Malware Analysis Report

2024-10-19 11:21

Sample ID 240811-x9n9taycrf
Target ChromeSetup.exe
SHA256 dd9da3da7f01b071c98eaaa20c238379e97475c406489fd254ec1ce0d8daba36
Tags
steam discovery evasion persistence phishing privilege_escalation trojan
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

dd9da3da7f01b071c98eaaa20c238379e97475c406489fd254ec1ce0d8daba36

Threat Level: Shows suspicious behavior

The file ChromeSetup.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

steam discovery evasion persistence phishing privilege_escalation trojan

Checks whether UAC is enabled

Boot or Logon Autostart Execution: Active Setup

Detected potential entity reuse from brand steam.

Event Triggered Execution: Component Object Model Hijacking

Drops file in System32 directory

Checks installed software on the system

Executes dropped EXE

Drops file in Program Files directory

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-11 19:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-11 19:33

Reported

2024-08-11 19:36

Platform

win10v2004-20240802-en

Max time kernel

142s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe"

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\127.0.6533.100\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A

Detected potential entity reuse from brand steam.

phishing steam

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\mr.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google3276_573401937\bin\updater.exe C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\af.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\9f8414aa-1519-4566-94cd-d1d23ae2de3c.tmp C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\vk_swiftshader_icd.json C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\127.0.6533.100_chrome_installer.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\uninstall.cmd C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\vi.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\updater.log C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\el.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\de.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\ro.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\f8c12bec-d989-4749-bc35-7f1fcff0c881.tmp C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\vk_swiftshader.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File opened for modification C:\Program Files\Crashpad\settings.dat C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Extensions\external_extensions.json C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\bn.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\chrome_proxy.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google3276_573401937\updater.7z C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\CHROME.PACKED.7Z C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\127.0.6533.100_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\VisualElements\SmallLogoCanary.png C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File opened for modification C:\Program Files\Crashpad\settings.dat C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File opened for modification C:\Program Files\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe N/A
File opened for modification C:\Program Files\Crashpad\metadata C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe597e5e.TMP C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\prefs.json C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\VisualElements\Logo.png C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\zh-TW.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\MEIPreload\manifest.json C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\34fda72b-1fdb-4506-a37b-d2638f2586d9.tmp C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\chrome_100_percent.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\cs.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\hr.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\chrome_elf.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\e5ae1e26-cac5-4bc1-98e6-0f799552014a.tmp C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\default_apps\external_extensions.json C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\uk.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\nl.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\sk.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\es.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\he.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\zh-CN.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe57c4c7.TMP C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\ru.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\tr.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\WidevineCdm\manifest.json C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\settings.dat C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
File created C:\Program Files (x86)\chrome_url_fetcher_3996_1194874569\-8a69d345-d564-463c-aff1-a69d9e530f96-_127.0.6533.100_all_ac4tvikqe3lnxu4y2ee34ln26kjq.crx3 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\gu.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\hi.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\pt-BR.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\chrome.dll.sig C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\ar.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\ms.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\pt-PT.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5504_1045249444\Chrome-bin\127.0.6533.100\Locales\sl.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\updater.log C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\127.0.6533.100_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678784174479301" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Google\Chrome C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Google C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Google\Chrome\InstallerPinned = "0" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{34527502-D3DB-4205-A69B-789B27EE0414}\1.0\ = "GoogleUpdater TypeLib for IPolicyStatus2" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\1.0\ = "GoogleUpdater TypeLib for IPolicyStatus3" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ = "IAppCommandWeb" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F966A529-43C6-4710-8FF4-0B456324C8F4}\1.0\ = "GoogleUpdater TypeLib for IPolicyStatus4System" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4}\LocalService = "GoogleUpdaterService128.0.6597.0" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\TypeLib\ = "{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F966A529-43C6-4710-8FF4-0B456324C8F4}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{D106AB5F-A70E-400E-A21B-96208C1D8DBB} C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{B685B009-DBC4-4F24-9542-A162C3793E77}\1.0\0\win32 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA} C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{8A4B5D74-8832-5170-AB03-2415833EC703}\TypeLib C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{699F07AD-304C-5F71-A2DA-ABD765965B54}\1.0\ = "GoogleUpdater TypeLib for IUpdaterAppStatesCallbackSystem" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\1.0\0 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8A4B5D74-8832-5170-AB03-2415833EC703}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\5" C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\1.0\ = "GoogleUpdater TypeLib for IAppWeb" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\LocalServer32 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\1.0\ = "GoogleUpdater TypeLib for IUpdaterSystem" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\TypeLib\ = "{F966A529-43C6-4710-8FF4-0B456324C8F4}" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962} C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ = "IPolicyStatus2" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{CCA9FC90-B200-5641-99C0-7907756A93CF}\ProxyStubClsid32 C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\ = "IAppBundleWebSystem" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{F4334319-8210-469B-8262-DD03623FEB5B}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\1.0\ = "GoogleUpdater TypeLib for IUpdaterAppStateSystem" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\1.0\ = "GoogleUpdater TypeLib for IAppVersionWeb" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0\0\win32 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\ = "IPolicyStatus4System" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID\{534F5323-3569-4F42-919D-1E1CF93E5BF6} C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\4" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine\CurVer C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\4" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\1.0\0\win32 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{44B969D4-48B7-5A30-9CD6-CAC179D81F9C}\AppID = "{44B969D4-48B7-5A30-9CD6-CAC179D81F9C}" C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{8A4B5D74-8832-5170-AB03-2415833EC703}\TypeLib C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\TypeLib\ = "{5F793925-C903-4E92-9AE3-77CA5EAB1716}" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\1.0\0\win32 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54} C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\TypeLib\ = "{4DC034A8-4BFC-4D43-9250-914163356BB0}" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google3276_573401937\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\127.0.6533.100_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\127.0.6533.100_chrome_installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3276 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe C:\Program Files (x86)\Google3276_573401937\bin\updater.exe
PID 3276 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe C:\Program Files (x86)\Google3276_573401937\bin\updater.exe
PID 3276 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe C:\Program Files (x86)\Google3276_573401937\bin\updater.exe
PID 4676 wrote to memory of 3636 N/A C:\Program Files (x86)\Google3276_573401937\bin\updater.exe C:\Program Files (x86)\Google3276_573401937\bin\updater.exe
PID 4676 wrote to memory of 3636 N/A C:\Program Files (x86)\Google3276_573401937\bin\updater.exe C:\Program Files (x86)\Google3276_573401937\bin\updater.exe
PID 4676 wrote to memory of 3636 N/A C:\Program Files (x86)\Google3276_573401937\bin\updater.exe C:\Program Files (x86)\Google3276_573401937\bin\updater.exe
PID 3516 wrote to memory of 4392 N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
PID 3516 wrote to memory of 4392 N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
PID 3516 wrote to memory of 4392 N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
PID 3996 wrote to memory of 1876 N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
PID 3996 wrote to memory of 1876 N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
PID 3996 wrote to memory of 1876 N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
PID 2588 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2588 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe

