_hi.dll

MD5 949823f9d28c169ed117aa008322726c
SHA1 da53a482cc5ba3553943dc2fc58ea77dd7b4e820
SHA256 005bcc8cb546db64daea5e83efa339d5b6248ffdc423de245e1ea1ad0a99e82a
SHA512 2e77a0048c4c2d6c475962031493a63106d18a6fd8a92f9e02faa8be7c73aa518850a55dc9e536179e7c185e7a0ad3896cbb3b5c6d71c173091ca78ae8a9914a

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_pt-PT.dll

MD5 beb9457d9606b1cdb8f8c0877c7323d8
SHA1 9491f9d720b1c5bf5f0d1aa7e9febf4dc5ac5207
SHA256 afed70229e4cb588e8b118eaeca6f934b4d827b71680b737d4ebbebf9ea0c4de
SHA512 7416076701f13d5c48a08adfcb04173f2e804d25948d77090d02e07fa44087f9c9d142a0068f461304f58828af8ec16c56f35b9a9c893b675b722538ef8037cd

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_pt-BR.dll

MD5 225790c9039c8e926cca5488b15019e9
SHA1 2c58792faa08d2aa123271dbe0f46c367dc5e336
SHA256 afcda3a585654092f8b1e1fbd1dab5a31f05cc5f600ffbace630db1ed2675433
SHA512 98e2ffd85fd29b4a4abb1e3e063ecc47c638b3855aef2e8a33a4b508139dba8587f8ca0958057a0ab2cc034cfcf434c6b36504f402f717bfdb586a13e0f23852

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_pl.dll

MD5 710c65dde6113525a834d61a7e6bd4ae
SHA1 679b3bd0e684bf5a80cd0ae29c099bb4337e8bd1
SHA256 c8c9db14d1a57ed95d2f9eca9e416ee934f2458bc0e1da4ed5e8196d138fd951
SHA512 5cc17073e52bffd64fabe25190ccc86a4e51f61767d51e27ac27984422b503cf1993b450debd8923b1d23cf25fdaf3b3b4aa9b7c390799092bdb3094a7b979d2

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_no.dll

MD5 48f72eebf8e913ed322b79fdfff57b35
SHA1 f00598cd63ec2896d0494c33bebf1899d2faaa80
SHA256 57eb62301f61ed10af075d7c34e5da8aad1050d12307e1c5888dfd3593885e30
SHA512 1def279e4a9e380298a1c27b33317b0f394e10a2b9d1e63e67bf920ae879a3934a66657eccc6cce9d6e19ab862dc60638aafb52b568c813b4e9b9eed7a8092ed

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_nl.dll

MD5 8ab70f8657ddf4454d651a2165f8ec55
SHA1 d27c2f64385bf7926dd7050ef36e18d58e224e51
SHA256 9edc329d8e25eb02aac3fae70f4cc6428d711a98ddbfbad9b9775a983cafc24c
SHA512 7a79e228a30159b7015cd06f5e0819da2627ba52f956b62fcee59d108a9f7e2e6cae48085de92df633e89dad3015727d9e0a57d61142d6d478a6fdca12008e54

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_ms.dll

MD5 1d791ea4e0b6bb78d19f011dbe1a2610
SHA1 c64bd9174848bcb80225906743bc8920764a74d6
SHA256 d20e8b0e8850e1cbf534d88bb7ded5d3c8dfe6d420f5280e92e461416b029196
SHA512 1ccf5065b26e9512a1b8869d1d9cbf0a25a4c1d0c8864bf2c6d2ac9c4a7eb59d45728a81fc61a66da9172963622ca5ef6e3c1bb236edc0879034eb036b0c3497

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_sw.dll

MD5 428a4e2742aa371ad2e1666d4f9fc531
SHA1 bf1d6cf6b80faab2cbb6036363851b3ebfbe24a4
SHA256 5ef309a8fbb93e889cc68cdfe2fdb5b8355a08f4fa952720ed912e4bd01464ac
SHA512 d9f2fc4979ab7162f598e12aca329ef7d3c708530f9378fa8431c2fbdb8434cd607c68935f77f9885993fd22ae147cb2d4bfc8b646e11f51d718fdc5039132d1

