Malware Analysis Report

2025-01-18 22:00

Sample ID 240622-fzqw8azdnh
Target 0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118
SHA256 d2d0d8b7a3b39102006b0e356c6d65e5938842055914f3769a3087e0b0179895
Tags
adware discovery persistence privilege_escalation stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d2d0d8b7a3b39102006b0e356c6d65e5938842055914f3769a3087e0b0179895

Threat Level: Shows suspicious behavior

The file 0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware discovery persistence privilege_escalation stealer

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-22 05:18

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-22 05:18

Reported

2024-06-22 05:21

Platform

win7-20240508-en

Max time kernel

122s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdater.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
N/A N/A C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A

Checks installed software on the system

discovery

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Windows\system32\regsvr32.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\zh-cn\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\el\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\proxy.htm C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\ui.css C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\sk\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\desktop.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\msg_error.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\no\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\zh-tw\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\updates.htm C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\waiting32.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\tr\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\bg\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\32x32_upd.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\confirm.htm C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\roundl_g.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\pt-br\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\fi\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\pack.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\ui.js C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\gth.dll C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\cires.dll C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\gapps.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\history.htm C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\preferences.htm C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\Readme.url C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\ci.dll C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\da\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\waiting.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\it\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\ro\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\32x32_ale.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\installer.htm C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\maintainer.htm C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\minus.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\ul.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\ja\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\pl\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\gtn.dll C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
File opened for modification C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\ci.dll C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\hr\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\ksd.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\shield.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\sort_up.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\sort_down.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\nl\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\ru\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterRestartManager.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\es\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\chrome.png C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\pack_large.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\plus.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\progress.htm C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\roundr_g.gif C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\Readme.url C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\de\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\en-gb\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\fr\cires.dll.mui C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\HTML\lm.htm C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\Google Software Updater.job C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33C5A07A-9CD1-439F-9D1C-C4F5F7C899C3}\AppPath = "C:\\Program Files (x86)\\Google\\Google Updater" C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\AppName = "GoogleToolbarNotifier.exe" C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33C5A07A-9CD1-439F-9D1C-C4F5F7C899C3} C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\AppName = "GoogleToolbarNotifier.exe" C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\AppPath = "C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier" C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33C5A07A-9CD1-439F-9D1C-C4F5F7C899C3}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5} C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33C5A07A-9CD1-439F-9D1C-C4F5F7C899C3}\AppName = "GoogleUpdater.exe" C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\AppPath = "C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier" C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5} C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib\ = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A1F53A-DD98-42A8-ADBD-8D9CE5434DF4} C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC510299-CC32-4464-9BBB-3709A9145F8A}\ProgID\ = "InstallManager.InstallManagerCtl.1" C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib\ = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\ProxyStubClsid32 C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\ = "IProtectorHost" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\google.cominstctrl.14 C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4DDE3DB4-8A87-44E1-ABD6-1D58096BDF4F}\1.0\0\win32 C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ED6F706E-7797-40B8-AC90-F6DAAB917C90}\ProxyStubClsid32 C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.ProtectorLib\CurVer\ = "protector_dll.ProtectorLib.1" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.ProtectorBho\CLSID C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib\Version = "14.0" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2212951C-1623-4095-906B-AC50B8F91016} C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9} C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}\ = "gusvc" C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A1F53A-DD98-42A8-ADBD-8D9CE5434DF4}\1.0\FLAGS C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDDF654-73CF-4E1C-94B1-50258DA195E9}\ = "IHtmlWindowExternal" C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\AppID = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41} C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib\Version = "14.0" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{33C5A07A-9CD1-439F-9D1C-C4F5F7C899C3}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1\CLSID C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1\CLSID\ = "{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\TypeLib\ = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.ProtectorLib\CLSID\ = "{84798B8E-69F8-4846-9516-373C2996E2F7}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ED6F706E-7797-40B8-AC90-F6DAAB917C90}\TypeLib\ = "{347D20CF-2DD9-4789-AB9B-489066C3DF94}" C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.Protector\ = "Protector Class" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.Protector\CLSID\ = "{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2} C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\LocalServer32\ = "\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\HELPDIR\ C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AdminPrefsManager.AdminPrefsManagerCtl.1 C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\AppID = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib\Version = "14.0" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF2A86CC-90BE-453F-95FD-140F8CCFE558}\VersionIndependentProgID C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\Programmable C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2} C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC510299-CC32-4464-9BBB-3709A9145F8A}\ = "InstallManagerCtl Class" C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D} C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\ = "IProtectorLib5" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler\CurVer C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\google.cominstctrl.14\ = "Google Updater Class" C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InstallManager.InstallManagerCtl.1 C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\VersionIndependentProgID\ = "protector_dll.ProtectorLib" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\ProgID C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib\ = "{5924C60B-6D7F-4AD6-8084-24A59431C967}" C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF2A86CC-90BE-453F-95FD-140F8CCFE558}\LocalServer32 C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.Protector\CLSID C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\ = "IProtector2" C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\ = "IUpdaterScheduler" C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A1F53A-DD98-42A8-ADBD-8D9CE5434DF4}\1.0\HELPDIR C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC510299-CC32-4464-9BBB-3709A9145F8A}\AppID = "{710B4D30-E6C0-43D9-BDEB-C3F7918563B1}" C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\14.0\FLAGS C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2196 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe
PID 2196 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe
PID 2196 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe
PID 2196 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe
PID 2196 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe
PID 2196 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe
PID 2196 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe
PID 2168 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe
PID 2168 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe
PID 2168 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe
PID 2168 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe
PID 2168 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe
PID 2168 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe
PID 2168 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe
PID 2708 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
PID 2708 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
PID 2708 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
PID 2708 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
PID 2708 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
PID 2708 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
PID 2708 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
PID 2168 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe
PID 2168 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe
PID 2168 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe
PID 2168 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe
PID 2168 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe
PID 2168 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe
PID 2168 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe
PID 2168 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe
PID 2168 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe
PID 2168 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe
PID 2168 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe
PID 2168 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe
PID 2168 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe
PID 2168 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe
PID 1604 wrote to memory of 2304 N/A C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
PID 1604 wrote to memory of 2304 N/A C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
PID 1604 wrote to memory of 2304 N/A C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
PID 1604 wrote to memory of 2304 N/A C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
PID 1604 wrote to memory of 2304 N/A C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
PID 1604 wrote to memory of 2304 N/A C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
PID 1604 wrote to memory of 2304 N/A C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
PID 2168 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe
PID 2168 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe
PID 2168 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe
PID 2168 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe
PID 2168 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe
PID 2168 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe
PID 2168 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe
PID 1312 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID 1312 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID 1312 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID 1312 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID 868 wrote to memory of 1460 N/A C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\regsvr32.exe
PID 868 wrote to memory of 1460 N/A C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\regsvr32.exe
PID 868 wrote to memory of 1460 N/A C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\regsvr32.exe
PID 868 wrote to memory of 1460 N/A C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\regsvr32.exe
PID 868 wrote to memory of 1460 N/A C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\regsvr32.exe
PID 868 wrote to memory of 1460 N/A C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\regsvr32.exe
PID 868 wrote to memory of 1460 N/A C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\regsvr32.exe
PID 1312 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
PID 1312 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
PID 1312 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
PID 1312 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe

"C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe" -install -extra flow=RegularPack&r=ci_avast.ru,ci_earth.ru,ci_gapps.ru,ci_gds.ru,ci_picasa.ru,ci_tb.ru&brand=GPCK

C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe

"C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe" /install /appid=GoogleUpdater /auto

C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

"C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" /Service

C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

"C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"

C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe

"C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe" /RegServer

C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe

"C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe" /RegServer

C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe

"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -restart_ieuser

C:\Users\Admin\AppData\Local\Temp\gisf76190c\SearchWithGoogleUpdate.exe

"C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\..\SearchWithGoogleUpdate.exe" ci GPCK

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" /RegServer "/dll=C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\gtn.dll"

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe -s "C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll"

C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

"C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" /install /appid=swg

C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe

"C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\GoogleUpdaterInstallMgr.exe" -Embedding

C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdater.exe

"C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdater.exe" -trampoline -t "C:\Users\Admin\AppData\Local\Temp\gisf76190c" -extra flow=RegularPack&r=ci_avast.ru,ci_earth.ru,ci_gapps.ru,ci_gds.ru,ci_picasa.ru,ci_tb.ru&brand=GPCK

C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe

"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -t C:\Users\Admin\AppData\Local\Temp\gisf76190c -extra flow=RegularPack&r=ci_avast.ru,ci_earth.ru,ci_gapps.ru,ci_gds.ru,ci_picasa.ru,ci_tb.ru&brand=GPCK

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -Embedding

C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe

"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -checkup

C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe

"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -checkup -httputilsonly

Network

Country Destination Domain Proto
US 8.8.8.8:53 pack.google.com udp
GB 142.250.187.228:80 pack.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.228:80 pack.google.com tcp
GB 142.250.187.228:80 pack.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp

Files

memory/2196-0-0x0000000000400000-0x0000000000971000-memory.dmp

memory/2196-1-0x0000000000020000-0x0000000000022000-memory.dmp

\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterSetup.exe

MD5 547e469e9a1523c023f0a804abc5b2aa
SHA1 d9b7f38cc715dadcfc89dfff13f7ab809ad2f3e5
SHA256 4f17aa155f4de16d94f2da6801f4a4e90f11f2e4b00e7cedcc77897337f5437c
SHA512 ca70153a47562947de49b0ed4cc160f7a10e8c0173bfbd90452be0197c8cfa0f8bf7e72d9d0d674f990370832b29d9916cc9c26372fd14d7be364316e660cc44