"C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe"

C:\Program Files (x86)\Google3276_573401937\bin\updater.exe

"C:\Program Files (x86)\Google3276_573401937\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={A41D72D8-7102-608A-5507-D33D10A819FD}&lang=fr&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2

C:\Program Files (x86)\Google3276_573401937\bin\updater.exe

"C:\Program Files (x86)\Google3276_573401937\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x258,0x284,0x9cc694,0x9cc6a0,0x9cc6ac

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --system --windows-service --service=update-internal

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xa6c694,0xa6c6a0,0xa6c6ac

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xa6c694,0xa6c6a0,0xa6c6ac

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xf8,0xd4,0x7fffe879cc40,0x7fffe879cc4c,0x7fffe879cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,15126839784993055092,14722134971434766985,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1976 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1812,i,15126839784993055092,14722134971434766985,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2024 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,15126839784993055092,14722134971434766985,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2300 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,15126839784993055092,14722134971434766985,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,15126839784993055092,14722134971434766985,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,15126839784993055092,14722134971434766985,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,15126839784993055092,14722134971434766985,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4920 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,15126839784993055092,14722134971434766985,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4952 /prefetch:8

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\127.0.6533.100_chrome_installer.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\127.0.6533.100_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\f8c12bec-d989-4749-bc35-7f1fcff0c881.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\f8c12bec-d989-4749-bc35-7f1fcff0c881.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.100 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff6076941f8,0x7ff607694204,0x7ff607694210

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffff74846f8,0x7ffff7484708,0x7ffff7484718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.100 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff6076941f8,0x7ff607694204,0x7ff607694210

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5360 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5128,i,15126839784993055092,14722134971434766985,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3684,i,15126839784993055092,14722134971434766985,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3212,i,15126839784993055092,14722134971434766985,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe" --rename-chrome-exe --system-level --verbose-logging --channel=stable

