400eea86fdf5670b9ac9b96606483fda8f33ba2863b37b506ed6ab1bf882c93b

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 23:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
Size

10.8MB
MD5

61e8754e226176a4311b3bda2f7f5a4a
SHA1

ab7b9cc772640ae291f1e5310ed7e2424d499c84
SHA256

400eea86fdf5670b9ac9b96606483fda8f33ba2863b37b506ed6ab1bf882c93b
SHA512

093ab429daf7f07040b6c6facea781cac0852f1ac5a39d935c1483859f880cfbef5b70e75dc977ffc22de921b0f76559b3b7dfa21fe29c967ddc98a450c8ddcf
SSDEEP

196608:N8eM+zrUH3Z6+NWfpayWpHBFlnY+6NBg3fJzYcLlgFItURZWRLuGGHpMbdDUOzNt:NlM+zrUH3kWWRCFQBsh82lgqW8SZMbdf

Score

7^/10

adware discovery persistence privilege_escalation stealer

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 10 IoCs

pid	Process
2820	GoogleToolbarManager_0E996B068B56FCA2.exe
372	GoogleUpdaterService_5898FABCFA121C11.exe
2676	GoogleUpdaterService.exe
1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe
1076	GoogleToolbarNotifier.exe
2204	GoogleUpdaterService.exe
2456	GoogleToolbarNotifier.exe
756	GoogleToolbarManager_0E996B068B56FCA2.exe
2592	GoogleToolbarManager_0E996B068B56FCA2.exe
2588	GoogleToolbarManager_0E996B068B56FCA2.exe