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_sv.dll

MD5 1af9274ad0138bb8554c8de1a025bc1a
SHA1 3ae92b25c76572099fdc92e958741a47ae160b6d
SHA256 a8d5a9a43e307781d6c97ce037c18334aad921466e023abd141aa78a1e3fbc4b
SHA512 55cb0950a565a33e7296c20d9d1a73aa5352a25bc987db2c8e024f817bd29965e094f2be4e32baf953a571945d57a745ec6ffb9808f45d54bc7f69dff840a0f8

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_sr.dll

MD5 897c2e0db6e086c4948f05517489f529
SHA1 f1a9c3102cc5888e4feeaa2ff2cb9e781d6806e4
SHA256 b41344bce4db11f935d386c9d96427c8ab96fe2e489071579cc410f226fa50b4
SHA512 6397c1280eae4fed3e307eb8b2b2abb399cf29f3b7f05c4ceb50e1dda0d83ca958808f9543904964c0eb9d5c159953e4fb6a80446b1f4429614faee575ff5f82

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_th.dll

MD5 2872feb62b490b97e7b7d00b7b43883c
SHA1 1886fedadc2caeb2f8b5f27f4cf0604365fd0262
SHA256 6a0eeef7b91422acbf8219a9aef8e7748c41372cc5af568beaa4e7f22f5360cf
SHA512 175d20efaeb608d50c8f47e7072a40675bcb8422de8de6933b2e5568a3f82a2114f0028bb3a6a53e5266db5514e2068b47dee00d54627bb0bd92ab246598a070

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_vi.dll

MD5 30957a5d98de4d6102c144c4876eb484
SHA1 d5a89ae976dbbb300ad867d7ef156e874170f7ba
SHA256 25def11ba455b1b7bc55b07bc8c452a13671b177874ee9e1d5ce268f56c4f69a
SHA512 faf513a0995426c844c453570e81a0dfbda970e1d6656ff7e12dee56b34a61710436ef1a4988702ace6e3eebc8b5f513ac6560d980c955f47e4249a76e8e4bc2

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_zh-CN.dll

MD5 176b0e2f0ed85fb9a63aac7b865a51b6
SHA1 3635c5d257854b1aa8393ab982ea04469465112b
SHA256 90be7aef638dbcf0dbe1fe4fed327b0ebdfadd7554a8156c8498c994f6e09f1d
SHA512 5162645d1122195fb1b7c03419818029f21cbed2fc5929e5f04128d88e7a0a9fe867c8c8546f9581b6ebef323b61cdf532c0cdd8b99769f09b99949a3285a5b9

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_ur.dll

MD5 690faf81cdeb805730c6cc807a70a20a
SHA1 17a20fbd19c09bb8f2c9f7aaf19c96a712570572
SHA256 191c9e6db1e730c0ff34c55a67393360a8a217fefa1c8285d8187926bc5bcfa1
SHA512 a647eab845bbb80b7664082be7cd8df31aa232db6abb01efd9668c66adebbeca2f84e117ebd85a0b3abab818be6bf9b1edbbbec396d4b3e29583010f009c748d

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_uk.dll

MD5 3aeebf29a707ca984ffbe85c9ae6dc39
SHA1 afe35b0f23e6ebdf20596fc1845b8cee0f648a0b
SHA256 aed549ed1e358be04e4f8281c76193a7bc611373523bedf843aad6aa258b4f99
SHA512 e269bf4ca31f34467dad988d402813ac9f421872aeb061923434047ffdb9ca4dca5e391197e89cbfe8e6dd4a7d6dacb93e9c58c9f7483a641f0cb4155ef78cc6