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\cires.dll

MD5 3401937394123fb7f2cb63208453bb33
SHA1 142abed73f49431b2da4aec63ebe644ff2bf9bd4
SHA256 23eba0629eb0317ab99153bc1a7a6746c478aadb80b5cb24d0d6051d1d294edf
SHA512 c29ced7cadf19d9bf7a465ba2f60aa3438934b11876187a7e329f4a5eae7651c005d41fcf276d7230769ed2bfc7128bbf0e54064fd9188efeed0629f3607869d

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\en\cires.dll.mui

MD5 c61ab4bc4cf356b1a94dc79f27458d7f
SHA1 db5472f9d6206919ef1ed4674a2491e027a3568b
SHA256 d0b847decbb3a1889168514cbef25f58bbd44035ce6dcd7c11bf61ccc560092d
SHA512 6d92c49f1039748a5e2b07ab6aab7f38bac3e42b7417b07080006197b04bc07dc33eb672822eb41b63b7e9c4e3e0513ee67309157087976d9d78d38109fed2ee

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\ci.dll

MD5 0bae4c62103c27e071d03b8bc6bd55c9
SHA1 30def83de22ab970e2c17eeb39ce48bde89c3552
SHA256 ae6041da1d658b5a5ba07da2614318866907c5c3bef671c0f6fd9e557afed8dc
SHA512 c2991c27497611b275464f00ab6bae59d92c25108359bf54c91f3a6ed9e2bb89a657468ec88abbbe4bb74a25add4cedc80bbb4707cb9909da49cf7d863295dfe

memory/2168-84-0x00000000006C0000-0x00000000006C1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\gisf76190c\GoogleUpdaterService.exe

MD5 5ea52c95490ad311202b5d64b5b41fa5
SHA1 21c376e847836cf614c52b02354736c9e6021cf3
SHA256 a84bb9f9dabe6a324891222e36fec3e89576a19989564dd4107fcbb9b6746232
SHA512 e084ceba0d3e8e4a70d9ba629190293d960af252a9f1e7667216e000d69f0a16b1e716a465ce128ee573d985dfde8497bf939f93bff9e6977cc23799b1d3cf8f

\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

MD5 156d0e674372ea396fd2760ab54c362f
SHA1 b5e77449147cee6f58faf32a7b2914d0d7e4a8ba
SHA256 41883f7733e221125dc90236f3c0bd281b4e73fc5191d5a06d38c8f41c4223cf
SHA512 03b700144d8bc97f9d8764ed28e0ca07eeeb5d5b74998471b09da1ebd6eed24d46eb759ef36f4e45f3ab16f48cdf7befcf7461bc131467d85384cf5ff1b41cb2

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterAdminPrefs.exe

MD5 5cf1fe737d3bff956e107265ab3e2e7e
SHA1 8f361f8db39362de680def901726487ebd88ff35
SHA256 3abaa24bc5817e5f9278e2bc2718d5a7a22b1617044e79e52d53db91399f2c07
SHA512 3fb3b5696026cd0a4cb178538025823c4f780931ab56bf06001f8d75ffaa62add17ea5da6ee068f8236df4822e289df18e09ace622e294873799ffb24f434a4b

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\GoogleUpdaterInstallMgr.exe

MD5 d0a8e56e3eebaca5152e5c6a07f81e28
SHA1 069e362f312c6460148384a741410dba051ce599
SHA256 c95f1a631537c2b94fa353af52c059bf270183e8308b58409dcf0f39acc251b3
SHA512 a0f019fe8bce9fddff3694b3c01bd2068925504c006f98dfbda30092c569557672a2e62673bd6b9683de684f1933715323084a10167b1e00e4271db23c5a8c1f

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\npCIDetect14.dll

MD5 35a98b1e345f411f8bc864d673794b1a
SHA1 ae150bb647fc73b8e34f01cc8b30e94b64dbf1c5
SHA256 8352ab24c522704063315def1c000c6deabc2c76b9ac37735f18a2a1b842449a
SHA512 cfac79cb69e2f0bdff540a9d22a99cb42b2e5919ee5a0e99c56a67acf4fcce8c0dd7c69e4397bffac2fc70b41c19085ef9a7ee470af5f5dfa6530cca83940537

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\bg\cires.dll.mui

MD5 231b860657e6c06e05d763522a099a39
SHA1 088662d52ab6ee91d2265607c70ca56e189d7fa3
SHA256 1ec822ad3b5b644a9d79e7f246dcfb65ae352b58347e97ad3967342fe2cf7385
SHA512 c8462bda05b42a6254335adbac7c981d02e0005ea4e8b10bed90a1e4015e16d41018e3e50b87eb4b55e46fbb6ed94bb8bb9f0c876f5c19fecd2c8752c02c5705

