Analysis Overview
SHA256
d2d0d8b7a3b39102006b0e356c6d65e5938842055914f3769a3087e0b0179895
Threat Level: Shows suspicious behavior
The file 0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
Checks computer location settings
Executes dropped EXE
Checks installed software on the system
Installs/modifies Browser Helper Object
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-22 05:18
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-22 05:18
Reported
2024-06-22 05:21
Platform
win7-20240508-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} | C:\Windows\system32\regsvr32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\zh-cn\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\el\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\proxy.htm | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\ui.css | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\sk\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\desktop.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\msg_error.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\no\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\zh-tw\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\updates.htm | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\waiting32.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\tr\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\bg\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\32x32_upd.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\confirm.htm | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\roundl_g.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\pt-br\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\fi\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\pack.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\ui.js | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\gth.dll | C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\cires.dll | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\gapps.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\history.htm | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\preferences.htm | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\Readme.url | C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\ci.dll | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\da\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\waiting.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll | C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\it\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\ro\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\32x32_ale.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\installer.htm | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\maintainer.htm | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\minus.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\ul.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\ja\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\pl\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\gtn.dll | C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\ci.dll | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\hr\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\ksd.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\shield.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterSetup.exe | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\sort_up.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\sort_down.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\nl\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\ru\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterRestartManager.exe | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\es\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\chrome.png | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\pack_large.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\plus.