Loads dropped DLL 20 IoCs

pid	Process
3036	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
2820	GoogleToolbarManager_0E996B068B56FCA2.exe
372	GoogleUpdaterService_5898FABCFA121C11.exe
372	GoogleUpdaterService_5898FABCFA121C11.exe
372	GoogleUpdaterService_5898FABCFA121C11.exe
2820	GoogleToolbarManager_0E996B068B56FCA2.exe
1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe
1076	GoogleToolbarNotifier.exe
1076	GoogleToolbarNotifier.exe
2924	regsvr32.exe
1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe
1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe
1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe
2820	GoogleToolbarManager_0E996B068B56FCA2.exe
2456	GoogleToolbarNotifier.exe
2456	GoogleToolbarNotifier.exe
2588	GoogleToolbarManager_0E996B068B56FCA2.exe
2588	GoogleToolbarManager_0E996B068B56FCA2.exe
2588	GoogleToolbarManager_0E996B068B56FCA2.exe
2588	GoogleToolbarManager_0E996B068B56FCA2.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
3	3052	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	GoogleToolbarManager_0E996B068B56FCA2.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	GoogleToolbarManager_0E996B068B56FCA2.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}	GoogleToolbarManager_0E996B068B56FCA2.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}	GoogleToolbarManager_0E996B068B56FCA2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}	regsvr32.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe	GoogleToolbarManager_0E996B068B56FCA2.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarHelperPatch_signed.msp	GoogleToolbarManager_0E996B068B56FCA2.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_de_D7CFBCF21E80E850.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en-GB_2E6B851AC7DB9104.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_it_16B76458694CD64D.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_lt_C82811A2991982F9.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_vi_1E881DE518435F79.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\googledict_en2de_B9AAB95D6C6F4C36.dat	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_et_0613A067625F9DE4.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_id_4619CC2AD5B266E0.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_ja_FB204AA216DF16F6.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_tr_D0EF39D3BE93D65E.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\googledict_en2it_ADEFDA0A79F00730.dat	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_64_41D8280252A4200C.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_cs_72B4505E6075D700.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C58171F2E8870EA4.exe	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleQuickSearchBoxSetup_9B6E2803C15DBFDA.exe	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_E0B3D00E06C2FA01.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_64_7B73A586FAD2C6CD.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_lv_633AD9DE9170726B.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe	GoogleUpdaterService_5898FABCFA121C11.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_is_C10179B56ED73951.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_no_F029760748CFBDA5.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_sr_75CE59C5ADDC2844.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_uk_DB2D30F1495B7766.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_zh-TW_B777F94133C4F3E9.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_ro_4C4B00BFF35AB149.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_sv_89495101F557E1B4.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_BCA4B64C7F249C8F.exe	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleCld_3F6C343113693CD9.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_ext_zh-CN_32_A8478F8C9C51C437.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_da_C58C2E35EB91B164.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_ru_5689398FE6A50FB0.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll	GoogleToolbarManager_0E996B068B56FCA2.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar.6.3.1106.427.manifest.xml	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_32_E857042E7D2E74E0.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_fil_920B5A4BF032B379.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_hi_D277FD438321B5BE.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_sl_97CA717F99EC9772.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll	GoogleToolbarManager_0E996B068B56FCA2.exe
File created	C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\gth.dll	SearchWithGoogleUpdate_C58171F2E8870EA4.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\googledict_en2es_76D5B51588E8E478.dat	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_ext_zh-CN_64_9D6BB6457BFC027A.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_ca_29B33FD3304670F1.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_pt-BR_324E45F73759905B.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_th_735B0FEB64CACB1F.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_64.exe	GoogleToolbarManager_0E996B068B56FCA2.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\Readme.url	SearchWithGoogleUpdate_C58171F2E8870EA4.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\googledict_en2ja_BF3954DA2966B0D9.dat	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_es_983976C69A9FCCE9.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_ko_DC5E79E55A71966A.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_pt-PT_F34FA25F2BF44973.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll	SearchWithGoogleUpdate_C58171F2E8870EA4.exe
File created	C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\Readme.url	SearchWithGoogleUpdate_C58171F2E8870EA4.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_el_81517A223F9C8420.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_zh-CN_436BC7D4665E8872.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\googledict_en2ko_2E8A88975F586360.dat	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\googledict_en2zh-CN_BD4EBFDF896BA244.dat	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_hu_9EC874874E27F782.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_sk_B8B6D4A4C43740C7.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_fi_3CE77857E98E8E6F.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_hr_5BD074D2FC14A9B2.dll	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\Installer\f76d430.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f76d430.msi	msiexec.exe
File created	C:\Windows\Installer\f76d433.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID654.tmp	msiexec.exe
File created	C:\Windows\Installer\f76d435.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f76d433.ipi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\Compatibility Flags = "1024"	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\AppPath = "C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier"	GoogleToolbarNotifier.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\Policy = "3"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}	GoogleToolbarNotifier.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\SOFTWARE\Microsoft\Internet Explorer\Main	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}\AppPath = "C:\\Program Files (x86)\\Google\\Google Toolbar"	GoogleToolbarManager_0E996B068B56FCA2.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}\Policy = "3"	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "yes"	GoogleToolbarManager_0E996B068B56FCA2.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\AppPath = "C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier"	GoogleToolbarNotifier.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\Policy = "3"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Toolbar	GoogleToolbarManager_0E996B068B56FCA2.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\Compatibility Flags = "1024"	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} = 00	GoogleToolbarManager_0E996B068B56FCA2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\AppName = "GoogleToolbarNotifier.exe"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility	GoogleToolbarManager_0E996B068B56FCA2.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}\AppName = "GoogleToolbarUser_32.exe"	GoogleToolbarManager_0E996B068B56FCA2.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility	GoogleToolbarManager_0E996B068B56FCA2.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2318C2B1-4965-11d4-9B18-009027A5CD4F}	GoogleToolbarManager_0E996B068B56FCA2.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2318C2B1-4965-11d4-9B18-009027A5CD4F}	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}\AppName = "GoogleToolbarNotifier.exe"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\MenuExt	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}\Policy = "3"	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}\AppName = "GoogleToolbarUser_64.exe"	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}\AppPath = "C:\\Program Files (x86)\\Google\\Google Toolbar"	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} = 00	GoogleToolbarManager_0E996B068B56FCA2.