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\cs\cires.dll.mui

MD5 704c3c27a26efd9573c78316781e4216
SHA1 d51317f55d3b308385d1ce03f0ae88950308333a
SHA256 971871c74eb1bf10fbdb04c3fa6c9202fd3ebf33a67d948cf91a0544ca5a563d
SHA512 5011bda6d68a52dff68db6474215efd55475cb238c6ec857b214985da9ba7a9a51c37f98096fe13701fd16d6c82745e1c01656c86b1f594f272d46bb651e5475

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\da\cires.dll.mui

MD5 bbe344da2d28f22a1735e2bad0a1d707
SHA1 3cd1e52ad2debfc42f63bcca9e34511546667bcf
SHA256 7e070cd2aef4d1c83ada1a606bfd7ab70a953f6a4b51fcb0a55d198ba6bcd131
SHA512 6ebc3d04b41dabc8681c206811d540b35e343a64b779ae66515ffaf59a7885ce9a63c7f8216a271370a4a205a6eb0645d91997fd86e3a4dec5e9c931aa7eb1a8

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\de\cires.dll.mui

MD5 c754882b7c4330ebe45d41ee19fc5ae5
SHA1 6c1d78e9e0aa0f7f73332e59155ac7684adc58af
SHA256 c3569ce79ba7725793ca2fe291815e9c8c3d56b3f3b21bee52353a9b8f4f41e1
SHA512 b2e0cde5f09672b1d8ab718257f1b8a73f796607f5291ab6d844cbdefcc3afa86bc1166d36e77ff0620ae0ec6ea1057ab72c5c2bb529337705a7685656f12f00

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\el\cires.dll.mui

MD5 d5befb3b98ea94d6b85434961a2e78a4
SHA1 045e495e6c0c1ecbb12850271f70d2986384d28b
SHA256 7b244dff8178a93b1c088213d50defef85475977fe366c6873b30adcc9e5c643
SHA512 8d5beb9252dcabfb451f75c9994ab4e3657ef862ddf544839620d6ab23cf70e2c434774e35a776a03950f399f75b02676bc9eb17f484be2c0a01966a3bf0477e

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\en-gb\cires.dll.mui

MD5 c6948f2040c8486735e9cf9ab155311d
SHA1 24e61069a3c72b8b070fca56e03efa57ffa0efb4
SHA256 1e0c7d903f66d83a132dac9af7c6b62733506a119549402c22cf5289fddfbe93
SHA512 df4ea46c7afd24f94c24609bbd870102f718b498b0735b484e30a9a5e9377a204da877342055967aafa4e5a7b3634a41244e2740b2df9003bb8a42d5c55166b1

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\es\cires.dll.mui

MD5 665f4c8adf63c5852479d25918703ab3
SHA1 afb1b9376712524830092905c845748a0417e948
SHA256 4cf0addfb7230edfeb69860b07e791a78783d3945f268bb07c3aa4fcf8ae0fa6
SHA512 cc83983b67ea2e45e6ba3ae2517473dd914896414a08752710750fd50de49de5c3f2606e88835a95c0a0918b6738410f344e7f79b5e0ec3a971a1fb92961e514

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\fi\cires.dll.mui

MD5 d8d2d89496a89cc75a00d0d58be55aa3
SHA1 f0edbb9b64554f62879d2958a1cd4b1b89182d5a
SHA256 88a0688dc7d68436c0e2abdebcb6bb6191b21093dce4f6b542ab8a5a67f9117a
SHA512 4d1b02ab6ba94f8e5e3ff6a60e3e464eaf0ba7e5c151ab1081232f73152b5e57fab88c643b85a1252d303c5362dae480b5d2ec57f3e6b368a3209575c29e87b0

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\fr\cires.dll.mui

MD5 96314dcb209502aa34957e9259c841cf
SHA1 1006d25d770b6d3a8b9483c4b2db925754c359e4
SHA256 6a6fc73827628437b2d6bc2eefd279e4e7a56bed7c404e365403ffbf12fbbe30
SHA512 27de9dabb204ea3c7d3f55327f89697eb5068ac42703815f4f27d34c45c5b207c404ffde75fafd1677ee17ee63d8f3cc820ad1e4a496b1788b7e0706bef9ed6f

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\hr\cires.dll.mui

MD5 3549a7f60086eb93b4277fc8f036be45
SHA1 fd9034902c7cb218459f5139d6d26e99b321f37d
SHA256 8ff120253348530e3ef57380dbb24f39d95e90b14f3781e34daf181b1117ae08
SHA512 204e499ef2a53bd239db1fccdaa9e0403d132f1a448d55374bc2de29349b7cd071969ec969bbcbb384f68c5130695445174455fb1902009b2ee75d117ee26d6c