C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.100 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff64b5041f8,0x7ff64b504204,0x7ff64b504210

C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe" --channel=stable --delete-old-versions --system-level --verbose-logging

C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.100 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff64b5041f8,0x7ff64b504204,0x7ff64b504210

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,9018968897384083898,11741170908835312606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5272 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 142.251.36.3:443 update.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 c.pki.goog udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
NL 142.250.179.131:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 172.217.23.206:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
NL 172.217.23.206:443 clients2.google.com tcp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
NL 172.217.23.206:443 clients2.google.com tcp
NL 142.250.179.131:80 o.pki.goog tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
GB 184.28.176.104:443 www.bing.com tcp
GB 184.28.176.104:443 www.bing.com tcp
US 8.8.8.8:53 104.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 184.28.176.40:443 r.bing.com tcp
GB 184.28.176.40:443 r.bing.com tcp
GB 184.28.176.90:443 r.bing.com tcp
GB 184.28.176.90:443 r.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 40.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 90.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.140:443 login.microsoftonline.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 u.to udp
RU 195.216.243.155:443 u.to tcp
RU 195.216.243.155:443 u.to tcp
US 8.8.8.8:53 155.243.216.195.in-addr.arpa udp
US 8.8.8.8:53 steamcommunjilty.com udp
US 104.21.77.65:443 steamcommunjilty.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 104.21.77.65:443 steamcommunjilty.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 65.77.21.104.in-addr.arpa udp
US 8.8.8.8:53 51.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 3.69.250.142.in-addr.arpa udp
US 8.8.8.8:53 140.190.18.2.in-addr.arpa udp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
GB 2.18.190.135:443 cdn.akamai.steamstatic.com tcp
GB 2.18.190.135:443 cdn.akamai.steamstatic.com tcp
GB 2.18.190.135:443 cdn.akamai.steamstatic.com tcp
GB 2.18.190.135:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
GB 2.18.190.135:443 cdn.akamai.steamstatic.com tcp
GB 2.18.190.135:443 cdn.akamai.steamstatic.com tcp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
US 8.8.8.8:53 135.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
GB 2.18.190.135:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 avatars.akamai.steamstatic.com udp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 2.18.190.147:443 avatars.akamai.steamstatic.com tcp
GB 2.18.190.147:443 avatars.akamai.steamstatic.com tcp
GB 2.18.190.147:443 avatars.akamai.steamstatic.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 147.190.18.2.in-addr.arpa udp
NL 142.251.36.3:443 update.googleapis.com tcp

Files

C:\Program Files (x86)\Google3276_573401937\bin\updater.exe

MD5 823816b4a601c69c89435ee17ef7b9e0
SHA1 2fc4c446243be4a18a6a0d142a68d5da7d2a6954
SHA256 c2a7c0fa80f228c2ce599e4427280997ea9e1a3f85ed32e5d5e4219dfb05ddb2
SHA512 f3b38807ed1eb96c932e850b9b37551554408a628bedf12aa32bde08c442ff3663bf584335e7eab193ce2cf7552bce456737c96a2ba9faa953150e6304068fc6

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 9a6b4ce5a350be381f9d329c95bcbb1b
SHA1 a583e3538c07878d6b4f850ba5b02aae58e74e4f
SHA256 8d365a95f96035b4ce8907a789eb0c6978458acd2e4f28c8e040b4a0b1c40d52
SHA512 5c2a4502ef652e57bdf40c7f299d174fbdcec94f3b2538da89cd6b240398e3ff1d8b96c55df8da0d49f9fb85b696879c895401ae020c3fb076f5b4278eefcd6c

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 dfc615f4fa71cdb3a075efeea8922440
SHA1 2e96b61a7a7e35272724c2cb639b645c5fdc53d0
SHA256 6c213cfaf1be4b0fb44304671f8479513b2440dddc8293ac731c40ad3a9071f5
SHA512 cbd015890400f6f0c875d64cd6b4d080d678bd85a9e8e478a9e0c2ec2cb80f365dea0e1819fec4827d536f54c9aefab8b5d3b98a2b5eb85c2aa63f527b037f08