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43e7-84E9-808838809519}\InprocServer32\ThreadingModel = "Apartment"	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ProtectorExe.ProtectorHost\ = "ProtectorHost Class"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\ProxyStubClsid32	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\14.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\5.4.4525.1752\\swg.dll"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\ProxyStubClsid32	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib\Version = "14.0"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.ProtectorLib.1\CLSID\ = "{84798B8E-69F8-4846-9516-373C2996E2F7}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID\ = "protector_dll.ProtectorBho.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\TypeLib\ = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.ProtectorBho.1\CLSID\ = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\ProgID\ = "ProtectorExe.ProtectorHost.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib\Version = "14.0"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.ProtectorLib.1\ = "ProtectorLib Class"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\ProxyStubClsid32	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A9C08D73A738D4645A912F4E39ABB657\18555481990E8AB4CBB63FB4F26006C0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	GoogleUpdaterService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\Depend = "C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\5.4.4525.1752\\gtn.dll"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib\ = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"	GoogleUpdaterService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1\CLSID	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00EF2092-6AC5-47c0-BD25-CF2D5D657FEB}\InprocServer32\ThreadingModel = "Apartment"	GoogleToolbarManager_0E996B068B56FCA2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\AppID = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"	GoogleUpdaterService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\TypeLib	GoogleUpdaterService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib\ = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GUServiceCtl.SilentUpdater\ = "Google Silent Updater class"	GoogleUpdaterService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\protector_dll.DLL\AppID = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GUServiceCtl.SilentUpdater.1\CLSID\ = "{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}"	GoogleUpdaterService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\LocalServer32	GoogleUpdaterService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib\Version = "14.0"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\5.4.4525.1752\\swg.dll"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib\Version = "14.0"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\ProxyStubClsid32	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID\ = "protector_dll.ProtectorBho"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler	GoogleUpdaterService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.Protector\CurVer	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.ProtectorLib.1\CLSID\ = "{84798B8E-69F8-4846-9516-373C2996E2F7}"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\ProgID\ = "ProtectorExe.ProtectorHost.1"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\protector_dll.ProtectorBho\CLSID\ = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\ = "IProtector5"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\ProxyStubClsid32	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\LocalServer32	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib\Version = "14.0"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib\Version = "14.0"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib\ = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"	GoogleUpdaterService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A97CA128-6998-4F8E-807E-8ED05FADAFB0}\RunAs = "Interactive User"	GoogleToolbarNotifier.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\VersionIndependentProgID\ = "ProtectorExe.ProtectorHost"	GoogleToolbarNotifier.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\ProxyStubClsid32	GoogleToolbarNotifier.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3052	msiexec.exe
3052	msiexec.exe
2820	GoogleToolbarManager_0E996B068B56FCA2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeIncreaseQuotaPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeRestorePrivilege	3052	msiexec.exe
Token: SeTakeOwnershipPrivilege	3052	msiexec.exe
Token: SeSecurityPrivilege	3052	msiexec.exe
Token: SeCreateTokenPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeAssignPrimaryTokenPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeLockMemoryPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeIncreaseQuotaPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeMachineAccountPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeTcbPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeSecurityPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeTakeOwnershipPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeLoadDriverPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeSystemProfilePrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeSystemtimePrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeProfSingleProcessPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeIncBasePriorityPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeCreatePagefilePrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeCreatePermanentPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeBackupPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeRestorePrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeShutdownPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeDebugPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeAuditPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeSystemEnvironmentPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeChangeNotifyPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeRemoteShutdownPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeUndockPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeSyncAgentPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeEnableDelegationPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeManageVolumePrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeImpersonatePrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeCreateGlobalPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeShutdownPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeIncreaseQuotaPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeCreateTokenPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeAssignPrimaryTokenPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeLockMemoryPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeIncreaseQuotaPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeMachineAccountPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeTcbPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeSecurityPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeTakeOwnershipPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeLoadDriverPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeSystemProfilePrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeSystemtimePrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeProfSingleProcessPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeIncBasePriorityPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeCreatePagefilePrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeCreatePermanentPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeBackupPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeRestorePrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeShutdownPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeDebugPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeAuditPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeSystemEnvironmentPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeChangeNotifyPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeRemoteShutdownPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeUndockPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeSyncAgentPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeEnableDelegationPrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeManageVolumePrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe
Token: SeImpersonatePrivilege	2820	GoogleToolbarManager_0E996B068B56FCA2.exe