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\32x32_upd.gif

MD5 079e7fdd1a87aa2f616fe79b0c14311f
SHA1 8a8e328a6fd2afad809840203599c6f010769a30
SHA256 9cc118437e2d4b9fce0fb27e22ca964fcb1f59c831fcda8a9c7c632386d90538
SHA512 28851610c38a8cd4ce0ef590e18141576afea1c6bd7638933588f6c18866b2c87d5a0954b4e1a83ca7856dfa56560a38af36aeb73e8bbf3ff6d24cfeea857091

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\32x32_ale.gif

MD5 3016dc4fedde96f894899d470c02aaa2
SHA1 02c53fa2891c568bfbf2237ea2adfc51fba2198d
SHA256 a8db92ee020302b1929e388db9d54e0f8408dcda102016fbd29f2bb3ba0133fe
SHA512 c147063bcccad8fe4514ba109e457ab83df444434cdf0bc32905ace783f2d0311668ec14869bff36bc339227fb3fbb825a100fb2dac937217c2df0d1abf3364f

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\confirm.htm

MD5 944f1e2e94804b91add2b74e9325fbb4
SHA1 984b5024fed3400608271c5394e8addb3a02cc6f
SHA256 0daa20705392261164fc479ec5efd7d612318544835422aff74086245fa1d816
SHA512 feef4c32d5f8aa0c363e4ef4e72ad78ca1b84e3038b4ce595c5a41150cc8435518eac2b84144f2d32d903350ebbda066d9d3bec1d9863c04f5386b15aaae23e5

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\chrome.png

MD5 a66746a87ec143f6bd1a65624683e4ef
SHA1 e12bc8540298ee47bbd2925c2305710cc6177f52
SHA256 dbe9549f032c37e3e38a16b1ee40bcbd8a310e577f907d7330224a2db9054aec
SHA512 99c3d2eb7cf40fc320ab34aafd1c5e2980f6cc542f270d02182bc0ced5b6902b7cac7a99f0e5d35a38b39c0399d344c7b50864ab419e433c20b92fe060e63809

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\desktop.gif

MD5 7f6444ab386eb04027a17abcfc5c17e2
SHA1 60b9c164593ec04a3c41fa413240b4a4745429a9
SHA256 35f416b8e480712245617391a850342ddf9bcb91fe21ea34e6740df236b28bcd
SHA512 ac03c75dd79a817cf83df7ff7930893ada95fdf524bab6e73042be6c7d1b679ffa0ea3d5c7b776c8cf132ac178e03161f14e97dc8c961b92b4beee272bd5744d

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\earth.gif

MD5 a23faf1af4a5d3e59ddc2a6f58e1ff21
SHA1 43f72ef804ead2c15d050aa8a017f83fe97e9d48
SHA256 a3e7ec663e41b93debad80d05a827528539c4953b4ba7349ee6bce678eb58e11
SHA512 86d2ba0fc0facb1a18e7b4db4c780c3404ce3c02434e98171d83aa94991a0863b236d528e3da1fa41b367e04ebcfe5d47b99b97fbdbb724c05a960db1564c007

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\history.htm

MD5 452c8330ad48e551373cc9e84809b16b
SHA1 f48ca7df54c0195d31f40f1963f8beab4e1e2ba7
SHA256 0d7fe0c0e1163b3fe0f30e0b6d7a1501415d588f03af7274d7a6eab388b33d73
SHA512 a8813bd1772fdf5459c701752a35fbeb3d6c165f1244423eb43a7884028adf276db4e2465c6984b7858a900ffa4b5350599c82c28ecbe83a06ef4a2b77b734bb

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\gapps.gif

MD5 56129137deb45657902e775bc8ca9f55
SHA1 dab0de7087ce232d9d35aafe9c7568a7c291a14c
SHA256 6b13f28c2fe14b06b42668960762315887f4febb2ad6af7f24fb42b1ccdfe9f3
SHA512 c0606e2d7381edb89eb1fec494eca6574552c35ee4e28683cc4e78d011313cd29c9c7078b068a16fbac52b17caf7f30c83feb2a2b7235f4a8667842d4b2fad33

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\installer.htm

MD5 899e7280e2367564b742f3b9e0372813
SHA1 434cddefbc8f7b9d29632ca897e7e8336ee1b3bc
SHA256 8620a98235ff0e173e454822fde8ea5d1418066328ca4d01ff9cc63b488289f4
SHA512 0cb9dd40f7cdc949234657c6cdc8534069600a77bd84149f063c098038e87d4eab5a4eb27881dca55890e224e511ccd6db0b0ff70a2c3767cbabd003654dbdbe