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 1dda9bb06588f079be01256767fb629c
SHA1 1831911baf3dde8c14124f65c2a25ff84715e01a
SHA256 d37f2d001d9849f4ba6e40882bf679db16c5394297c8def63a2dc532ea7aa9be
SHA512 7d7bdbe40f583d8d7463b4b0b0ac11758aa60ae514c93ee54d9a99986df15209966404993c9b2439d230e3916c0c6023fab297f9ab763a167030d71a93f35295

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 9d44abcd4b0577cb84a5b6cb55fcc0b4
SHA1 9142cac3ecf66e988f9d29dbbb9f5278022b8d36
SHA256 aa0672f373022f171b594f83de822b8be8856b95713451c8a6c83b3256196c3e
SHA512 6f6bfddb09e0fb608c09be613031f3c72383e78a75131aa9d88653c772c5ab61643db55e8557ca6bfb5ca5b1bd1b9723ad6a62e10fb28d63723cf6b7a096e539

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 7b693a82168c33ec9e8cf276859ddf7f
SHA1 d396dbbe299fe7754a6244d01e97cc4edd0693eb
SHA256 84a9a7f43db56cd6e9a408f88244e8ba5efbe48a5b5168d321f112b8c8fd8e3f
SHA512 4064c158d753d19a72e1be1c8bd5fe7f22e2032d67d1dd7ea1d85ce652d63c69b85a4292c4403b0f7729b05607f3d1ccfaf4d27d04ad09ffcec70082450320ab

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\settings.dat

MD5 57396f99fe9190bb0f1d94329807cd68
SHA1 b04853dd557cd60d8b99031f95a7ac3f12df0e63
SHA256 623ac88d6433a189b93a2019d911ddf3f6b293f2299d70a72c668bf5aad13bf3
SHA512 ce785614632803de43ec121e76a25dc2fbeaeaccca29fa205e87e0322cae5fe00855a373c1519399ffbfe7827b3aa112466f592f2687fd40dadd23fd188de015

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 d4927578fc92dc543365aa4e43b202ba
SHA1 5e1aeb950ac6ac3f071fa02f90a4fbc0c8e5304c
SHA256 4ac029c04a6e82f4c588237f57a798b4285c818bdbb4250c20f11a5b95d4ecd1
SHA512 4c6cbf4bfb4279edc6d6bd816ca4d1d4dbc8b7f06d875493ffeea3a8782568f49911db28aae743a41962bbe4fe34afc531e119be58888a2acf0623e99df38e95

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 9e5322c30da3627145dc417c965b9bfb
SHA1 9002176953c781efa4dd88dada48b5755c87e406
SHA256 1ab6eb1b6549c8ad7f98020f40de166341300ebe657e23b44fa7e68844b683fd
SHA512 da34b42ce69343ddc1aab5d1965f04ee9ec39736d259835c3f90b16b01d6e702524f18a41b9fe40cae7c34293f9280793b50fe61d25595c545d2c6fb8cdc4c97

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 fa5311ae5bc01c4039549e8e56f2234f
SHA1 f3aa27735c80442a6c417eb7e9c246cf0e05299b
SHA256 c53b3f2e0fabf1baf8cd1c936cb4b57d5d4e221d143dcdc7521a84d61afd63d1
SHA512 451b98ff0115444847802e7e3a1b044ca012bc816b15ca2b065639310ebf3c3e900c23836193295b4014b6fd5fa219b2a113e26f23b5b8d6b50a68a9d6fbfa3a

\??\pipe\crashpad_2588_UBQJSITFJLUFQLSQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6429e733-2f08-41bd-9fbc-8586c02759b6.tmp

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 7c1dcfea145d743e95eff599541ba402
SHA1 0edb5989c940d37ff30c62df65d14725afd3c1e0
SHA256 beef8174cf617edf51a77aeb2a65320125be1cd2b97b4e5554745b523859b9e9
SHA512 9f1e60c4c05d17e7906e639da0541d263fb8b520cb24751d6d4685b50aae515767f5c4fc50eb00e266ad0158b215b58bc08d1f7227b02ec672158fc09ca7b356

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 75476481060697ef8552ee5ac88cc6e7
SHA1 c01a6f37c86759d53cf5e6867eae4bb358ad1904
SHA256 f1b84671e880d0caca4e4678cc657f7e42736ec7cee2ee6b3656d4c1a889118f
SHA512 c6ce9a27d5ba8c5d932b17c3ad789642e69df8892c95f7c66473371e75584ac18a15d6d1b02d7e0455ec8a3a21c6e72c767c2cfb15935eed5413a1212f286913