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\progress.htm | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\roundr_g.gif | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\Readme.url | C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\de\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\en-gb\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\fr\cires.dll.mui | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\lm.htm | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\Google Software Updater.job | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33C5A07A-9CD1-439F-9D1C-C4F5F7C899C3}\AppPath = "C:\\Program Files (x86)\\Google\\Google Updater" | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\AppName = "GoogleToolbarNotifier.exe" | C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33C5A07A-9CD1-439F-9D1C-C4F5F7C899C3} | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\AppName = "GoogleToolbarNotifier.exe" | C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\AppPath = "C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier" | C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33C5A07A-9CD1-439F-9D1C-C4F5F7C899C3}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5} | C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33C5A07A-9CD1-439F-9D1C-C4F5F7C899C3}\AppName = "GoogleUpdater.exe" | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\AppPath = "C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier" | C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5} | C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib\ = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A1F53A-DD98-42A8-ADBD-8D9CE5434DF4} | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC510299-CC32-4464-9BBB-3709A9145F8A}\ProgID\ = "InstallManager.InstallManagerCtl.1" | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib\ = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\ = "IProtectorHost" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\google.cominstctrl.14 | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4DDE3DB4-8A87-44E1-ABD6-1D58096BDF4F}\1.0\0\win32 | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ED6F706E-7797-40B8-AC90-F6DAAB917C90}\ProxyStubClsid32 | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.ProtectorLib\CurVer\ = "protector_dll.ProtectorLib.1" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.ProtectorBho\CLSID | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib\Version = "14.0" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2212951C-1623-4095-906B-AC50B8F91016} | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9} | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}\ = "gusvc" | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A1F53A-DD98-42A8-ADBD-8D9CE5434DF4}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDDF654-73CF-4E1C-94B1-50258DA195E9}\ = "IHtmlWindowExternal" | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\AppID = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41} | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib\Version = "14.0" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{33C5A07A-9CD1-439F-9D1C-C4F5F7C899C3}\InprocServer32\ThreadingModel = "Both" | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1\CLSID | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1\CLSID\ = "{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\TypeLib\ = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.ProtectorLib\CLSID\ = "{84798B8E-69F8-4846-9516-373C2996E2F7}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ED6F706E-7797-40B8-AC90-F6DAAB917C90}\TypeLib\ = "{347D20CF-2DD9-4789-AB9B-489066C3DF94}" | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.Protector\ = "Protector Class" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.Protector\CLSID\ = "{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2} | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\LocalServer32\ = "\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\HELPDIR\ | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AdminPrefsManager.AdminPrefsManagerCtl.1 | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\AppID = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib\Version = "14.0" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF2A86CC-90BE-453F-95FD-140F8CCFE558}\VersionIndependentProgID | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\Programmable | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2} | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC510299-CC32-4464-9BBB-3709A9145F8A}\ = "InstallManagerCtl Class" | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D} | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32 | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\ = "IProtectorLib5" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler\CurVer | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\google.cominstctrl.14\ = "Google Updater Class" | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\InstallManager.InstallManagerCtl.1 | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\VersionIndependentProgID\ = "protector_dll.ProtectorLib" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\ProgID | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib\ = "{5924C60B-6D7F-4AD6-8084-24A59431C967}" | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF2A86CC-90BE-453F-95FD-140F8CCFE558}\LocalServer32 | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.Protector\CLSID | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\ = "IProtector2" | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\ProxyStubClsid32 | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\ = "IUpdaterScheduler" | C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A1F53A-DD98-42A8-ADBD-8D9CE5434DF4}\1.0\HELPDIR | C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC510299-CC32-4464-9BBB-3709A9145F8A}\AppID = "{710B4D30-E6C0-43D9-BDEB-C3F7918563B1}" | C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\14.0\FLAGS | C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdater.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe
"C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe" -install -extra flow=RegularPack&r=ci_avast.ru,ci_earth.ru,ci_gapps.ru,ci_gds.ru,ci_picasa.ru,ci_tb.ru&brand=GPCK
C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe
"C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe" /install /appid=GoogleUpdater /auto
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" /Service
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe
"C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe" /RegServer
C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe
"C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe" /RegServer
C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -restart_ieuser
C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe
"C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\..\SearchWithGoogleUpdate.exe" ci GPCK
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" /RegServer "/dll=C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\gtn.dll"
C:\Windows\system32\regsvr32.exe
C:\Windows\system32\regsvr32.exe -s "C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll"
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" /install /appid=swg
C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe
"C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe" -Embedding
C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdater.exe
"C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdater.exe" -trampoline -t "C:\Users\Admin\AppData\Local\Temp\gisf76190c" -extra flow=RegularPack&r=ci_avast.ru,ci_earth.ru,ci_gapps.ru,ci_gds.ru,ci_picasa.ru,ci_tb.ru&brand=GPCK
C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -t C:\Users\Admin\AppData\Local\Temp\gisf76190c -extra flow=RegularPack&r=ci_avast.ru,ci_earth.ru,ci_gapps.ru,ci_gds.ru,ci_picasa.ru,ci_tb.ru&brand=GPCK
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -Embedding
C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -checkup
C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -checkup -httputilsonly
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pack.google.com | udp |
| GB | 142.250.187.228:80 | pack.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.228:80 | pack.google.com | tcp |
| GB | 142.250.187.228:80 | pack.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
Files
memory/2196-0-0x0000000000400000-0x0000000000971000-memory.dmp
memory/2196-1-0x0000000000020000-0x0000000000022000-memory.dmp
\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe
| MD5 | 547e469e9a1523c023f0a804abc5b2aa |
| SHA1 | d9b7f38cc715dadcfc89dfff13f7ab809ad2f3e5 |
