Malware Analysis Report

2025-01-02 07:29

Sample ID 240816-hfkbfavcrl
Target e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d
SHA256 e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d
Tags
floxif backdoor discovery persistence privilege_escalation trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d

Threat Level: Known bad

The file e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d was found to be: Known bad.

Malicious Activity Summary

floxif backdoor discovery persistence privilege_escalation trojan upx

Floxif, Floodfix

Detects Floxif payload

Event Triggered Execution: Image File Execution Options Injection

Event Triggered Execution: AppInit DLLs

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: Component Object Model Hijacking

UPX packed file

Executes dropped EXE

Loads dropped DLL

ACProtect 1.3x - 1.4x DLL software

Checks computer location settings

Checks installed software on the system

Enumerates connected drives

Drops file in Program Files directory

System Network Configuration Discovery: Internet Connection Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-16 06:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-16 06:40

Reported

2024-08-16 06:43

Platform

win7-20240708-en

Max time kernel

146s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe"

Signatures

Floxif, Floodfix

backdoor trojan floxif

Detects Floxif payload

backdoor
Description Indicator Process Target
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\109.0.5414.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\109.0.5414.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\e: C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created \??\c:\program files\common files\system\symsrv.dll.000 C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_hi.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_ml.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_en.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_gu.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_ml.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\chrome_200_percent.pak C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdateComRegisterShell64.exe C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleCrashHandler64.exe C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\Locales\et.pak C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_hu.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_sk.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\Locales\bn.pak C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\Locales\en-GB.pak C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_iw.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\psuser.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\Locales\ca.pak C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_tr.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_ru.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\Locales\he.pak C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\chrome.exe.sig C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\chrome.7z C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_ms.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_fa.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_th.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_sv.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\WidevineCdm\LICENSE C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_el.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_hr.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_it.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleCrashHandler.exe C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_hi.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_ms.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\Extensions\external_extensions.json C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\v8_context_snapshot.bin C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\VisualElements\Logo.png C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_et.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_ro.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdate.dll.tmp C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_no.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File opened for modification C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdate.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\109.0.5414.120_chrome_installer.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_ko.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_sr.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_fi.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\Locales\nb.pak C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdate.dll.tmp C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\psuser.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdateCore.exe C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_ca.dll C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\Locales\lv.pak C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\vulkan-1.dll C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\chrome_pwa_launcher.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_zh-CN.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\Locales\es.pak C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2324_1711452749\Chrome-bin\109.0.5414.120\Locales\fa.pak C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_it.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_kn.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_mr.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_nl.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods\ = "41" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ = "IProcessLauncher" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ProgID\ = "GoogleUpdate.CoreMachineClass.1" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc.1.0\ = "Google Update Legacy On Demand" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1\ = "Google Update Core Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LOCALSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ = "IAppCommand" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0\ = "Google Update Legacy On Demand" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods\ = "7" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods\ = "12" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ = "IGoogleUpdateCore" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\ = "ICoCreateAsync" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ = "IProcessLauncher2" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544}\ = "IPolicyStatusValue" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ = "IApp" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ = "IJobObserver" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ = "IAppVersionWeb" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\Elevation C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ = "ServiceModule" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ServiceParameters = "/comsvc" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods\ = "9" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ = "IApp2" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ = "IAppCommandWeb" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods\ = "11" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ = "IJobObserver" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A50E9E56-BA18-4FCD-8DDF-B91F12D0B6B9}\InprocHandler32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ProgID\ = "GoogleUpdate.Update3WebMachine.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine.dll" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\CLSID\ = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2984 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe
PID 2984 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe
PID 2984 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe
PID 2984 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe
PID 2984 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe
PID 2984 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe
PID 2984 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe
PID 2580 wrote to memory of 1700 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 1700 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 1700 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 1700 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 1700 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 1700 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 1700 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 1052 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 1052 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 1052 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 1052 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 1052 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 1052 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 1052 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1052 wrote to memory of 2496 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 1052 wrote to memory of 2496 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 1052 wrote to memory of 2496 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 1052 wrote to memory of 2496 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 1052 wrote to memory of 1368 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 1052 wrote to memory of 1368 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 1052 wrote to memory of 1368 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 1052 wrote to memory of 1368 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 1052 wrote to memory of 1248 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 1052 wrote to memory of 1248 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 1052 wrote to memory of 1248 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 1052 wrote to memory of 1248 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 2580 wrote to memory of 2116 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 2116 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 2116 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 2116 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 2116 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 2116 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 2116 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 576 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 576 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 576 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 576 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 576 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 576 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2580 wrote to memory of 576 N/A C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2260 wrote to memory of 1760 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\109.0.5414.120_chrome_installer.exe
PID 2260 wrote to memory of 1760 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\109.0.5414.120_chrome_installer.exe
PID 2260 wrote to memory of 1760 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\109.0.5414.120_chrome_installer.exe
PID 2260 wrote to memory of 1760 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\109.0.5414.120_chrome_installer.exe
PID 1760 wrote to memory of 2324 N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\109.0.5414.120_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe
PID 1760 wrote to memory of 2324 N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\109.0.5414.120_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe
PID 1760 wrote to memory of 2324 N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\109.0.5414.120_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe
PID 2324 wrote to memory of 1264 N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe
PID 2324 wrote to memory of 1264 N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe
PID 2324 wrote to memory of 1264 N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe
PID 2324 wrote to memory of 1584 N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe
PID 2324 wrote to memory of 1584 N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe
PID 2324 wrote to memory of 1584 N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe
PID 1584 wrote to memory of 2800 N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe
PID 1584 wrote to memory of 2800 N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe
PID 1584 wrote to memory of 2800 N/A C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe
PID 2260 wrote to memory of 2624 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe