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\ksd.gif

MD5 1d13ee1a6f70e643bc7706dc2a06bd57
SHA1 32dade86e31deb8053bb213212e4e671bc2ddfe6
SHA256 3e6d8041ede1c501930389345a333bff5748de53e5a1d91dac11a1ad02b644b0
SHA512 78b57ad374a88201bd11f640b907d727858132eb9779928fcaf3b99ba7f2ac369b7093ea2bb6704973f48b27dd05f248953faf95f512872480658e6b72d9f63f

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\maintainer.htm

MD5 5187feb8a3c4f418994e62a0e2a03134
SHA1 e132e37ea144485571cdf66dd1e159e0ffd96b29
SHA256 c8911c61eb22e3daa5bf176d91760e1454b5740f36f08de570f32d7436a7857d
SHA512 3915b4c4d4d6c581ac085de1ecb7417a3caad80d6c788af4e918d97ab84223d3f50f3cf90b800d685ac22a95ff16dc786c96c931bc6a7ea1364194a0e9ccb06d

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\lm.htm

MD5 9ae8da9484a4a96edfb4f07a7c5428b6
SHA1 06714e160121f4e612c85dbbc2dfef01ae01d45a
SHA256 74c79a4323c6527b6d95ad89ebb4db566e8dfc546b2bb28bd20dbcfd3a63303a
SHA512 ea2c6b928a1a29ea7e2afd4ed76f58a3517f3f4fe6014d2244c7cd54c373a831e8d0f497458d42873770c070ce71cecee7beda9cb89eea7a9709e5d92f6b8716

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\pack.gif

MD5 9d0c772924d2efc3636b9a33aa07866c
SHA1 f88b1df9b8f46e93839738c97ec2cc811b6575d0
SHA256 a91fd089a6fe90e6e7e155679036424f8fc5e8e2e6adfe8c7092721c78a3166c
SHA512 f7c509c4f3b96887296b5e758b0f052be7c191e256b869f2faececa18ff77e15a4b3b81774c6739e6b2f00d91091674757df772402b77ff74eb6f20d6a93ab10

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\pack_large.gif

MD5 e2ce62539e09b400415f5f7edf15059c
SHA1 d5afb84fc82400acd7e67182ab6244344ba340d2
SHA256 43b67a21af12b1165d6a34301839a52e20b27ae5bef01af0426bc9a4e95f5922
SHA512 7242e5896b501a8c0b3d099df80cbd9927219794c5cf851df0808100621a76c75fbd1c4c74a9f6f18d4dca35cfd9f63646cbf9198f59f3751c73b1c86edc7998

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\msg_error.gif

MD5 705eb0b2fd9061906cba3423e8a62842
SHA1 121b92a9030179a6aeccfe26843f368dfd63f113
SHA256 44f118476b46ce06b72fe265454de44235766e0760dcac608ef794824be8fa4c
SHA512 06b067d49a2f7719276879061d06be28be71876760495b22a5598f1768e07de49a6c05db49e4ef3eb3dea2287f99c2f259a9edc05bc717b89d0a910a31485026

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\plus.gif

MD5 621b0cadcc3562b5fcb7942394ec898c
SHA1 d4dff4cbaaf86165e68cce1432f3b4480cd7a168
SHA256 603f8becdaff32dd78858babe0d9f2d455225aac408316cb35fe3413a9cc1a6d
SHA512 b900ca13c24d9b3fe7de570f8abf88b6b636430f2f407830c38830b6fb15f9ef0124dbed16aa29fbfefc6b42511555d5406c072422dd281932b1b1f5b6d74e9b

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\picasa.gif

MD5 03ebe51d7b1e3df937833a031ffe3e20
SHA1 858a7ecc77485349dbd6f76dd9282f42c6838442
SHA256 a7115faccd5c38503d8620543d5fce122f0588e2038044fc3a0b088dfcb37124
SHA512 75a654477c0c67d663fbaf541b1f3077ab2b00f20c81f5129ebe1bb6e9ed6f7d999cfce5e66b877e57b2384036afbe5f8b601e8b32578bdace37254e0c9adb0d

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\preferences.htm

MD5 10217efd664ca98b036fd3b67b94b936
SHA1 9830028205a9d713e7ab5bccaeac3c04732a5406
SHA256 0c881919714603116a3d5356dd72ce123c760fe38e60cc514d5b56bc2f64da4a
SHA512 175453aed6b1e71db6d54e21acd3035cdd6b559cb21be7c547b7d2a00885a277a61029bed69b6d4674e4b7b73d3f3d186bd4ac60e93222eaf5b052beb26ec112

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\minus.gif

MD5 df9a7fd7d1c3b3f0144150304c5c823c
SHA1 1ec66d70c2335b3c3a0e379efcc0aa57ea793af3
SHA256 9fb09fbb5ca7843be9bbbc2de92c116366fa0b6961dce9f5e83d3f2eed22ec26
SHA512 cc2dc986afff3084dcb7b9fdfa5b57fdb79382077a89182e1c0779f78c8ef68af0a847327e2492d4f6690ecbb888bd834f095095cd96596da397cca4f986a0e1