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 94074d7a0cd750e4b1be85e264a09abf
SHA1 7cb1ccb4b3a6ee85e44c8f00a602b55abf320259
SHA256 3996d5802ce14e2a7c65965c6f2eaaf845083ec1fd1568a5a2b8da3399327aec
SHA512 0bcff526907b9f531381db81aeede2c114bd7dece4ef1201caa58248e419b35f701bfc9966fe2614bc40ff0ce003469b338c7a304e38475d34980a8104e02119

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 efef921fadaa10725e1d4cfe65340d51
SHA1 932ba3f5a64eb5fbf45cfb7f3a2beb0745b08910
SHA256 b9c079bc6730fc60de13bee7eed71f709a7947d6f03cb4fc731d22815d90c9e3
SHA512 25a7b10e2d2133a2234ea4bdb8ff4df66ae89cb16c1070d8af778949821562fe5c5c6e1b5f7080678dc965d6a9295be602e6e67537566b26db3c653261ec412d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c097cccdea502a106ccb50f42c9f81ac
SHA1 8ae586a478f12ed6a9ca5132d38b53234efa223e
SHA256 e1852e3d0c107b9799190ec46ff272b465648736b83e3ccc956a7400536a54fb
SHA512 a8a15fa285bc33519c61ba75df7733e94b3881e2dcefaf96f623dad2b8e8461fdf0514310cd4e747bfeb5334590a6528842bcda975a815756e9c10c91d640814

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 fade62847c68bf2dc8f13e092867493f
SHA1 28046f5dd2f32d94a8600196b101a663c7b0209d
SHA256 5381969638bfca851f712b841ee7d1dbfdf81f04fd455e599d330d0103930908
SHA512 77620636bdbf13e5a2ca8264223f31ec9310794fa97e8c98953696bef51881ac2c06654b15615f888df647a40139e5c50c8710680df91675631c6a66b8d88140

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\CR_83100.tmp\setup.exe

MD5 b499c472671954ea2e05ebb0bf36a9e1
SHA1 56ab7b8252650c96bc32a78a7501d865a95f49bc
SHA256 f575182c29331b37a74a3bce16d11c4a2c9d53794117ea75d09de45f88a22deb
SHA512 d2120bd35ebdc5109d4709d65601527a6eb1f69baf1ae9aaae5d96e708b91944df5cde18d3b5c65d24a0502718ba1a552f18d7a7a2b1af484f1288d4bdd1c504

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3996_1415637185\f8c12bec-d989-4749-bc35-7f1fcff0c881.tmp

MD5 34e7576ddb18aab3b74b6f37b3a07a14
SHA1 c202884c295d84f32d4e5aa4193cab3d32acdcac
SHA256 b4d1d9bcd14aa01c9cba5383bebb644a8e651ed695ebabdc311d6a179b88375a
SHA512 2643607fb9c456f50569e2dcf76ed6a8d98220a1932fffae746ee5c3569030910b6f7c8bed46058097abcd576a503d20941de2b9c214bce8ce5f86b6d5ee90b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 27304926d60324abe74d7a4b571c35ea
SHA1 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA256 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512 f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9e3fc58a8fb86c93d19e1500b873ef6f
SHA1 c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512 e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d8f7e8c5766b7f5220c74bbffd1dc355
SHA1 a00051965ead4b242914b677a5e50944ac7775c6
SHA256 94662e4d1c0a57fb79efbc348eef3c3e854f7e0ae77b3c9f2727e83910fc336f
SHA512 03d0ff27a7b3badffe264cb02827c06aa454e25547c84941cf0375996f99b67910cf9a16d0b950adfa59a2d130010a5617c74dd4daa390d76f5b8420ef691bcd

C:\Windows\TEMP\chrome_installer.log

MD5 121a085b755aa1cfe704c8dd794b645f
SHA1 bc0a30faf59392a1c5192e984e04c97b72542b2d
SHA256 648e44454b63fcc6922067bf99902858822891c6ac2edf3451a5e71955d0928c
SHA512 2f3661bcd5916af3e95715bb1dc3306b187256c5d5973d8618af8206edbfd7fb59786e764df9da7476b51a3d43499166e70707d3987928b9bca846c4e56b1dfe