Processes

C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe

"C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe"

C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={23B7F606-DA1B-291C-61C0-F4F2AC577668}&lang=en&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=YTUH&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xMzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4xMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDlEMDVDOTMtQjRDMy00RkY3LUIxOUQtMDE2QjM5NTU2MzY2fSIgdXNlcmlkPSJ7RTREN0NBQUItQkEyRS00RTAwLUIzRTctNTlENzgyNUM3OEM5fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0ZBMzdFMjlBLTQyNEYtNEY5QS1CMDY0LTk1QkJENjU3QTE2Rn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjE1MSIgbmV4dHZlcnNpb249IjEuMy4zNi4xMzIiIGxhbmc9ImVuIiBicmFuZD0iWVRVSCIgY2xpZW50PSIiIGlpZD0iezIzQjdGNjA2LURBMUItMjkxQy02MUMwLUY0RjJBQzU3NzY2OH0iPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNzMzIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={23B7F606-DA1B-291C-61C0-F4F2AC577668}&lang=en&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=YTUH&installdataindex=empty" /installsource taggedmi /sessionid "{09D05C93-B4C3-4FF7-B19D-016B39556366}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\109.0.5414.120_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\109.0.5414.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\gui7B29.tmp"

C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\gui7B29.tmp"

C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140201148,0x140201158,0x140201168

C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{29C636DB-5921-47B2-A98F-FF9959CFC22A}\CR_00660.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140201148,0x140201158,0x140201168

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xMzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4xMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDlEMDVDOTMtQjRDMy00RkY3LUIxOUQtMDE2QjM5NTU2MzY2fSIgdXNlcmlkPSJ7RTREN0NBQUItQkEyRS00RTAwLUIzRTctNTlENzgyNUM3OEM5fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0IwREIyQUVELUQ2REItNDg1Qy04OEI0LUI2ODFBNDgwODJBMX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuNTQxNC4xMjAiIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9ImVuIiBicmFuZD0iWVRVSCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjM4IiBpaWQ9InsyM0I3RjYwNi1EQTFCLTI5MUMtNjFDMC1GNEYyQUM1Nzc2Njh9IiBjb2hvcnQ9IjE6MWc4eDoiIGNvaG9ydG5hbWU9IldpbmRvd3MgNyI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9lZGdlZGwubWUuZ3Z0MS5jb20vZWRnZWRsL3JlbGVhc2UyL2Nocm9tZS9jemFvMmhydnBrNXdncXJrejRra3M1cjczNF8xMDkuMC41NDE0LjEyMC8xMDkuMC41NDE0LjEyMF9jaHJvbWVfaW5zdGFsbGVyLmV4ZSIgZG93bmxvYWRlZD0iOTMxMjI2MDAiIHRvdGFsPSI5MzEyMjYwMCIgZG93bmxvYWRfdGltZV9tcz0iMzE3MzAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjMxMjAiIGRvd25sb2FkX3RpbWVfbXM9IjMyNDc5IiBkb3dubG9hZGVkPSI5MzEyMjYwMCIgdG90YWw9IjkzMTIyNjAwIiBpbnN0YWxsX3RpbWVfbXM9IjI3MDUxIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