| SHA256 | 4f17aa155f4de16d94f2da6801f4a4e90f11f2e4b00e7cedcc77897337f5437c |
| SHA512 | ca70153a47562947de49b0ed4cc160f7a10e8c0173bfbd90452be0197c8cfa0f8bf7e72d9d0d674f990370832b29d9916cc9c26372fd14d7be364316e660cc44 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\cires.dll
| MD5 | 3401937394123fb7f2cb63208453bb33 |
| SHA1 | 142abed73f49431b2da4aec63ebe644ff2bf9bd4 |
| SHA256 | 23eba0629eb0317ab99153bc1a7a6746c478aadb80b5cb24d0d6051d1d294edf |
| SHA512 | c29ced7cadf19d9bf7a465ba2f60aa3438934b11876187a7e329f4a5eae7651c005d41fcf276d7230769ed2bfc7128bbf0e54064fd9188efeed0629f3607869d |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\en\cires.dll.mui
| MD5 | c61ab4bc4cf356b1a94dc79f27458d7f |
| SHA1 | db5472f9d6206919ef1ed4674a2491e027a3568b |
| SHA256 | d0b847decbb3a1889168514cbef25f58bbd44035ce6dcd7c11bf61ccc560092d |
| SHA512 | 6d92c49f1039748a5e2b07ab6aab7f38bac3e42b7417b07080006197b04bc07dc33eb672822eb41b63b7e9c4e3e0513ee67309157087976d9d78d38109fed2ee |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\ci.dll
| MD5 | 0bae4c62103c27e071d03b8bc6bd55c9 |
| SHA1 | 30def83de22ab970e2c17eeb39ce48bde89c3552 |
| SHA256 | ae6041da1d658b5a5ba07da2614318866907c5c3bef671c0f6fd9e557afed8dc |
| SHA512 | c2991c27497611b275464f00ab6bae59d92c25108359bf54c91f3a6ed9e2bb89a657468ec88abbbe4bb74a25add4cedc80bbb4707cb9909da49cf7d863295dfe |
memory/2168-84-0x00000000006C0000-0x00000000006C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe
| MD5 | 5ea52c95490ad311202b5d64b5b41fa5 |
| SHA1 | 21c376e847836cf614c52b02354736c9e6021cf3 |
| SHA256 | a84bb9f9dabe6a324891222e36fec3e89576a19989564dd4107fcbb9b6746232 |
| SHA512 | e084ceba0d3e8e4a70d9ba629190293d960af252a9f1e7667216e000d69f0a16b1e716a465ce128ee573d985dfde8497bf939f93bff9e6977cc23799b1d3cf8f |
\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
| MD5 | 156d0e674372ea396fd2760ab54c362f |
| SHA1 | b5e77449147cee6f58faf32a7b2914d0d7e4a8ba |
| SHA256 | 41883f7733e221125dc90236f3c0bd281b4e73fc5191d5a06d38c8f41c4223cf |
| SHA512 | 03b700144d8bc97f9d8764ed28e0ca07eeeb5d5b74998471b09da1ebd6eed24d46eb759ef36f4e45f3ab16f48cdf7befcf7461bc131467d85384cf5ff1b41cb2 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe
| MD5 | 5cf1fe737d3bff956e107265ab3e2e7e |
| SHA1 | 8f361f8db39362de680def901726487ebd88ff35 |
| SHA256 | 3abaa24bc5817e5f9278e2bc2718d5a7a22b1617044e79e52d53db91399f2c07 |
| SHA512 | 3fb3b5696026cd0a4cb178538025823c4f780931ab56bf06001f8d75ffaa62add17ea5da6ee068f8236df4822e289df18e09ace622e294873799ffb24f434a4b |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterInstallMgr.exe
| MD5 | d0a8e56e3eebaca5152e5c6a07f81e28 |
| SHA1 | 069e362f312c6460148384a741410dba051ce599 |
| SHA256 | c95f1a631537c2b94fa353af52c059bf270183e8308b58409dcf0f39acc251b3 |
| SHA512 | a0f019fe8bce9fddff3694b3c01bd2068925504c006f98dfbda30092c569557672a2e62673bd6b9683de684f1933715323084a10167b1e00e4271db23c5a8c1f |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\npCIDetect14.dll
| MD5 | 35a98b1e345f411f8bc864d673794b1a |
| SHA1 | ae150bb647fc73b8e34f01cc8b30e94b64dbf1c5 |
| SHA256 | 8352ab24c522704063315def1c000c6deabc2c76b9ac37735f18a2a1b842449a |
| SHA512 | cfac79cb69e2f0bdff540a9d22a99cb42b2e5919ee5a0e99c56a67acf4fcce8c0dd7c69e4397bffac2fc70b41c19085ef9a7ee470af5f5dfa6530cca83940537 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\bg\cires.dll.mui
| MD5 | 231b860657e6c06e05d763522a099a39 |
| SHA1 | 088662d52ab6ee91d2265607c70ca56e189d7fa3 |
| SHA256 | 1ec822ad3b5b644a9d79e7f246dcfb65ae352b58347e97ad3967342fe2cf7385 |
| SHA512 | c8462bda05b42a6254335adbac7c981d02e0005ea4e8b10bed90a1e4015e16d41018e3e50b87eb4b55e46fbb6ed94bb8bb9f0c876f5c19fecd2c8752c02c5705 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\cs\cires.dll.mui
| MD5 | 704c3c27a26efd9573c78316781e4216 |
| SHA1 | d51317f55d3b308385d1ce03f0ae88950308333a |
| SHA256 | 971871c74eb1bf10fbdb04c3fa6c9202fd3ebf33a67d948cf91a0544ca5a563d |
| SHA512 | 5011bda6d68a52dff68db6474215efd55475cb238c6ec857b214985da9ba7a9a51c37f98096fe13701fd16d6c82745e1c01656c86b1f594f272d46bb651e5475 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\da\cires.dll.mui
| MD5 | bbe344da2d28f22a1735e2bad0a1d707 |
| SHA1 | 3cd1e52ad2debfc42f63bcca9e34511546667bcf |