Suspicious use of WriteProcessMemory 51 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2820	3036	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe	31
PID 3036 wrote to memory of 2820	3036	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe	31
PID 3036 wrote to memory of 2820	3036	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe	31
PID 3036 wrote to memory of 2820	3036	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe	31
PID 2820 wrote to memory of 372	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	33
PID 2820 wrote to memory of 372	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	33
PID 2820 wrote to memory of 372	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	33
PID 2820 wrote to memory of 372	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	33
PID 2820 wrote to memory of 372	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	33
PID 2820 wrote to memory of 372	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	33
PID 2820 wrote to memory of 372	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	33
PID 372 wrote to memory of 2676	372	GoogleUpdaterService_5898FABCFA121C11.exe	34
PID 372 wrote to memory of 2676	372	GoogleUpdaterService_5898FABCFA121C11.exe	34
PID 372 wrote to memory of 2676	372	GoogleUpdaterService_5898FABCFA121C11.exe	34
PID 372 wrote to memory of 2676	372	GoogleUpdaterService_5898FABCFA121C11.exe	34
PID 372 wrote to memory of 2676	372	GoogleUpdaterService_5898FABCFA121C11.exe	34
PID 372 wrote to memory of 2676	372	GoogleUpdaterService_5898FABCFA121C11.exe	34
PID 372 wrote to memory of 2676	372	GoogleUpdaterService_5898FABCFA121C11.exe	34
PID 2820 wrote to memory of 1636	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	35
PID 2820 wrote to memory of 1636	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	35
PID 2820 wrote to memory of 1636	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	35
PID 2820 wrote to memory of 1636	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	35
PID 2820 wrote to memory of 1636	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	35
PID 2820 wrote to memory of 1636	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	35
PID 2820 wrote to memory of 1636	2820	GoogleToolbarManager_0E996B068B56FCA2.exe	35
PID 1636 wrote to memory of 1076	1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe	36
PID 1636 wrote to memory of 1076	1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe	36
PID 1636 wrote to memory of 1076	1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe	36
PID 1636 wrote to memory of 1076	1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe	36
PID 1076 wrote to memory of 2924	1076	GoogleToolbarNotifier.exe	37
PID 1076 wrote to memory of 2924	1076	GoogleToolbarNotifier.exe	37
PID 1076 wrote to memory of 2924	1076	GoogleToolbarNotifier.exe	37
PID 1076 wrote to memory of 2924	1076	GoogleToolbarNotifier.exe	37
PID 1076 wrote to memory of 2924	1076	GoogleToolbarNotifier.exe	37
PID 1076 wrote to memory of 2924	1076	GoogleToolbarNotifier.exe	37
PID 1076 wrote to memory of 2924	1076	GoogleToolbarNotifier.exe	37
PID 1636 wrote to memory of 2204	1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe	38
PID 1636 wrote to memory of 2204	1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe	38
PID 1636 wrote to memory of 2204	1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe	38
PID 1636 wrote to memory of 2204	1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe	38
PID 1636 wrote to memory of 2204	1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe	38
PID 1636 wrote to memory of 2204	1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe	38
PID 1636 wrote to memory of 2204	1636	SearchWithGoogleUpdate_C58171F2E8870EA4.exe	38
PID 3036 wrote to memory of 756	3036	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe	40
PID 3036 wrote to memory of 756	3036	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe	40
PID 3036 wrote to memory of 756	3036	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe	40
PID 3036 wrote to memory of 756	3036	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe	40
PID 3036 wrote to memory of 2592	3036	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe	41
PID 3036 wrote to memory of 2592	3036	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe	41
PID 3036 wrote to memory of 2592	3036	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe	41
PID 3036 wrote to memory of 2592	3036	61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe	41