Network

Country Destination Domain Proto
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 5isohu.com udp
FR 142.250.179.67:443 update.googleapis.com tcp
FR 142.250.179.67:443 update.googleapis.com tcp
US 8.8.8.8:53 www.aieov.com udp
US 45.33.18.44:80 www.aieov.com tcp
US 45.33.18.44:80 www.aieov.com tcp
US 45.33.18.44:80 www.aieov.com tcp
US 45.33.18.44:80 www.aieov.com tcp
US 45.33.18.44:80 www.aieov.com tcp
US 45.33.18.44:80 www.aieov.com tcp
FR 142.250.179.67:443 update.googleapis.com tcp

Files

memory/2984-3-0x0000000010000000-0x0000000010030000-memory.dmp

\Program Files\Common Files\System\symsrv.dll

MD5 7574cf2c64f35161ab1292e2f532aabf
SHA1 14ba3fa927a06224dfe587014299e834def4644f
SHA256 de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA512 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdate.exe

MD5 e885bf92c289c674cd32f3e85ab2b922
SHA1 c0a98fd8c74d031f54fda658a1c67d8886b5e076
SHA256 63854e78780866d2ae56a58958a1fda017a71f54b71fe70cf5403958e961862a
SHA512 618d0cb1e6b50716ad877616da547d45099d92c6d00158da0ee2a76cf08f13ee540d365f747a031f0da96b238acc7fc9c0996c8de3feb7753966a9458e5f2512

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdate.dll

MD5 c0afc2fd557628f98ac9b7834ce7d966
SHA1 7ddfcc41f315d807d36dfef3b0217614aadb0151
SHA256 b31ed15eeb3e535d1318a566000adc069b793fd0f19ba9ae18342f7656121596
SHA512 b3a68dc8a2707d247f6224936c629bf162b72a29e50f48d763d151d0aa83d2b95e0e9a6110005f98e40e819fb41535f4c4e90a6ba95c94b4404b7e7eb1f4d4ba

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_en.dll

MD5 2d042e395936029bce585828ebfdbb7f
SHA1 f329cd1fd339a3bae7aa296c7c9059ed106c5146
SHA256 22b51dc5d66d1487b5371353253ec26a6cb99c5425e800d06e670b4321e52472
SHA512 f08617418537c031653f3a675cddc1a7d422301a6d639381766f8eb80efc1be92ec3c35f0e5e12aadb6fa7daa4bd854004253ac8bf2960d0a32a68c7e59bfda9

C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdateCore.exe

MD5 2c6849cca1783f20415a54ff80bd6a82
SHA1 555691825d70c89152ee00932412a59eb7585ff6
SHA256 eae6d2053a0f4ea3af887c9244770d31cbacab69f165d4ac5fa49b619f0d6bc3
SHA512 a1e66f6260dd2e63f7b2e0cee4b45e35f5d2740e6c2f129b6ba1af88cc9c12a669d76d41a59a7a067ec610b53ddfc56e8beb31659fa79734655510d182bdc075

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_el.dll

MD5 9dddfb7ca127c2d1e61a6ca4961e9c0a
SHA1 ab0255abc59d74e02fd6fde7f5f0893fa8e7045e
SHA256 be8800221c1ffa7c0a28bbd2042bdd14bfcb8536f8ffab569b07a8c80f8252bb
SHA512 981cf8ead9ea81bdbf70d2556d1843ebb49a5f3b2278d680b264b5f0b83cc50caa351325e4ab62af758e6a8ca41474d4f54355df84c796ca1dd3c6cd689067cc

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_de.dll

MD5 35e401fe16fcb9c81aff7bf56becac57
SHA1 b23eb49d5dc11265b86d74c7eb93b76d5de23fc7
SHA256 5267fbbfb123d5603cbbb60f2d00a0d446dd5885a1e5f032887a49a8a3da08f1
SHA512 7f84d08778a83f32cad5b297ea559cc05cb6b52ae0e72c660e9d0ac8bdf903b797333953f8fc9aff63f997ba35bbb2012b2551e83b85ce985eb3503e30ba54bb

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_es.dll

MD5 452eef818bfc9cfb0b25c8fcbfc87aab
SHA1 7a6bda3d78588b8bf979fa231fcf3ddf21c972ee
SHA256 113def0d64b16936e317fe1cd64d8e76c6b0d3aa2dcf510c69205b733d6edba5
SHA512 8115b59eee3acfd80ce51546af65dfb150f6ce355b0aa09c93a48774e6d97e3f6c69e34e06ccd829a60095f11681b24a8ad0bd14062f50cdda85b0540721f514