| SHA256 | 7e070cd2aef4d1c83ada1a606bfd7ab70a953f6a4b51fcb0a55d198ba6bcd131 |
| SHA512 | 6ebc3d04b41dabc8681c206811d540b35e343a64b779ae66515ffaf59a7885ce9a63c7f8216a271370a4a205a6eb0645d91997fd86e3a4dec5e9c931aa7eb1a8 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\de\cires.dll.mui
| MD5 | c754882b7c4330ebe45d41ee19fc5ae5 |
| SHA1 | 6c1d78e9e0aa0f7f73332e59155ac7684adc58af |
| SHA256 | c3569ce79ba7725793ca2fe291815e9c8c3d56b3f3b21bee52353a9b8f4f41e1 |
| SHA512 | b2e0cde5f09672b1d8ab718257f1b8a73f796607f5291ab6d844cbdefcc3afa86bc1166d36e77ff0620ae0ec6ea1057ab72c5c2bb529337705a7685656f12f00 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\el\cires.dll.mui
| MD5 | d5befb3b98ea94d6b85434961a2e78a4 |
| SHA1 | 045e495e6c0c1ecbb12850271f70d2986384d28b |
| SHA256 | 7b244dff8178a93b1c088213d50defef85475977fe366c6873b30adcc9e5c643 |
| SHA512 | 8d5beb9252dcabfb451f75c9994ab4e3657ef862ddf544839620d6ab23cf70e2c434774e35a776a03950f399f75b02676bc9eb17f484be2c0a01966a3bf0477e |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\en-gb\cires.dll.mui
| MD5 | c6948f2040c8486735e9cf9ab155311d |
| SHA1 | 24e61069a3c72b8b070fca56e03efa57ffa0efb4 |
| SHA256 | 1e0c7d903f66d83a132dac9af7c6b62733506a119549402c22cf5289fddfbe93 |
| SHA512 | df4ea46c7afd24f94c24609bbd870102f718b498b0735b484e30a9a5e9377a204da877342055967aafa4e5a7b3634a41244e2740b2df9003bb8a42d5c55166b1 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\es\cires.dll.mui
| MD5 | 665f4c8adf63c5852479d25918703ab3 |
| SHA1 | afb1b9376712524830092905c845748a0417e948 |
| SHA256 | 4cf0addfb7230edfeb69860b07e791a78783d3945f268bb07c3aa4fcf8ae0fa6 |
| SHA512 | cc83983b67ea2e45e6ba3ae2517473dd914896414a08752710750fd50de49de5c3f2606e88835a95c0a0918b6738410f344e7f79b5e0ec3a971a1fb92961e514 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\fi\cires.dll.mui
| MD5 | d8d2d89496a89cc75a00d0d58be55aa3 |
| SHA1 | f0edbb9b64554f62879d2958a1cd4b1b89182d5a |
| SHA256 | 88a0688dc7d68436c0e2abdebcb6bb6191b21093dce4f6b542ab8a5a67f9117a |
| SHA512 | 4d1b02ab6ba94f8e5e3ff6a60e3e464eaf0ba7e5c151ab1081232f73152b5e57fab88c643b85a1252d303c5362dae480b5d2ec57f3e6b368a3209575c29e87b0 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\fr\cires.dll.mui
| MD5 | 96314dcb209502aa34957e9259c841cf |
| SHA1 | 1006d25d770b6d3a8b9483c4b2db925754c359e4 |
| SHA256 | 6a6fc73827628437b2d6bc2eefd279e4e7a56bed7c404e365403ffbf12fbbe30 |
| SHA512 | 27de9dabb204ea3c7d3f55327f89697eb5068ac42703815f4f27d34c45c5b207c404ffde75fafd1677ee17ee63d8f3cc820ad1e4a496b1788b7e0706bef9ed6f |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\hr\cires.dll.mui
| MD5 | 3549a7f60086eb93b4277fc8f036be45 |
| SHA1 | fd9034902c7cb218459f5139d6d26e99b321f37d |
| SHA256 | 8ff120253348530e3ef57380dbb24f39d95e90b14f3781e34daf181b1117ae08 |
| SHA512 | 204e499ef2a53bd239db1fccdaa9e0403d132f1a448d55374bc2de29349b7cd071969ec969bbcbb384f68c5130695445174455fb1902009b2ee75d117ee26d6c |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\32x32_upd.gif
| MD5 | 079e7fdd1a87aa2f616fe79b0c14311f |
| SHA1 | 8a8e328a6fd2afad809840203599c6f010769a30 |
| SHA256 | 9cc118437e2d4b9fce0fb27e22ca964fcb1f59c831fcda8a9c7c632386d90538 |
| SHA512 | 28851610c38a8cd4ce0ef590e18141576afea1c6bd7638933588f6c18866b2c87d5a0954b4e1a83ca7856dfa56560a38af36aeb73e8bbf3ff6d24cfeea857091 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\32x32_ale.gif
| MD5 | 3016dc4fedde96f894899d470c02aaa2 |
| SHA1 | 02c53fa2891c568bfbf2237ea2adfc51fba2198d |
| SHA256 | a8db92ee020302b1929e388db9d54e0f8408dcda102016fbd29f2bb3ba0133fe |
| SHA512 | c147063bcccad8fe4514ba109e457ab83df444434cdf0bc32905ace783f2d0311668ec14869bff36bc339227fb3fbb825a100fb2dac937217c2df0d1abf3364f |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\confirm.htm
| MD5 | 944f1e2e94804b91add2b74e9325fbb4 |
| SHA1 | 984b5024fed3400608271c5394e8addb3a02cc6f |
| SHA256 | 0daa20705392261164fc479ec5efd7d612318544835422aff74086245fa1d816 |
| SHA512 | feef4c32d5f8aa0c363e4ef4e72ad78ca1b84e3038b4ce595c5a41150cc8435518eac2b84144f2d32d903350ebbda066d9d3bec1d9863c04f5386b15aaae23e5 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\chrome.png
| MD5 | a66746a87ec143f6bd1a65624683e4ef |
| SHA1 | e12bc8540298ee47bbd2925c2305710cc6177f52 |