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\progress.htm

MD5 e974a0bce96bc29cc743e3ce0eef470d
SHA1 bd51db4dd4be66aa4126af9c4d905eeb6897dec3
SHA256 f774e1ab5d1270e2a7bf66e17d1959ca780fbb818c9da8f9a092ffd83768a583
SHA512 35059c5df21bdd43e7d6893940c9e778b801b197fae9ab29b6cbde816703a361a3aabd7984226cdbcee619f83934c12b1631181f3d00bafb9b28983b428ff6c4

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\proxy.htm

MD5 9131d00d6b64226d99dcfcda6399c1de
SHA1 a23fb17afdd5b089b01d43b0aedecf0338826115
SHA256 59c28d482684773dbc7a33210cc4fbfda098d250435262f670815a4d4f4f2d73
SHA512 dddf5103696aa7dd5f2ffa264197c588593cab0ba06ba7a5d058dbc4679f532b49b5439fcb27479eb05b8d2803edbae6a12594ac3673a08caeead9b25f9ff037

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\roundl_g.gif

MD5 25da733e8ee741575f219c452e4a6692
SHA1 ee59c7ec31c5e19bbb59ea44c0f7cb496086717f
SHA256 b6e607065b851a03b26565651e73fc690c81a3e3b0a0f0e8e8472ee81edeb530
SHA512 1402e2c5347eea7cb52f89759cead9af5d96a7dcf15bf09921c8ad0b15f6dad0ec530a0c9d7900f5682762ead1b409dc49be4727ed9fff7837fa9bca6fc1c9f7

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\roundr_g.gif

MD5 0d3026a0eefda382ce895c55fb4b35af
SHA1 bf19459ab6768c401c3c9de7f7bd40595fa6e9bd
SHA256 9a5e692e7c8e1a2ac636e07daeb95744f59833bd4a273876993a7d964b2aef59
SHA512 ec913026313cf1318a34585df9434af190ecabe088fad9d6e51083072ac3f07862a7e31a448fd716443e6a77407f8d1b20db218aed5e1f3effb60db7258085fc

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\shield.gif

MD5 a44df8d7646886fb4774ed4c79ab362e
SHA1 b05a5d579fc0546463fffb433240574168e39db0
SHA256 4468123d622f908c150684651c311cd642d0889f12e3c34333ffbf245dc7ea0c
SHA512 e4c50c20e30a2683fc6557ff8bead2af1f171980e7582bdc507291ac80f419bf3961152b45294e17fb94cc507f7540f980130064b6e022285e71dfbeaa01a522

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\sort_down.gif

MD5 dcd0922cda7ae60fa6018e7da41d1b32
SHA1 4f28c67a69acd53054c1bb04f8ffa91764b638f7
SHA256 7449eabda30c41caff4f541b181f18af3516fc2f94e45fae005a60028fd73a9a
SHA512 d17a2614bc5d00bfd3fd15a75bf5246dfdf7fd06704c4d6819c44688116f22a365088bd3c427fe565a01b3599294bc7e6089a1039d8ac414b409691afceac01b

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\sort_up.gif

MD5 53e148642c0f3b83f46c9ac4a8edaef2
SHA1 561ae0d6059dd6b0e9311daeafac226d42ffc6d7
SHA256 da6f9def644dbd944890c3d9d1c0b3307ae4f9060bade32004bdfe8a7fa8abf9
SHA512 993e716ff32622658c02bf30bbe761140d1306e644c5c7033b0cb566ed09f8b90513c8194c97a22ccc7f74a768f203fd1cb85dc584f25e1ef51ea3440f793a44

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\talk.gif

MD5 b96525a2bbdac6c8cf83b77585d32d9a
SHA1 9b3ca8db7cfbc73871076916e3ed462d05fa6cbb
SHA256 c466699df0489391b83d1993339b9563a18c27425108037ffb67c79cde9c95a8
SHA512 54fc4fd845c1a371f5286a9c6f2bfa27aa821ed0e2c90e191dc4815887cca7f7ed36c6b79785e4ec667684eb7b8d999393a19e941e6f7354dee994ff27e3551f

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\toolbar.gif

MD5 e3a36c4565e7331ab6e56aa521657cd8
SHA1 fc2dc95bb8aaebcc1f1f02cc0b7b69f90aa0f217
SHA256 79d3b59b077d81a9565d27d3d1de37a546953a4798d20408df2794c8570a3043
SHA512 cf232d5c9b7ab68d0dde1254c84b8013e67b7aa098984c04e8682b6a21947eaca9c07a5b59a47342c7a23955e46553c7959b334fa1e1717331489ef6c9d15861