C:\Users\Admin\AppData\Local\Temp\61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
  "C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /install /sid:S-1-5-21-2958949473-3205530200-1453100116-1000 /installwindow:197068
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe
    "C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe" /install /appid=tbie
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:372
  - - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
      "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" /Service
      4⤵
      Executes dropped EXE
      Modifies registry class
      PID:2676
- - C:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C58171F2E8870EA4.exe
    "C:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C58171F2E8870EA4.exe" ietb GUEA
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:1636
  - - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" /RegServer "/dll=C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\gtn.dll" "/swg64=C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Installs/modifies Browser Helper Object
      Modifies Internet Explorer settings
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:1076
    - - C:\Windows\system32\regsvr32.exe
        
        C:\Windows\system32\regsvr32.exe -s "C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll"
        5⤵
        Loads dropped DLL
        Installs/modifies Browser Helper Object
        Modifies registry class
        
        PID:2924
  - - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
      "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" /install /appid=swg
      4⤵
      Executes dropped EXE
      PID:2204
- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
  "C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /postinstall /sid:S-1-5-21-2958949473-3205530200-1453100116-1000 /installwindow:197068
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
  "C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /custombuttonsinstall
  2⤵
  - Executes dropped EXE
  PID:2592

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3052

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2456

C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /service
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f76d434.rbs

Filesize
6KB

MD5
560f1f8b0b25e1bb43ce1f2673a1f6ef

SHA1
d82b658d6afb80c4598bc660828b0ff8c04ec1be

SHA256
3df8e5188c0d10568ba73d5ef6307a9a055a7b52630af8bf94d433bec7a6a8ac

SHA512
381253cb5a5567c6738e6154a32cc6f4de017307189a6980f3a9fc580b1bbc893c86c0b479992592be6e0b02be97d555112ff281cdcc2f8723b255c1e93417b8

Download Submit
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

Filesize
178KB

MD5
cc839e8d766cc31a7710c9f38cf3e375

SHA1
a20fe767ae667638fc2ed43563bd436542ca7ad4

SHA256
327d57f18b4a2d1cb06c5682d3364097ecd3cf40c2719aa1f41d0b49a26003e4

SHA512
45114b19655bb5de4707470cb4422b283d976fb296c85e9d23a044513c0103b265a1f5de00f90e7086f035d495338cb708b103767909a0f99bca08d4a7813b8d

Download Submit
C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar.6.3.1106.427.manifest.xml

Filesize
21KB

MD5
cf3bfd796723cdbf3604c936c2a74ae5

SHA1
e301400f2262a87eb8708c86f4d2fff9af48d6dd

SHA256
d21f7bd2a4aa941d6420c2debf97c46b127bd3c27457fe942b76ec1329646a31

SHA512
00a417462b5aa12316583b64c00c57c0cf3ac2b3ac88886254dd24a326c0cd96754e8d12e0387978bcaec753da0ca7481dfc80631471b67debd07cc062853bf3

Download Submit
C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll

Filesize
633KB

MD5
b741ac5a4f8a27677753a7e3febfd2c1

SHA1
7e5f85236774ef164e47d03b6c8995387e634188

SHA256
2f5b347ed57b8923603f44bb8b8b0528a2069956c603a0a33c93b29adf143507

SHA512
87b64592c1c71c439e78259a6dd5caf99bfde4049052ff48aef609393d24fe861b263fa185bad68558d1faf3e831f0b97748fad35ce43ebbab6cfaec2f148ed1

Download Submit
C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe

Filesize
978KB

MD5
8f6cfdd445e930a8cf96dd9667febaa7

SHA1
66895cb58cc6c2e83f4bbe59214d7dad5fb1d0d5

SHA256
e98a014a81ee873c49aee34d461ab267f3c67ec0ad3e67934c622a45fe82a1c7

SHA512
5c0269c7fa16d91b6acffa0fb1a23d4b7023c81e3b3af0745e555c272636c2c4354e295852c345020801fcff2397e0ae5d1a1d6d97fb2c66ef8b01eeab6d530c