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_tr.dll

MD5 696027229b8aef639b28ff34e487e508
SHA1 b06154a676c6fd93405744e0b439b2145abbc463
SHA256 4c810ca4900de1675cafcabda6ba0370c6cab6f724207ee9ce9bf38c79f9e019
SHA512 d1cb5bb35ee406bb35964238653be669dec50093fe448be0ba5071c247c0cb66709625dc6fd9a3112ef51d7235292c3bf0a37cae6497ba6c19df26a2b9349abe

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_te.dll

MD5 d514ae1d1448b689307787de873b19df
SHA1 9b7a30ccb3548338c750e89b9459e6277f45c426
SHA256 1da62793361b7186f11c5558b6224e20bccdddbb9ce50a46aac59038fafe5503
SHA512 ba3664887eee6ce8ffe27eeb3e7a1ba60461fcda1b4a2991ed501f04fa03338c04a205b9986627c4eb0fa37e1e16df95c55a19acd18f86c535623164990b7629

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_ta.dll

MD5 facb8f2aa423e3857b761cacd77e83e5
SHA1 2af6fabbdc0b7b271deedc7da8999ef917873ce5
SHA256 bfff56ab5e43e209ca84e647417d74f438d9458a310d5e8eaf12f94ea1fe0797
SHA512 c117b87f27fb4a7a7363e5c514b87eafa561477bb32eb9b39140f9cf2ca7a8c01b92563ec19fc44633af5b006ae526b7acbf6a695d5ddeaf6a50b33334e718fb

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_sl.dll

MD5 56706d7a652fd5eb9ae07b2817909f1c
SHA1 c3a788780fb1fbda6003c8a842b57200c1a78180
SHA256 7da54573bff067cee9c9d274099778ac22fa5d9e4d0a06d8035fd1009937f8b5
SHA512 bc2d305c1efea968ee68fffeb770e02e04da61a3f11687bcc4811bb540d30621daeb84a0673d93290b2a38edef44aa0167c10cb5700daaeaf9fc9d73e0c963e4

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_sk.dll

MD5 ab8fae5d353f20cdbbd5f4d5827e9cc9
SHA1 36bf4a0e5f0bebf7e8c5838f3cc84d80328b0790
SHA256 e0c329f879cfb011adfeb133da8fdf209b760126a562f05191fcb42705c66fdd
SHA512 a49fb6a9daa2ece709e8d52913e546acb0bf6938a0577e77ea6b371f05d8b00dc61f50404cd722edffb4bc94b7acf48c4fea7d5e57cec3aa82dc69a81bff573c

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_ru.dll

MD5 d70ba525c0854fc294afcf6990cccc6a
SHA1 2ec4e77a819d97f5fe53dd02c5dcf5862a5410ec
SHA256 6091364cd0606ed58ca0a5a4a09e48106de3d5816f3612e76aa7ef1e73f15bbb
SHA512 6f1b4c4d16629a03f71893bbeec7caa19d9ca8b4b21a4c365e3ff82367822f541d0a1a1edb8f387423b8dd5df2123cf890cba0964b4df109ecfdacd7e289a6df

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_ro.dll

MD5 c99bd3ae49126dfc588ce72c0ab7883e
SHA1 3a8cc71c487fa9c88ba714dd7ea36cd68f7db896
SHA256 37fbfb5f53f792db6ba8de64447f90dbb6e39e6b4e89be0a6ac8f0ed8d39b500
SHA512 49df6dca13528b973adbe0c02e63992db954b55aad46a5f784d04d4e969c71dd44d86a21a0590488d38cfe169c2bdea29d6c80a1dc2d7ef8686f52285cef96e1

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_mr.dll

MD5 492e2bef61a4838b819afa275ec71a66
SHA1 27027469a9227d2d53b3dbe746f21d8636934e2c
SHA256 7bc2a4f429fa0776f05859086d8c836ff07573abd7c8e2db0b5461a03677e432
SHA512 fd464d9e2c228b2586e14f57598e24b455f855c4d91ae1d2fe4f31e2e03e1f2d1d80cb64c051a849d931e71c4e2d99f5fedb8853e70ab73411980ed236e21225