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\ui.js

MD5 2d8ded8ad43f3ba8ff03eefc3eccc192
SHA1 543af23385cfbaa661fddc901b74fe798207f0b5
SHA256 69f3ed6016e43750de5933511ef867cf81302669e48f44d7e9676476ef0d4bbf
SHA512 1b1c60a89b3424375c7e1f2fa64e2b9deb164c984267e5dc005017c69033c7c6cdf20038a89f701e185e071fe781e6aeffb19f7b613e86c5b898dba97dd337f6

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\ui.css

MD5 1d54ec902425b93d2b58b0e7eca69421
SHA1 d8f45cb8786af62b2d0bb66b65c640e6df2577c8
SHA256 f334f12155ad0bddf0ac85df81b677f0667b7d4dddb9c2d6984425342338a669
SHA512 fa99d5da26080accdf3d29724643dacb63c58055703354cf2fb1d0c64a325fca1331339b66830539fe284d7d5c96f13d08db8799a4752a203c08aa01a4243aa5

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\ul.gif

MD5 0e315ddda03a6c6909aa4a6edf380674
SHA1 f94b1333f4b6873db147486457aa5e3e6b7bfdf3
SHA256 536ee48c799d5a1691e6b7457556eaf0ace6a1ce15df71b6d6692de6da004971
SHA512 c7358a0c1231c40caf630fb502f54cfa9143580eefa477d50b2d5fee1bf47254aefb2d9995366e021e2896720a5494183b13414b273d76f6febee187e9a44d29

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\updates.htm

MD5 a8987aedb9d0a38dfbf60a5dba0cec23
SHA1 a7f685ec3c0c1fff8bae4c1242e77ed45fdebc6a
SHA256 3f5d095085c4e6786c4875fc67fd4180f60fd575205ba0ea1c84f6cfda883145
SHA512 a42d68b43f0ed86af194c11338bd2f9d8a407a3b9b4981300dc4ce8dc8cb1cddf9d23432f4311c8a596fd2c6456f02a0cd1675ea1c5ee393ce25add02b157602

C:\Users\Admin\AppData\Local\Temp\gisf76190c\2.4.2166.3772\HTML\ur.gif

MD5 9afb37983977c6915ae897293468826d
SHA1 d2dd3628ccf7ec83a0b83f0b6bc72f9fc9ce8f78
SHA256 b21410b4a327b026b0d773dc2d8424264a2dd6fd158ffe1f68b58f6a44161c7c
SHA512 99dd7dd22408d5c3fa66a38d548c0634b581c257870faaf9d95074bb66e5714e9c0dde79bf23304418e4746ec7f3e515e8bb9a73980ce85ee298f6083b9294e8

memory/2168-215-0x00000000033C0000-0x00000000034EE000-memory.dmp

memory/868-237-0x0000000002210000-0x00000000022CF000-memory.dmp

memory/1312-245-0x0000000000400000-0x0000000000560000-memory.dmp

memory/1296-246-0x0000000002E90000-0x0000000002F4F000-memory.dmp

memory/1708-248-0x0000000002180000-0x000000000223F000-memory.dmp

memory/1516-250-0x00000000021C0000-0x000000000227F000-memory.dmp

memory/2632-254-0x0000000001A30000-0x0000000001AEF000-memory.dmp

memory/1252-256-0x0000000002510000-0x00000000025CF000-memory.dmp

memory/2196-263-0x0000000000400000-0x0000000000971000-memory.dmp

C:\Windows\Tasks\Google Software Updater.job

MD5 f707d7d2779a9f28a7c0945ef7e8bd76
SHA1 d80e0a02fb38d5e6f5b688d19c342e02dcaf3f0e
SHA256 5cbad4324638130f2a2a748ab0be2d9ae773dfe44a9ae5bd163edfc215d4a1e4
SHA512 f86b4c9fb84aa4eee9f89c3448beb8032631e62e17fc776cbcf2e25eee2833ae280b4b0ff9b801fbfbc74624a7ae94f65eb1a19dae3f642e65cdefba5574040f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-22 05:18

Reported

2024-06-22 05:21

Platform

win10v2004-20240508-en

Max time kernel

43s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\0176720d2be9a42edd23f5f9a598cbb3_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pack.google.com udp
US 8.8.8.8:53 pack.google.com udp

Files

memory/1260-0-0x0000000000400000-0x0000000000971000-memory.dmp

memory/1260-1-0x00000000001D0000-0x00000000001D2000-memory.dmp

memory/1260-2-0x0000000000400000-0x0000000000971000-memory.dmp

memory/1260-4-0x00000000001D0000-0x00000000001D2000-memory.dmp

memory/1260-7-0x0000000000400000-0x0000000000971000-memory.dmp