Download Submit
C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_AE9B99EC70822BD0.exe

Filesize
278KB

MD5
41a133ad4531511ad0df53b9eae977e2

SHA1
f5580b13d91a319f670c56d354056a901bfbad0c

SHA256
e576924e6b5e1ae15232a7c52a51dc81c6c4decfa9e49005102f3f5ec87b8035

SHA512
4a6c93b140939ead354183d9bfbf9e7f5ec577eba008b48d8ff617f4350cb7065a1246416ba6a8913f928953bad6a122ee369e344a2ebcc794cdca39f1005429

Download Submit
C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_BCA4B64C7F249C8F.exe

Filesize
365KB

MD5
c93210a4bdb39e79b286eb5ea61b838a

SHA1
f57c932e62fb417863a15c52e66a8d9fec4e8fdf

SHA256
8f556e2ba24dd26f7c36a9f2182311f68ff29f3420a8024862024824c4af2ae2

SHA512
fc104d9fa814d3d9c0b7fecd9432d5747280ce164e61494443c7de07b09fbb98b1650244ba6ec81aa352719e5385ec18cc01708a19e4ca6474e45f0efedf0591

Download Submit
C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_32_E857042E7D2E74E0.dll

Filesize
257KB

MD5
88a099bacf2377ffb514188a9481fc83

SHA1
878e6164968418db4745d4d0e494504594cfd840

SHA256
163874fb054cf333de0a08fb26484db0c33e2441d66041992ef1ef0e6d4f9d29

SHA512
d7ae3a36ec39beca70a516399bf163adc98830b04c749ce5f77aced18b6a167cafa9a2c87a89a8615c8db88e79fc20459bc48bb69f5bc8f8363212203731100b

Download Submit
C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_64_41D8280252A4200C.dll

Filesize
348KB

MD5
786dda81f24996ff71fb69194a376a83

SHA1
5e59cad3f302be988b7e5a28ece4cac2ea98a9b1

SHA256
180de7db6b8c010feee5fc4de662b63057632aa694294cb52d42028e709cfc35

SHA512
2ada517874e469b9ef8d010ce61fdbeaa458185e0237b5629ee0b68c1bced99c6cadbcc16a265a0348d797e0a6bef611f325be7da1f88366afca1049869a10d7

Download Submit
C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe

Filesize
178KB

MD5
1c50ab911b3524356d0c58d8d669f09e

SHA1
8196bf79d278f064feaa77f3353410273f8611e6

SHA256
d9576a1a8dfabb5c47d7f98cb4dfdf5e36461e95a7e892dc724be30ea113e7df

SHA512
824135b636cfcd8c4a95aabfb7114462e083957de25d28f65f096fdb2040b3df9f5a0007673559c0b62649d6deac3dc7628d84e414e5e73b2306416d6af88a8c

Download Submit
C:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C58171F2E8870EA4.exe

Filesize
1.4MB

MD5
d81e59ede6f186e449da1eb0c01d7eae

SHA1
156a90d84d3b0eab1fbe08b7625797ed3a8a6fd5

SHA256
78241a6286d4ce768ece3e19ab34d0ba053cbcd11ba77f52c3a7709ec8db6460

SHA512
807855c49f97de0142e7136099f7bd7423dc31dd19a23063d61cfef3a08f1aa49322815521b4bfcd3f2864d90a5592d464ef7b83621f01ce3d6bcf88f1fb96f2

Download Submit
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarHelper_signed.msi

Filesize
27KB

MD5
e667fbd5e5aefbaa3686c47bd5a869e3

SHA1
cf17b301e67c1b518cc865e55050e38c4c410361

SHA256
b70fd4d873e84e1eca0a8530bdb9031f98b644373d1c5c5d1b81b92c92953ebb

SHA512
c73b0256b07fdd7bd21b1717a0e6d73b0909831a9a07e9983f38568ce2134379df797163e16ac80ff26776abffed4b0bae30c0327ba43ab561bf04a90e6a17b3