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_ml.dll

MD5 6637710aa98d7f8d35edc1ab7564882a
SHA1 b33c9c9fdd26ae38f164d9297c1f1ea7ed6817dc
SHA256 6378351e9dfb25648249269aba52885a55fb8dd7f759800e9f56691a61332450
SHA512 891881c13e5dbacd54fae2e7464f37c5c35941551608580b08995396be737b4b787e99a712139c0b74445372055fb0006d847fe87ead704c76a29406647af7fe

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_lv.dll

MD5 e8cde2466986dba8ecfe835878d3dae6
SHA1 9a7806e4dc96604a97921ffd560f14c25473771f
SHA256 a46cf6a2118112f62262dabc2c156dadc6a2d3d224e6f935f57a352a7c173ebf
SHA512 1363dc5d4e4360ee683bcb283b16a23f265e35ee25ac3c8039a43b7df8e7c562babb2b531ba1456825aa5e2235bc14510bf4b1fbdafbd90f2a0da8e2ed705902

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_lt.dll

MD5 699adf1a933d5e0257de2cdc5984c289
SHA1 d5b50aa4aeeb2cde74fdcb2ea4a6a91754699d2a
SHA256 b7b9929da674b6cea97055777c1d5bd952cc24bd60f626d942275baa394c6779
SHA512 df5cc06916bab486d354d4d0d207ada10a588af2af0a43df8352547ea33b389b256a17ee311c3042d09f3ca3f1cf74e29ef74224f0cb4169946b2084d2c442ca

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_ko.dll

MD5 c5c052ab089dbb7c8ea0507150445cf8
SHA1 808620bff66334b10eb287e0adcd1889ef046d70
SHA256 f4e48477f214e51db6da1a3fe412d454997728d2f831909f192d57d7256f6962
SHA512 8fba2f9484e3203a45932c72761ce56e7d19d613b5d8e8d033e07b7c170050e41f3a5455bfc90b31fba6b5a6fc7db91030050ccafbf2f2f8a43aecfd5152ce4e

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_kn.dll

MD5 ad8eb8adfb943e71a75bc7d4710a21f0
SHA1 33c753c6ebb8612392ba84fe6cf2eadc86ee9400
SHA256 49ace637192ab8787f18dfdf04fee63e027056c43b48ec2130d26a7aa14c131b
SHA512 475742ddf3983945cd3b42ce21fdc431bc8643ad478947e4a49153a5cd2563698f839c95991b399b329d98501d0c13c9b3d6499a096b2c7512b2fee106676324

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_ja.dll

MD5 c4406f04dd466c41c8304a25d1ea11c6
SHA1 55579fae6cd7362b505c553f3b2bf06494fd6a66
SHA256 d567fbcd8f5a7bfb827966ceafc7d3dd97e2800672e7de656a88a0b034152847
SHA512 91658b573ad279a1bf2d069570f8e85db92d176f3b912722c75865e267180f9b9c3c3023ebc04f0fe6b1cb95eb4395e2bd8fa646b32b249f7acd58efe95375eb

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_iw.dll

MD5 02d3b7b940712eb3516507cac2c045e0
SHA1 f4201ad7d882d1efeb9d4b928ea290e1ac81158b
SHA256 f9a67f92ae9b42dded0e50a002e578e34d96f1cde5e478f58634549dfcc660c6
SHA512 32765c66c6d26c171a32a82dec57b54e3ca0e28229b2e3b3b4626e3a33a5bf0e07fcb46f7ab8d03c341a0e79a6f0096630b5e734cbf8cbe876b25e8a64a0fe91

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_it.dll

MD5 b6641153a2d527d485bc6bbde699b8d0
SHA1 6f82b52fae48440b1f18a5385b185794951b106b
SHA256 f93fd977be4730721623fd1b1845e321ac23c8b8e80ce85c982613e1accb9d76
SHA512 04f8debdd211ec536d1d5c9cbe39f96bc99caa8a1d2e5e6a669167bf60d1f2c02c3b7bc82a40e377cddebcdad89cdbbe8826d919fbba8f8d35ac3aa2f77eebd4