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_fi.dll

MD5 0cea0902425885aa28ce33941ac5ba86
SHA1 f7075b25ed4acb54863af75f2847461840b538c0
SHA256 7b398f815cbc97a0c2182356a860f58a929beae897423fb2c918f0f6f19348b5
SHA512 2c5aff3d2a6125888158e560ae85c56c4ca2d908bcdfc3df4dbeb353c01be8606aa563044a4e19a8971e197fdb1aaa03d04e4d4bc9fa525d6cc6f012eb02c028

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_fr.dll

MD5 3769c44cc293a7894c7014b2cceb8578
SHA1 d9bc63916a2d96e5c0ba2cf3e533aecc6463270c
SHA256 484b8c7997926aa611bf15665f6a3482b35d5a99d91493cc822ef90d70719ba5
SHA512 dd135d5e6f4af7e46233bf41e743ef25802a41f92f7fdd36da680f1edda0941ac53aaca276a38f3ec34f7b47f706d15f26e21c613d09b2a823a4bbd0d7ab60aa

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_hi.dll

MD5 1af755c765cdadb74de6f4b546588720
SHA1 8508af996cbe21b630095ff1afff0763b9030836
SHA256 bc4d28cf08cb49c6a96f11e837b862c2570b8feae40a320979fef4689292f262
SHA512 b8aaa9b789b54a07ece1e410f50e36c35943d85dda6baabb0b99ef4ce50f18db5aca61fff6ec0acc78af0f56598104f99109ae32c93bd79911c66a5d1cd8fd54

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_gu.dll

MD5 b261ca243143132113962d060983c600
SHA1 342b514ddb1566ac8d89d432b1e607536828bf85
SHA256 b3111f3e780a788bb10232408a7a13bd16304cd99d6be5b2415798827f70003a
SHA512 9491446f975f9ac27dd97f3459a9d463b62805440461c241ed27af0957ff0974325d58a61189bec60f626b8d3dc93caf3ae4e776e696bc92b4d6208bacbdbcd3

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_hu.dll

MD5 36f712250df4a20e5a28ab54354608a4
SHA1 2057995d379d70b8ecd1d9b93197383f99edacae
SHA256 e7005ab9665440218bd456e0512c0c7f6bdee837724a6ff28848df22baa83ae7
SHA512 7fa014767238a0f490c56e75bfe27a64078479d490a4f95dfb3292236d3d6eba67e39564b2dcf4e44850c7222db530d846fb0503eca4e659bb57c627da6233ea

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_id.dll

MD5 9ddf346af7105078f3c5f6ca15b062d6
SHA1 890727a3efb6c1752b060b12a78811bdb05c8429
SHA256 3d125804addff9eb36b7fb9afeacdf7866fc2120b8e35f06aaf0bd5f98e8dfa5
SHA512 d82f6bc3c532a7b61839c5a038414d9c16195cd4d0ff9a69b31bcb3afdebc24f13be53cecf931957bbf1dd3d879b15ad70375096f4bc2bbfcd62e938ae730d3b

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_ko.dll

MD5 521b303acba2fdc8f4188577b96bc30a
SHA1 c7bea12d9c28c6fa5c5949f23a9c20a9f5f2f70e
SHA256 2488aef59063829972e7b5bcee9ca191807e89adc594fcacd8ae6007470ffaa6
SHA512 6de536de414ec2a5d68323dd77c2d6c0cd5b8c8503c94f9eca0a89f68f04892b374ab047686fe96a2ca8c9ced7da8c83d5a7ba2a793642529e28ee75cc37a048

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_ro.dll

MD5 2711b56ecd2a6fcc85df51514797d6e6
SHA1 ab6026a8150f94968f096f7909a828e7fdf6cfdc
SHA256 952ecac650a4a8072b481d5e7a298140058defe6fa7148e8b2a9025c624987bc
SHA512 2bd567b3b6ebf2506f8e23ed778a00ed762ed03701dc5e1559662ad1480f3c70624083ae1586768a1843053df9428cb352c6607b2ae4da6e19a63bc9c977cc00

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_sr.dll

MD5 4779a26f70a514b696c10e8321e61e52
SHA1 033a5b32fe1e4c387c3aca3e851cbcd853bedc92
SHA256 2ad574c16dd25d7ba856d6174f127c29c195a831694e1b9a21a2ce11ab4a8074
SHA512 9208c2ad791ffa77a4b3eb39f0718bf435f7cb0e85fe1459660514d5c8324bf355548101cebd0d38779890e8ba0906f36fd12b8d90a249da48d0d0983b63ce24