C:\Program Files\Crashpad\settings.dat

MD5 ad38723daf25eeb45360e1a63a20f802
SHA1 b19d4c01bb52e408badaad4d371ebbdae33e7f62
SHA256 3af166d103dce85798c77f32544a2fb80fc5d51822a73e89b6023a6b2ba1d996
SHA512 7acacb74a55623b231a607c183c5a95fc46e63f161ac28cb078c3c0e0f31f495a77c52bddc6ab14a592c0c3b5043941a45b7562262ad13032cd7046def7a6a5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bccb0ca548f3f163562759837b8abd32
SHA1 41102f713b6a865917f9a762257ed36f2c20ff4c
SHA256 c8fe3c101a48693983cf1c65003a32d95f019e8ffb2063dc3f81f492051faee2
SHA512 651fa1351459d55335fd10c6e26ac67e0e5bfc2a02edf597a0837b7f06f6fd19d043602f662ff75f2431851cc4061a7325bb035896df17e35138e687c229f18c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 412e8c1a0994a8ff4418ce073b54d22f
SHA1 684946de14241e4fed01efbd7ab06e412caa1ac2
SHA256 d24c897396ad6f75986b7d3960c9a81b62b01b6f7f9ceed586c3d7dae4f75b01
SHA512 af3ce9e8e822a7897256c8a497d40428802eb24c9b5dc14c932f2a7ae690eb4294b3bfcb31144e7e288ecb15304b710dd02ad0448a819b6aad9cb77f7e76d301

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 51ab140e9a58caf56b0c8abd44e1377d
SHA1 114bdb2da73b4e3bf49d17a7066b17b7b819eaf3
SHA256 8143880482c93bd19b8bd88c5c1c151e94db96664485d97bd727ef0f359e381f
SHA512 0621d7f0ed3ab0b8f3ce43c62fa03d89c9b88e3296011a75fd03554a5bce1bd36edd69e22bf0165abeb22d06d2a28cb06ddd1df7c58ddd5b4eb7cedced3a0603

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3ed354a0cfaeb18f09484013fdb8d8df
SHA1 048593b3aa153b26ddf2d8e249ca296b957f40b6
SHA256 fbf0631f2c49647850a7b797707d5e55fe527f11491f2034cbeed926d885dd40
SHA512 d5f85c2472c2297a6dfbecf073157c6e52558fe6b9c688f9fc90e59872e4eeeb1934b0372e33492cdfe045656eb25e3698729bf456a8a7a6f41ae5cbc99a9f52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a7876507828690ac5cdde8cfb1e07c39
SHA1 17aafa7912bfb80bedfddd2fb09a50b573004b6d
SHA256 eef87ca63fd23f67856c0a9228308587676289c96c90a78dc346f018fe3af633
SHA512 2e1e21e3b46479c17b8f1336384124eb2e4c3792ef8e8fdb12d1daea1ea6c5a7ba27efd5ddee99cf3dedf2aed8bcb61a93caf714ac95241681c27d081cacfea2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9b15be5c8452adc9ff321a7c2a342cad
SHA1 947301b66ac58cee584180aeb280f9c324fbdd18
SHA256 2cc7796e9b7909b46dce9fc23fc9267a3a9efdfe12048e022902ef45d143349a
SHA512 22a01002354174c5f91059af3c23de271df90c87a1a18c13a0bbc8cba3e0787ea04da1f388764a799598a9a055e6952cc7f5aca90b97030f2eee8fd5786c2f2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bfd7fdadc4e32fe3b8177b10f9b70436
SHA1 0b798a41ab325184b622d98074faab930f064388
SHA256 eecb2be9c29a90becb46032f129a8a7c5f323a168bb25eed959e273756d3a125
SHA512 3117d736e3a5a72236a94559d9e8ed44a677d5124fd0a0d805f2f8a82384abee5149f3ef02e797064a3d53fa4c57045a6cbb2e60a30cefff67952ebbf9b954ee

C:\Program Files (x86)\Google\GoogleUpdater\34fda72b-1fdb-4506-a37b-d2638f2586d9.tmp

MD5 41ae265e3a4821b6bc03e54109990074
SHA1 f50c8b4442afe900544795a56a9691a86d006481
SHA256 29e49dd9f84c22769185cb31b012500a4435808d7c1081b367c554c799f0148a
SHA512 e6934a9c20732c5d7a171a79bef9fedbefa62e6ee0efcbf73b6689d813488a88b1f934133551b34e7a4141a7a1c966fdab20557505347cd4932601a88bd14b84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a6cbaa8abb55914072edc693e7db353b
SHA1 77f70975e63248cbecd7021c5c0b17d5dc6d62cb
SHA256 4e3a16327be3591a49727c6b4644a66b85be100f042f29595ab776e30466e8f4
SHA512 70968b259934f7560901667d332fb876b7b37400ff763dd2e6bf7ba7e3aa6059b09036c77efefd453b2108971cf52aab56ae85f7005fdc545493a7683617f096