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_gu.dll

MD5 5832a382e0fc97ef6077044ac2f0c9b1
SHA1 56d5c1b61a1c8e8baaaac5f48711db31c4dcbb4e
SHA256 88ab42e9ca190892538b32edc92ad9e71ea0c9e8eee8d7d9648aa346034c258d
SHA512 25030159432f35c00c44553ceffd70997744215a5d8a76335d1b0a0b6b918852615ebd321a3552cbdf8bfc575920e9d232e1fe4219fc38cf0665bdc3a146fbbe

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_fr.dll

MD5 7a14ae39e800dabbd68d06a8342b8648
SHA1 cb4690182796eaab35939ab170b68fbe08004bc9
SHA256 4591262991f9987ae96536b810c581620519aaebe019a1ff59449bcd7a48c93d
SHA512 f1e0c261e4bf057bd1760841ca58dc3c5965c299d404eafaa06482d745b0fe0754f19b5bb34752636e66321b1f5769f5f13b624a246c9384c4dd740a214d9071

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_fil.dll

MD5 123225552b7e78596df8bc4c1bc4e061
SHA1 f685678593546573f92b1cca29f7a4b0beaa515e
SHA256 34f796d2747881b015c276e732a56dde1ca0391a92e6056fa3ba035079ea89a4
SHA512 d66ca5004e69dec64574d735dae2ab3aba39a135c4e6836fd0f235fb756c8feebe4b3e596c2538201c37b75d930c076d798edddd3abe352ccd3778e4d4912a2c

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_fi.dll

MD5 c943b9809dfaf64374b6b0df35a6fb6c
SHA1 579dd6771c37a2dfaee6ecdea8fe0ec045e68152
SHA256 4ee8c1fcf9c8cec7650503bce686f297baec74675001c1d9143be2ee5106b14d
SHA512 abe33f629a00ff4ae8639f73c5fed250674530fbca96dfdbec8d843bacf2a23ebcf5b663ade641c0ed7b819c2933caca27749e6f5855e5cc8f72b63343e24730

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_fa.dll

MD5 b7c188cc894700632f0abbdc14d05118
SHA1 06054e584dc48723cc1c3df4d12b44c714068f85
SHA256 793e4facbdd8aaee208ce16960c20497ce5b73c3fcc8ae685e1d2d9a6c9df857
SHA512 17e6184548e533bb10f6d78912c77e8e9b555b0ec91417879154fada0bad515b6d6bb6cd4d0569818da02a8cb7311fe1be343c5245991a3f942aee8a53129156

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_et.dll

MD5 0495217e97c7f9584f1a949e52ab6719
SHA1 89632cb99cac75aa6e0ba2c97eb6fbd7fed2c53a
SHA256 02943198f3d5f8d335681c2f234e28bd625a4344d580726e6832ebb917a8c564
SHA512 fdc46d8f0c6523706d5836ae085dbf1e6d490de3c9104d1b19bd5bf6ef0610a8c5edbfb30a669a9bcb1c587e945d25a1d4d6233ad56dae5920cb66baba189513

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_es-419.dll

MD5 7fc614569f8a00c7f6c105dc308a05bb
SHA1 e48f2cc5f8a647d82ffbd604f802b585dd9bd51e
SHA256 f824300af9088e1ad03c07e3f5c2c24ccfdbfae552f134d2cd1314e2c6842375
SHA512 efc5c114d5a26d4444b5a9b67d03c5b62e8fc376ccfa16f73773d1b738b38f12e20cf1dc891df3898b039356196e130f432aa69aa166b9e0bab9be1e3b1f1534

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_el.dll

MD5 0b607c22c8cfb0c32086c9dba5626dce
SHA1 20d3278fe52514dce5c844892923a115de479162
SHA256 2e01f0b326d233a14c8179ba8da32c6ed7b5edecac9ba19c4b110d09cc7c29a5
SHA512 601cb02e7249727cdcce01884932bdd7aecdc32322b8b4c1713747b7c0dcea3977036aa1e53cb1fd3239447ba46ec9a35c62ff5b94303a04ff9b3339fb316513