Download Submit
C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\gtn.dll

Filesize
145KB

MD5
9c0cd5125cbee6fbe8c9c3eb7779448e

SHA1
ed4318be2275115f4075b484123b205d8326c3da

SHA256
9a7fe591775d4c42951936697c1b414a5fdcde03ed0b042fc6705f6151979083

SHA512
cdf035eda7f02e8bf3ba7d55b21a830eaae12c89eae25146ca6ddc6a04cf90adfbf22c869afd1b384a1efe6e406f5b9644ad06eb19ae592c7bfe03f41bdc8982

Download Submit
C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

Filesize
746KB

MD5
cd91e666b2446530583fbffcf537be4c

SHA1
7fbb6e6e571afae599f82c2125b501c189a3fdd1

SHA256
035b5626a829d5001cdf689f7e897ce03e43e0eb9795dfbe4eb354dfbc037c2d

SHA512
c9dc77f6e0a02f2e8e89bc5002187e86059ecf76deb2c61883ad8f38b730dda7d2e9a68dc892a02accca0f59999e9cc1dc9fee008fc8ef563f044276eed54849

Download Submit
C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll

Filesize
311KB

MD5
c84d25a6a12ba1f100ef8607fb9ca012

SHA1
f2718832b9eb559ad993c09d864ba04f330e51bf

SHA256
de3055e2b3b77481abf99275df0dcc369bbde22e80ee1ded908814bb24972a89

SHA512
a056ca4dac11d186c73d49c505671dbd4625c59ace078e96ee109c9ebccc1220d78ae20b8c01d8bfc5d82792e06160c2216dea578750063ecf13000c985d7fe4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_D5DDFAB42EFB0088195E950E60A6F50F

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_D5DDFAB42EFB0088195E950E60A6F50F

Filesize
416B

MD5
5fb68fb1927f3c1db6f49e89b171c2fe

SHA1
27b67ba891ef2842a67cfb34c29732b9df55d668

SHA256
b633d253c42d7f4635ab5fda229845a050ac44153a641fb68372df13eb17e1c0

SHA512
1d6ea069fa5e619f3bed42e25a68dce3adfc8e2574206090763eeedb9a32311572af168f4237190c01d25ac7ad657535f6d4fd5777d6e71d17aa97415e19ef0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\GoogleToolbarInstaller1.log

Filesize
4KB

MD5
634e91ab556f04d65b1ab894d8f7e95c

SHA1
9b4dafaf56e936d5d39f67aac582fe985de2db51

SHA256
b75a19ef9bf69286e5783dc6524fb6a7cba763c57698ef3667e2e4b88cb91a53

SHA512
bbb30b24bda49f1e3f5da0bb42dad1aa87e2ef8efc664e024f9f30c948691907042f033ba861a9053ab4edc44faf23942c793b725fd5eeaf2dda3c8f62b8d7e7

Download Submit
\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Filesize
38KB

MD5
5d61be7db55b026a5d61a3eed09d0ead

SHA1
215950ce5d40907b041346f22b4e404ee591581d

SHA256
d32cc7b31a6f98c60abc313abc7d1143681f72de2bb2604711a0ba20710caaae

SHA512
b1dbb67867cbb36c322bd774bf01267f56e398e364ebce4bd6f67c225c330b0b1843b06397e55f7f04dcc8d75b039083ccf08313b0ed03ecff7eb00033b0a598

Download Submit
memory/1076-145-0x0000000000790000-0x0000000000850000-memory.dmp

Filesize
768KB

Download
memory/2456-164-0x0000000002160000-0x0000000002220000-memory.dmp

Filesize
768KB

Download
memory/3036-65-0x00000000001C0000-0x00000000024EC000-memory.dmp

Filesize
35.2MB

Download
memory/3036-0-0x00000000001C0000-0x00000000024EC000-memory.dmp

Filesize
35.2MB

Download
memory/3036-1-0x00000000001C0000-0x00000000024EC000-memory.dmp

Filesize
35.2MB

Download
memory/3036-186-0x00000000001C0000-0x00000000024EC000-memory.dmp

Filesize
35.2MB

Download