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d23d414dcc75eb664bf29c263d314edc
SHA1 08880d4283ce7ffe0412b8e05c358f759f17a810
SHA256 32d744feac7656ed8a6ee0e1649523f3016ddfad66624ef3133893b00e75d526
SHA512 61f4ac1b60036d3e64daee9f6c23048df81782e17f6ee76695e2e90afe8cb7c8e4274db3a1108243185679242227399c4a666c51865b7deda4c7c94f601afc18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e5d82a4ff9a80d38041cd35a07b6ea44
SHA1 733970b1ff70430f77403a1813c97864febc8d4c
SHA256 0f2f536b26e66014d984848ff2447706417699090ef725934186d336b03bc0e6
SHA512 4217cc7afd2eac2870f0e272fce73d790038bd20826dfab1f381ea16ab3f4d5ef2b6841a206e4843b975cc5554fdec9df5235c0b678ec4b32b34ac8d2c369d55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0dae15df84cf2f6f1d73f4bc74894ac4
SHA1 eaac6261c6e1434279adf03774073068610116bc
SHA256 1fd5415769cb64d8fcc6aa793ab52721752b124885b9d9b43fe5c259bcbf1161
SHA512 919fa04ab88470ef16a0fc739ec2207d698de4131986030a164d56f358359427d1d0a85e09ff7ccbd3284b0a6ddaafadee403a9619d5b36bdb57cabc3cd108d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e66733b3e97f293cd6bef0c6a98e7de5
SHA1 c6767e887ea6b7dceb83f6ccb69c1aa94d67b1e8
SHA256 bb05565b8db9394861f51c922105c53a88714f764076bd452b26b3e54d9ce72d
SHA512 7522ac6efa8992c4cfc756c63c6e3b8aa8ace1dac600ebbeb8f88e010a1bd04646d25808f631953c24b04cb8a1e31091ef7075eda70c312dd47c644f705fc08c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 902c087beaa2e8553652cc0d7c221ad3
SHA1 2d4aa1214ec540bc88f25e922f43e89a2704fa56
SHA256 c1478e3b8cb7b317d141ed3e7473d934b40d473be49357ee081a626b0556faf8
SHA512 d190ba6049b01f1f5517b64ef1d5b33481d6b1f4ac6ef0633d8cdc18ba84a5927bdcf50a032e461a83dadac96e63c542ecfbb5260a742eff13a901b688995e90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 046d8cbf97449be8da73c1eccb0dd293
SHA1 a40ddd3efabbf263bd9f80d53ffc55adf32fa6e5
SHA256 31157d7f4644284a5f9f7334ea3a375284c981624dc0d44885210cd8761bd4ea
SHA512 4165da7bcc2b4f78e933f5fb9612a6674099759601f6f4ed3dedb8e6d53837a0547bcb1783412b8ace1f2c5e2564ffc2e7e1f19361222c366f9fe5793dfd0c3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 02a096817a4132149267b4bd35abc0c6
SHA1 d3ad865f90d261386c5348fe46ad3e0011e32086
SHA256 bc404ad8db5ae836a584d1786934a974023201cf03e4309182c0a98eabbfbdd6
SHA512 d711afb356495b76054bc111f5071f088db3a583a1546a490c472990576bd938e832a9301b1cc04d194a98251f2bfaaef05fef89f07bd07865b5a5b181063b7c

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0947137ea49ea0f5d323d08c7a358503
SHA1 05ba99e8622bdacc0a3f745df313d57a651f2227
SHA256 94bbf75ed46eee462d6ee6afcb8ebc8b2a085293ba410871f84a93415576f05f
SHA512 ef6b695852cd2bf4773279b7e78cf31bca997348b64d9c1fec3cd949944965e9d5e98a13b82dab35e20176ae2fed699091f8649df1fd4f30f0e4654102550700