| SHA256 | dbe9549f032c37e3e38a16b1ee40bcbd8a310e577f907d7330224a2db9054aec |
| SHA512 | 99c3d2eb7cf40fc320ab34aafd1c5e2980f6cc542f270d02182bc0ced5b6902b7cac7a99f0e5d35a38b39c0399d344c7b50864ab419e433c20b92fe060e63809 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\desktop.gif
| MD5 | 7f6444ab386eb04027a17abcfc5c17e2 |
| SHA1 | 60b9c164593ec04a3c41fa413240b4a4745429a9 |
| SHA256 | 35f416b8e480712245617391a850342ddf9bcb91fe21ea34e6740df236b28bcd |
| SHA512 | ac03c75dd79a817cf83df7ff7930893ada95fdf524bab6e73042be6c7d1b679ffa0ea3d5c7b776c8cf132ac178e03161f14e97dc8c961b92b4beee272bd5744d |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\earth.gif
| MD5 | a23faf1af4a5d3e59ddc2a6f58e1ff21 |
| SHA1 | 43f72ef804ead2c15d050aa8a017f83fe97e9d48 |
| SHA256 | a3e7ec663e41b93debad80d05a827528539c4953b4ba7349ee6bce678eb58e11 |
| SHA512 | 86d2ba0fc0facb1a18e7b4db4c780c3404ce3c02434e98171d83aa94991a0863b236d528e3da1fa41b367e04ebcfe5d47b99b97fbdbb724c05a960db1564c007 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\history.htm
| MD5 | 452c8330ad48e551373cc9e84809b16b |
| SHA1 | f48ca7df54c0195d31f40f1963f8beab4e1e2ba7 |
| SHA256 | 0d7fe0c0e1163b3fe0f30e0b6d7a1501415d588f03af7274d7a6eab388b33d73 |
| SHA512 | a8813bd1772fdf5459c701752a35fbeb3d6c165f1244423eb43a7884028adf276db4e2465c6984b7858a900ffa4b5350599c82c28ecbe83a06ef4a2b77b734bb |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\gapps.gif
| MD5 | 56129137deb45657902e775bc8ca9f55 |
| SHA1 | dab0de7087ce232d9d35aafe9c7568a7c291a14c |
| SHA256 | 6b13f28c2fe14b06b42668960762315887f4febb2ad6af7f24fb42b1ccdfe9f3 |
| SHA512 | c0606e2d7381edb89eb1fec494eca6574552c35ee4e28683cc4e78d011313cd29c9c7078b068a16fbac52b17caf7f30c83feb2a2b7235f4a8667842d4b2fad33 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\installer.htm
| MD5 | 899e7280e2367564b742f3b9e0372813 |
| SHA1 | 434cddefbc8f7b9d29632ca897e7e8336ee1b3bc |
| SHA256 | 8620a98235ff0e173e454822fde8ea5d1418066328ca4d01ff9cc63b488289f4 |
| SHA512 | 0cb9dd40f7cdc949234657c6cdc8534069600a77bd84149f063c098038e87d4eab5a4eb27881dca55890e224e511ccd6db0b0ff70a2c3767cbabd003654dbdbe |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\ksd.gif
| MD5 | 1d13ee1a6f70e643bc7706dc2a06bd57 |
| SHA1 | 32dade86e31deb8053bb213212e4e671bc2ddfe6 |
| SHA256 | 3e6d8041ede1c501930389345a333bff5748de53e5a1d91dac11a1ad02b644b0 |
| SHA512 | 78b57ad374a88201bd11f640b907d727858132eb9779928fcaf3b99ba7f2ac369b7093ea2bb6704973f48b27dd05f248953faf95f512872480658e6b72d9f63f |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\maintainer.htm
| MD5 | 5187feb8a3c4f418994e62a0e2a03134 |
| SHA1 | e132e37ea144485571cdf66dd1e159e0ffd96b29 |
| SHA256 | c8911c61eb22e3daa5bf176d91760e1454b5740f36f08de570f32d7436a7857d |
| SHA512 | 3915b4c4d4d6c581ac085de1ecb7417a3caad80d6c788af4e918d97ab84223d3f50f3cf90b800d685ac22a95ff16dc786c96c931bc6a7ea1364194a0e9ccb06d |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\lm.htm
| MD5 | 9ae8da9484a4a96edfb4f07a7c5428b6 |
| SHA1 | 06714e160121f4e612c85dbbc2dfef01ae01d45a |
| SHA256 | 74c79a4323c6527b6d95ad89ebb4db566e8dfc546b2bb28bd20dbcfd3a63303a |
| SHA512 | ea2c6b928a1a29ea7e2afd4ed76f58a3517f3f4fe6014d2244c7cd54c373a831e8d0f497458d42873770c070ce71cecee7beda9cb89eea7a9709e5d92f6b8716 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\pack.gif
| MD5 | 9d0c772924d2efc3636b9a33aa07866c |
| SHA1 | f88b1df9b8f46e93839738c97ec2cc811b6575d0 |
| SHA256 | a91fd089a6fe90e6e7e155679036424f8fc5e8e2e6adfe8c7092721c78a3166c |
| SHA512 | f7c509c4f3b96887296b5e758b0f052be7c191e256b869f2faececa18ff77e15a4b3b81774c6739e6b2f00d91091674757df772402b77ff74eb6f20d6a93ab10 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\pack_large.gif
| MD5 | e2ce62539e09b400415f5f7edf15059c |
| SHA1 | d5afb84fc82400acd7e67182ab6244344ba340d2 |
| SHA256 | 43b67a21af12b1165d6a34301839a52e20b27ae5bef01af0426bc9a4e95f5922 |
| SHA512 | 7242e5896b501a8c0b3d099df80cbd9927219794c5cf851df0808100621a76c75fbd1c4c74a9f6f18d4dca35cfd9f63646cbf9198f59f3751c73b1c86edc7998 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\msg_error.gif
| MD5 | 705eb0b2fd9061906cba3423e8a62842 |
| SHA1 | 121b92a9030179a6aeccfe26843f368dfd63f113 |
| SHA256 | 44f118476b46ce06b72fe265454de44235766e0760dcac608ef794824be8fa4c |