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_de.dll

MD5 35c9a26ea3cc527cf812edf6b20624d7
SHA1 dec5b58d039cfe7992a9fa58cdd80a2b03128054
SHA256 0f9022abd367d05db56b0b6158d4afa8b938ea78c87d86259544bdba83019af1
SHA512 40b5c2c7b56f035fbd2aa28f0fa169b864279dd169f1e019a8454a8a03ef97b6cdb6a82de065a110c75c8c541c973085e7a7d30d6d3741840b89214f438919cb

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_da.dll

MD5 f2676455a6cc1749b55f904fef73cbe1
SHA1 c8cdcfc7b253198acbbaf2a69328904fc07a6d2c
SHA256 70ca4eb73a4f8d03e750929a4afdb876076d39499f2016588f8b6fe85a80b0e5
SHA512 71b23fe2a956f2d8b35331ebbbf3d9e097f1c328f67af15d9a27315ef44421276bad40fb318d68764617e589296840c8f9fecf63dbe4bce1e527325ccec19bf8

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_cs.dll

MD5 5cf5dc21628df3d52c372a3033918fdc
SHA1 cf10f6f02a4e43a852996ea23ccc905192429bb4
SHA256 487957b3eb2daddf00808350c3cc52f8574ea585ea4a2ea742378b97ae4bbc71
SHA512 553175a77c6434c93c638c3e5ea6ecd5a4d44f887e682aa2b57284e9a7ebeabcf652e12af08ee25d1ce393b6593930dff053232d1036b38ab8ddb605c7d78559

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_ca.dll

MD5 8a178eedd7627e0b655ee3714fbf6766
SHA1 5b24081d284814005eaad0b158318258e2de76e6
SHA256 bd6013798ad45b2791c829e01ef74ce123cbdd138f298e7a6ec762a643340d12
SHA512 524569f7acf97ebd56a6f04fa4b38497850c466f63ed6a2972e35d392e14a3c3c7e6e64a5f2e21e859d88eff55de637ce6aa0266b1bf316dcd7c37c966d516e0

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_bn.dll

MD5 1d1e2d66464c7237e667fc8813847d27
SHA1 99f340f03747b025106a4ab40b1f19ba475d2c91
SHA256 825428867f14ce18169fe8705c0a5c941b87a7feec84f4e3dd4344bbe5fc7972
SHA512 2f102a69d0fa1b2583a56a290d351551a0edd0fd9591a25c8e80c3e59df06b1335b0d3e4418416f089cf80650fad842c6a2d060bcee722e2000348083d00135f

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_bg.dll

MD5 848d712a48ee972e87517818dede7e41
SHA1 cf58fc4fd8d021f703ee7e5b1674b341059e65d6
SHA256 b17e3507aa13334e21fb0fc98eea44ade4793a5b2edf2d76694da0772bf6feb1
SHA512 7ca11c5a86b81efc72ef044ffc8bf90a0ce9eec5e25e36d3cf499059d6c0e54a44dc21cde7862b00381eebc55c5bba896f7263aefa321be4cd1f9cbd2ba1d5ce

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_ar.dll

MD5 adae3c47edd1bd2e078f46e7dd448ff9
SHA1 e05b32b580286d45a9a3011cb209deed6fe964fe
SHA256 41a395dc1c9b6e10a32e39fc9bcc3c45611b30723c5a895ab46bd2abdac31d3a
SHA512 c05774d97c45fad2821526f852035954fd6dd9f1320d958657201d3fb378f763b8ff075848e7513c9872405dbabb656895193efda26a2a7587b0ba014a9abe38