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e29bbf7e68c11aaa63a09f0f06bc4d41
SHA1 05590313b57260238ec43e6ae47d7df44bcc6ac5
SHA256 5ae2748bb2ec8fb2cc1d034c232121404c3ad1b20c8532f7beba82be0a07d55f
SHA512 f0075fdac6ec99c2e1a7a3f554f4f76c0bdcf9fdb25a3b77401ce11db8fd878c6889e9e4517fafd7228b32e1c53351564cb6f020d3ca24008bb8b62b0784bee8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 52167ffb4e6860a1203f00832e319ec4
SHA1 ead63c1dea419932c7bbf712ddeb46efd89899cb
SHA256 481eb5acf26cf49581a23da66f4a0ac16e45882713bd27ccaa0088fb099fb2d5
SHA512 456caefc6d0a9a21adf35960ad2292839e5ab220d14aa7577ef948dbf26c9c3a0537eea161134f89155d24679447570adaf3f2814824a0a0a13505569ea5e24a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f3ef7645d31ba55ecf1f29ef832fef00
SHA1 be9130db7d4d621d23608686f6e8cb18440d3504
SHA256 612e2acef68125edfdba134a4ad0abea074d9d920fdca1821af591d0c33b2f87
SHA512 51b792d2dc2e48ce0d221bde6fb87c97ef728ae83e5e6980fd49cad8814c0d04a69e6d03d8137eac3946b951bba9bc49091d6864c1932aba4627c633d253841c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a200e33ff3aaded7b0810feba17f9318
SHA1 513bf1325444a55a2d49b1870d333cd1ad4553c0
SHA256 9d0eda9c2752a64284596b8df6afd1eab0b7e6c33fb153f79ba70b853fa48e11
SHA512 8b4566be7de114d9f0fcdeaee03617dd9c8c17b0a56fd0bc1533172d92ca4ae3809c4eabe4210cedd9c74976b22423e80b763ead0610d2f3e5a81ed0667fb25a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 a1d8c9c9475bb58245cd7b9408e7f93e
SHA1 81341854bb916610bc0d64ef5d72de0dd17787b6
SHA256 4fa2534985865185f7b27012be453a1332c5980c57bd976bbf8eafdab775e3c9
SHA512 288f3b0c1bab6f92fd9755846b8c173366f9be9e3770a843f6b10a5ed7e173c6f5765ef7efe11e65a567b83a0eba96b682414c815a29bd8c9b6e968f9f89a0f8

C:\Windows\TEMP\chrome_installer.log

MD5 b817b6abc13cef40200996659e8c1b1c
SHA1 556b5c4b01e0cddfaa63659d3968dc27ee7a6bdb
SHA256 d0ae9b53641c58a637d82b994a6e4821b610bc2df6fbcdb1e989d6d9e20df9a1
SHA512 3aba658af4d0c9dbbeb58ddae3e43726b34143777cebd4908194e635fd476aa31af0d09b0b9ca6273982c5de4e57a12ac152abc13e79acaa02fe1003dfc3673b

C:\Program Files\Google\Chrome\Application\new_chrome_proxy.exe

MD5 5145f1fe4227332c1eb14341ec530776
SHA1 5ea010cdb33a42a98729da9b9c17ce126e0aae6e
SHA256 cf38662eb4f66d7cb5826a6a6a91f9debcf4804a33408204848f703a0b0efc18
SHA512 96f2dcfd2336c3b64da679b6ab8fcc1005ac7784d550261f64e29bcc5dcf063959e7d4404c703eee0dc051ce086d0fee9a370957f68986fa7f4a35fe44104dc5

C:\Program Files\Google\Chrome\Application\new_chrome.exe

MD5 6b6be8013a8b3dadbd05ce6be131811f
SHA1 8bc44fc720910e84e3f1ff5762c94079ca4bd5a9
SHA256 36c981748637acc06ae44dc2c4cc17e66b20bd860389c01b68ce9ddbcfe2e941
SHA512 ed1622b01a12cd55a9ef1a23905b4d8610ba2a7bced23d4bc5ee94514397084ee0f71fbed6cb4c4f4073d3aab988fd6cad8e7e6961a118f2ded308ff75e54b85

C:\Windows\TEMP\chrome_installer.log

MD5 298ab0954d61d3065bf733f5b108f80d
SHA1 f2386b7ae84dcb77c1fdb93ced3a830bfefe9b8d
SHA256 b81136780894fa96c1c1ceeb404120ecb93bb1506ca19bcf25e570d129c8fd24
SHA512 85d6f284b2acd4d86b610509ea6db565f5d0a755735486b5562c396756c76f4dd941e2a9fce6f4460d8c02de614bf38c515af9057ebb49e400ee19097b4e7283