| SHA512 | 06b067d49a2f7719276879061d06be28be71876760495b22a5598f1768e07de49a6c05db49e4ef3eb3dea2287f99c2f259a9edc05bc717b89d0a910a31485026 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\plus.gif
| MD5 | 621b0cadcc3562b5fcb7942394ec898c |
| SHA1 | d4dff4cbaaf86165e68cce1432f3b4480cd7a168 |
| SHA256 | 603f8becdaff32dd78858babe0d9f2d455225aac408316cb35fe3413a9cc1a6d |
| SHA512 | b900ca13c24d9b3fe7de570f8abf88b6b636430f2f407830c38830b6fb15f9ef0124dbed16aa29fbfefc6b42511555d5406c072422dd281932b1b1f5b6d74e9b |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\picasa.gif
| MD5 | 03ebe51d7b1e3df937833a031ffe3e20 |
| SHA1 | 858a7ecc77485349dbd6f76dd9282f42c6838442 |
| SHA256 | a7115faccd5c38503d8620543d5fce122f0588e2038044fc3a0b088dfcb37124 |
| SHA512 | 75a654477c0c67d663fbaf541b1f3077ab2b00f20c81f5129ebe1bb6e9ed6f7d999cfce5e66b877e57b2384036afbe5f8b601e8b32578bdace37254e0c9adb0d |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\preferences.htm
| MD5 | 10217efd664ca98b036fd3b67b94b936 |
| SHA1 | 9830028205a9d713e7ab5bccaeac3c04732a5406 |
| SHA256 | 0c881919714603116a3d5356dd72ce123c760fe38e60cc514d5b56bc2f64da4a |
| SHA512 | 175453aed6b1e71db6d54e21acd3035cdd6b559cb21be7c547b7d2a00885a277a61029bed69b6d4674e4b7b73d3f3d186bd4ac60e93222eaf5b052beb26ec112 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\minus.gif
| MD5 | df9a7fd7d1c3b3f0144150304c5c823c |
| SHA1 | 1ec66d70c2335b3c3a0e379efcc0aa57ea793af3 |
| SHA256 | 9fb09fbb5ca7843be9bbbc2de92c116366fa0b6961dce9f5e83d3f2eed22ec26 |
| SHA512 | cc2dc986afff3084dcb7b9fdfa5b57fdb79382077a89182e1c0779f78c8ef68af0a847327e2492d4f6690ecbb888bd834f095095cd96596da397cca4f986a0e1 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\progress.htm
| MD5 | e974a0bce96bc29cc743e3ce0eef470d |
| SHA1 | bd51db4dd4be66aa4126af9c4d905eeb6897dec3 |
| SHA256 | f774e1ab5d1270e2a7bf66e17d1959ca780fbb818c9da8f9a092ffd83768a583 |
| SHA512 | 35059c5df21bdd43e7d6893940c9e778b801b197fae9ab29b6cbde816703a361a3aabd7984226cdbcee619f83934c12b1631181f3d00bafb9b28983b428ff6c4 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\proxy.htm
| MD5 | 9131d00d6b64226d99dcfcda6399c1de |
| SHA1 | a23fb17afdd5b089b01d43b0aedecf0338826115 |
| SHA256 | 59c28d482684773dbc7a33210cc4fbfda098d250435262f670815a4d4f4f2d73 |
| SHA512 | dddf5103696aa7dd5f2ffa264197c588593cab0ba06ba7a5d058dbc4679f532b49b5439fcb27479eb05b8d2803edbae6a12594ac3673a08caeead9b25f9ff037 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\roundl_g.gif
| MD5 | 25da733e8ee741575f219c452e4a6692 |
| SHA1 | ee59c7ec31c5e19bbb59ea44c0f7cb496086717f |
| SHA256 | b6e607065b851a03b26565651e73fc690c81a3e3b0a0f0e8e8472ee81edeb530 |
| SHA512 | 1402e2c5347eea7cb52f89759cead9af5d96a7dcf15bf09921c8ad0b15f6dad0ec530a0c9d7900f5682762ead1b409dc49be4727ed9fff7837fa9bca6fc1c9f7 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\roundr_g.gif
| MD5 | 0d3026a0eefda382ce895c55fb4b35af |
| SHA1 | bf19459ab6768c401c3c9de7f7bd40595fa6e9bd |
| SHA256 | 9a5e692e7c8e1a2ac636e07daeb95744f59833bd4a273876993a7d964b2aef59 |
| SHA512 | ec913026313cf1318a34585df9434af190ecabe088fad9d6e51083072ac3f07862a7e31a448fd716443e6a77407f8d1b20db218aed5e1f3effb60db7258085fc |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\shield.gif
| MD5 | a44df8d7646886fb4774ed4c79ab362e |
| SHA1 | b05a5d579fc0546463fffb433240574168e39db0 |
| SHA256 | 4468123d622f908c150684651c311cd642d0889f12e3c34333ffbf245dc7ea0c |
| SHA512 | e4c50c20e30a2683fc6557ff8bead2af1f171980e7582bdc507291ac80f419bf3961152b45294e17fb94cc507f7540f980130064b6e022285e71dfbeaa01a522 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\sort_down.gif
| MD5 | dcd0922cda7ae60fa6018e7da41d1b32 |
| SHA1 | 4f28c67a69acd53054c1bb04f8ffa91764b638f7 |
| SHA256 | 7449eabda30c41caff4f541b181f18af3516fc2f94e45fae005a60028fd73a9a |
| SHA512 | d17a2614bc5d00bfd3fd15a75bf5246dfdf7fd06704c4d6819c44688116f22a365088bd3c427fe565a01b3599294bc7e6089a1039d8ac414b409691afceac01b |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\sort_up.gif
| MD5 | 53e148642c0f3b83f46c9ac4a8edaef2 |
| SHA1 | 561ae0d6059dd6b0e9311daeafac226d42ffc6d7 |
| SHA256 | da6f9def644dbd944890c3d9d1c0b3307ae4f9060bade32004bdfe8a7fa8abf9 |