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\goopdateres_am.dll

MD5 6b662cf1c75bf32f3f26a945c3f420d9
SHA1 a410ed831e4cd56b8d108be5ee193be3305d92bd
SHA256 cd426d502f1b039f4d9bb8c199271c68b63700cd2203567be7f3324a5755654f
SHA512 b5937a1513012b3b74f52348f67bf26415f311c8a5a7506ccf43d8724848629a1f3c16fa8e2ed251332886d32f9e8a423cbe0d675b2320104131f1760d144b8b

C:\Program Files (x86)\Google\Temp\GUM3C3F.tmp\GoogleUpdateComRegisterShell64.exe

MD5 4b0bf7525348fd3b55b189c42f90633c
SHA1 3861f8dad235032ff0d68065fde4082b379f02b2
SHA256 f318deb222e9f635f3a7b7de3202169732ebdb4ccf0be5fa8bb94e2e83913b74
SHA512 ae87acaf33c4cc1a1368b427128432b94a8030f8837490ecaf6a394a5e2e5a9340e243f436b894fa269a8bec3d22da93b9e480d33911938e995055c3e7a8cb76

memory/5604-309-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Windows\Resources\Themes\explorer.exe

MD5 811bc5a7f01abe73193d54f54d6419db
SHA1 4f1ec59afdda2ec35bc99a528c609c46b22dc635
SHA256 50b9c9cbbfc295e5dcf0afe861e244236b8ac9da2fe23d89792d384411ac1c7d
SHA512 e4f68de13f39a32064ab84bd70f7c564b91bdb04f556bae82d4a805893a45966803cb146869e9da832e0f4e5fd3fe268ff7cc7f4070407cb16db941310df16dd

memory/2768-334-0x0000000000400000-0x000000000041F000-memory.dmp

memory/5768-335-0x0000000000400000-0x000000000041F000-memory.dmp

memory/5604-336-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4840-337-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Google\Chrome\Application\126.0.6478.62\Installer\setup.exe

MD5 33a9ee74a3571ec0d75fa46bbb8434e8
SHA1 f2354d603c692783f6e720890edbd72711a83a8f
SHA256 27f07efb3517c821ad9075490f8926f448b1f21442e5b43180e6ce47bd402d39
SHA512 a5f5f050e7225ef720eafd9605a3abb97a49f35ad39641dc16842e62d3e75b158d3140fc38dc49f461828bf0d36c406593b18b1a0a112845ccdd358c4d6c5f53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b654f298ebd0452a669328178f6ce884
SHA1 1ec1aebfe9635caec05609842d433434c708327c
SHA256 a67dea75503ce0419ebc836c37e931fe3644f1d97ca9af0d01d123e20d0474d1
SHA512 4e27fbd94978e47cc927dfba28c1743f6c064d2db92e86e9a564c09ad791855a9c3d2df8006bd644f6b0aae7a91993465f7e157557c7f503e313883f351b9691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 af672d1fb8d4a0a0d7ae7302dedaca1a
SHA1 73e896a3659bca6d6ae942c33ed29301d2e25b6d
SHA256 7a5d3fb7b01ae8dfe979a7bf59662cd1d83529523a950d3522998f6bcef2d33c
SHA512 d969c783fd2cae4af472e0a84daa5b37c24536c529f4228c6c0964da6922a930c169186a1d58943af21c2e36fe9a4ee1383c6159f7117d22389e778253dfad7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ca9cf5ffbb62235ed1d8f48fed5db549
SHA1 3a5247f21cfc4eade002b0bd6fc5b00a88437261
SHA256 d70f0c6be0eb1e3bade646a819f721f5a94a8d84ea9089a7a6f088aabcbaf4b7
SHA512 79e62ccc4236162bc22ef0897e9b8d2478c1ee54d81df80606fa1b468e69fac71550aa9a479756929a50f6982d0a32947b9ccc075818c7423dd9aa8a7beabe94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 159b989fdeee7b960807e2626696f8e8
SHA1 beee6525425f15de079f15c974110a76925e23f8
SHA256 62d4ee9f4ba027fea99258b17441bf35add52816b10611405e2d46d11f4e5db4
SHA512 ef9fdd479b4cbcbf31e24f2a5bad8929009d1858c614e15d5812563fb392fd675082bc2171ca9c9ca1203cd33d75f6852ba10e5159fde85c45991ef7671c4f40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 53370633db64827fa14adc0a4790f970
SHA1 5735422e9c25b6b7c41db7c9168bd32823e68ebc
SHA256 44cb96cee85ea34ef63f38d11e8aea26b6602c1952a6ec5df60cbd128aeb575a
SHA512 2394bf3b71cf6ef124af859df99ee15a54402902f7c22dcf4777a3be6770f3cc3d1a95d68adb58e28ac7a98b88ebd6128bedc15f68a0891e46e128e8cf44041f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9603caf9eb10a54193fb11f6a004d653
SHA1 26a2812750ab4b83e0c7f00d9965c7f96646890b
SHA256 3e11ae2f688e34455c646720405bdbb5aadb002fc205751825f72e113023cb86
SHA512 5ae7335989a3b491a157a5a8da311ccdc2e52e015bd64609998e32e524d4fcf8136ae65240f47f3efce7193fb757a107bd28dfe7136f5f200cd9a2df86447037