| SHA512 | 993e716ff32622658c02bf30bbe761140d1306e644c5c7033b0cb566ed09f8b90513c8194c97a22ccc7f74a768f203fd1cb85dc584f25e1ef51ea3440f793a44 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\talk.gif
| MD5 | b96525a2bbdac6c8cf83b77585d32d9a |
| SHA1 | 9b3ca8db7cfbc73871076916e3ed462d05fa6cbb |
| SHA256 | c466699df0489391b83d1993339b9563a18c27425108037ffb67c79cde9c95a8 |
| SHA512 | 54fc4fd845c1a371f5286a9c6f2bfa27aa821ed0e2c90e191dc4815887cca7f7ed36c6b79785e4ec667684eb7b8d999393a19e941e6f7354dee994ff27e3551f |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\toolbar.gif
| MD5 | e3a36c4565e7331ab6e56aa521657cd8 |
| SHA1 | fc2dc95bb8aaebcc1f1f02cc0b7b69f90aa0f217 |
| SHA256 | 79d3b59b077d81a9565d27d3d1de37a546953a4798d20408df2794c8570a3043 |
| SHA512 | cf232d5c9b7ab68d0dde1254c84b8013e67b7aa098984c04e8682b6a21947eaca9c07a5b59a47342c7a23955e46553c7959b334fa1e1717331489ef6c9d15861 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\ui.js
| MD5 | 2d8ded8ad43f3ba8ff03eefc3eccc192 |
| SHA1 | 543af23385cfbaa661fddc901b74fe798207f0b5 |
| SHA256 | 69f3ed6016e43750de5933511ef867cf81302669e48f44d7e9676476ef0d4bbf |
| SHA512 | 1b1c60a89b3424375c7e1f2fa64e2b9deb164c984267e5dc005017c69033c7c6cdf20038a89f701e185e071fe781e6aeffb19f7b613e86c5b898dba97dd337f6 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\ui.css
| MD5 | 1d54ec902425b93d2b58b0e7eca69421 |
| SHA1 | d8f45cb8786af62b2d0bb66b65c640e6df2577c8 |
| SHA256 | f334f12155ad0bddf0ac85df81b677f0667b7d4dddb9c2d6984425342338a669 |
| SHA512 | fa99d5da26080accdf3d29724643dacb63c58055703354cf2fb1d0c64a325fca1331339b66830539fe284d7d5c96f13d08db8799a4752a203c08aa01a4243aa5 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\ul.gif
| MD5 | 0e315ddda03a6c6909aa4a6edf380674 |
| SHA1 | f94b1333f4b6873db147486457aa5e3e6b7bfdf3 |
| SHA256 | 536ee48c799d5a1691e6b7457556eaf0ace6a1ce15df71b6d6692de6da004971 |
| SHA512 | c7358a0c1231c40caf630fb502f54cfa9143580eefa477d50b2d5fee1bf47254aefb2d9995366e021e2896720a5494183b13414b273d76f6febee187e9a44d29 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\updates.htm
| MD5 | a8987aedb9d0a38dfbf60a5dba0cec23 |
| SHA1 | a7f685ec3c0c1fff8bae4c1242e77ed45fdebc6a |
| SHA256 | 3f5d095085c4e6786c4875fc67fd4180f60fd575205ba0ea1c84f6cfda883145 |
| SHA512 | a42d68b43f0ed86af194c11338bd2f9d8a407a3b9b4981300dc4ce8dc8cb1cddf9d23432f4311c8a596fd2c6456f02a0cd1675ea1c5ee393ce25add02b157602 |
C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\ur.gif
| MD5 | 9afb37983977c6915ae897293468826d |
| SHA1 | d2dd3628ccf7ec83a0b83f0b6bc72f9fc9ce8f78 |
| SHA256 | b21410b4a327b026b0d773dc2d8424264a2dd6fd158ffe1f68b58f6a44161c7c |
| SHA512 | 99dd7dd22408d5c3fa66a38d548c0634b581c257870faaf9d95074bb66e5714e9c0dde79bf23304418e4746ec7f3e515e8bb9a73980ce85ee298f6083b9294e8 |
memory/2168-215-0x00000000033C0000-0x00000000034EE000-memory.dmp
memory/868-237-0x0000000002210000-0x00000000022CF000-memory.dmp
memory/1312-245-0x0000000000400000-0x0000000000560000-memory.dmp
memory/1296-246-0x0000000002E90000-0x0000000002F4F000-memory.dmp
memory/1708-248-0x0000000002180000-0x000000000223F000-memory.dmp
memory/1516-250-0x00000000021C0000-0x000000000227F000-memory.dmp
memory/2632-254-0x0000000001A30000-0x0000000001AEF000-memory.dmp
memory/1252-256-0x0000000002510000-0x00000000025CF000-memory.dmp
memory/2196-263-0x0000000000400000-0x0000000000971000-memory.dmp
C:\Windows\Tasks\Google Software Updater.job
| MD5 | f707d7d2779a9f28a7c0945ef7e8bd76 |
| SHA1 | d80e0a02fb38d5e6f5b688d19c342e02dcaf3f0e |
| SHA256 | 5cbad4324638130f2a2a748ab0be2d9ae773dfe44a9ae5bd163edfc215d4a1e4 |
| SHA512 | f86b4c9fb84aa4eee9f89c3448beb8032631e62e17fc776cbcf2e25eee2833ae280b4b0ff9b801fbfbc74624a7ae94f65eb1a19dae3f642e65cdefba5574040f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-22 05:18
Reported
2024-06-22 05:21
Platform
win10v2004-20240508-en
Max time kernel
43s
Max time network
52s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pack.google.com | udp |
| US | 8.8.8.8:53 | pack.google.com | udp |
Files
memory/1260-0-0x0000000000400000-0x0000000000971000-memory.dmp
memory/1260-1-0x00000000001D0000-0x00000000001D2000-memory.dmp
memory/1260-2-0x0000000000400000-0x0000000000971000-memory.dmp
memory/1260-4-0x00000000001D0000-0x00000000001D2000-memory.dmp
memory/1260-7-0x0000000000400000-0x0000000000971000-memory.dmp