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 00efcefc2f8a938ff822ca1da8b571d1
SHA1 6e378bbd5fdcd34599da6d4c09498d2bab398569
SHA256 5c9e542c0f40e08ce0a2a364e509d6237115a527774bf9a12aef96591f289d27
SHA512 c111cd64307388b3083c02f4a84e0d3ee0635a15f4f7999dd303d1641bff2db01fe1631de4c81318700cf2c6e30a5ec18f6160673c70dd7d2a96c52b2b48ea09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e5cbf8cf487b30a30248cf94dae69c22
SHA1 85f1bfdfe316332a0a9ea387c0e70a7814ca0fb1
SHA256 70503e7c7497edcffa2964d29a9b19dfba9dccc56011a7b363b5a478db7b73c8
SHA512 cb4e8f4e3a73cbe5929a290dc6f24cbcbe62de7601d459a5112d7fb46c1fa6ca4bb0964f6c21d4f476a9c84113a3d3803a7e2ccfd8e84806b5236aea136facb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3a0d1082f04f4d85a991a84dad842dd0
SHA1 9c54c0a6e11f202b7f5bc6e23514cb355f2460b2
SHA256 bfe96503ac8d72f846561564224e6db96cdde1c62e100e64618b0bc8152c97a4
SHA512 1c6847476a8c968cd1095c43f8ba5ceaf09a10a1958588b4ce29f6c132a25f2aa613694a937059414a65bd6a2b70d259571b62199cb79534a0728067fade9f9b

C:\Program Files\chrome_Unpacker_BeginUnzipping2540_232184174\Filtering Rules

MD5 6274a7426421914c19502cbe0fe28ca0
SHA1 e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc
SHA256 ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee
SHA512 bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

C:\Program Files\chrome_Unpacker_BeginUnzipping2540_232184174\manifest.json

MD5 4c30f6704085b87b66dce75a22809259
SHA1 8953ee0f49416c23caa82cdd0acdacc750d1d713
SHA256 0152e17e94788e5c3ff124f2906d1d95dc6f8b894cc27ec114b0e73bf6da54f9
SHA512 51e2101bcad1cb1820c98b93a0fb860e4c46172ca2f4e6627520eb066692b3957c0d979894e6e0190877b8ae3c97cb041782bf5d8d0bb0bf2814d8c9bb7c37f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ac069c54757c8a992c7c86b4933ba422
SHA1 8d7e0c4bfc6f83dc86e60361a4836c747d3b51e2
SHA256 038369daf6b0497923b041360fe51c5c70486643e517e6c8cdffeaa46dfaf918
SHA512 0f3bc586530a48943afe783765128d5a042e6a221657c7691e35cecbd0cdff49ab5fe0d6aa1a13d89d10ef61029fa378c5ba0331d1f5f486563672bd9f9035b6