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_tr.dll

MD5 74fb101e66473c598bca69b211344803
SHA1 952c8d80fabc9d3b84e2cc8ed85c31cc5aa5ad92
SHA256 eb61f9e6afcef3165c54f213491f6df95b76c2be201f4d7019e504d76ff47447
SHA512 844313ff0043a8416655012be1c61f3b257ea012b08ffc74c149c55d742bb02bbacf9f6fdef9033c0db3d8d7fc2e647de279e422ae5400721c88033c33f9c258

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_ur.dll

MD5 fe817223d979e00374c9daaa1904eebf
SHA1 792ec323a17cf22f6520d8195e821ad195d615ea
SHA256 0aabe7cf5293482c749fc9ed97878d0cbdd02efe0d29ab52d0abeb92e910e5db
SHA512 3b3ec840a898df645d2914d1751212eb062f199a1e77719c71bbf58ff7c1b9857d518da5bce83e5e9ed906299c104747833e4d6ab4930b2031eeb35681df2767

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_uk.dll

MD5 23f23a3e67e8209f194397886c4053c5
SHA1 2b214481de1ec3b23ed982936435e3300a2c1f27
SHA256 a1fada665f8a72a02e1475beb53c6a6e771c75fa5f46594dd3df0fef70ebd5a1
SHA512 ba93b18c6843e2170827c8e72e1c6e34b2d1c26776b91e34fbc1e88a5cb9c2680cb5d47a96e351d994586461d191d24c18b8c0540546a8c4234920197035c11e

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_th.dll

MD5 e969e95952657ebb7e1ab1920fa4dab4
SHA1 6d45bfb33ee2e908f258c9a54eae502d10df9f33
SHA256 fe5a2cf08240957d1ad339bf8954ca9af8c92de008670ef453790093e4c2289e
SHA512 673d3c7c794370c074db4f5055b826e0f89c89aed4f354dd2d34521eff6985e621b000de60716256734ae5d6716ffa74de16d6bed9236d3a8b4811d4761b2900

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_te.dll

MD5 e90726fdb00ae01f27ed42f7586fdde4
SHA1 95d7eca60b09a4b7d64e0e097dac4184ed8f4c23
SHA256 3f28a7afc7bae974cec6fa7711c18a5240d700a6c16549b8a0ff58380a9383f2
SHA512 b165dd4842dd58fb26ec856bc30cd3a367402a0b0cdbd0290179d237de0e541da488aabc94606aaaff4f16d9a2f3af5b6f973587eeb1f1a52a06155474c028f9

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_ta.dll

MD5 927975947073f145daf62ca70648ee96
SHA1 0d89303305c7736f1781da67aa69a6a224d45480
SHA256 9989fac81fe341ca2331c43c3486f0f54629990a829c2a34d18ef6177ef1c156
SHA512 5ab5f5f87b2b6a94190ee683089adc09f59506802cd17e1967c3f9ae2665448f61c06477de389aed96e316b13af74ffb626c94fae0eecf12f40ccdb331a99334

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_sw.dll

MD5 28ad86ac9dcf32d3f94a7753ed60ef03
SHA1 205d5f1d404cef9a5a1ca4c849fc69463b78ce05
SHA256 a31235a4ae88911304d50eb1b1a0ad9e86509213e8725e60324a601401a91108
SHA512 c37ea9c1a29718acb7c07e6b9e0a85c5ce55a2de4fa0525322ece9061e8d6f2f878b603a8320b430400f0b28736781eafbabeec62b5ad50078a2e0838c1e9f43

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_sv.dll

MD5 2fa6a257ea8e99c8fc998f7b5b59fb23
SHA1 a27f23f1fafc8eb7e24957d0f24634bf0aabbde4
SHA256 4e789d125fc64baf4c91ff794a0e940c1669b2198148bca2f6e99038efda7463
SHA512 30b6ba4f3fa2a88a9ebb38e40109e32c5fd2c7b1d3c42d001f734f06ebfb6fc88dd7c0b7b5a0e15a53dd324ee4e500e3dbe931f497d7fc1176d253883f759fa1

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_sl.dll

MD5 52daafc6ff6d922e762d65c6442fa5be
SHA1 0c1db525653c6c49f676700630ce307cd216d0f6
SHA256 d4223c3182a8ecdb02f3ed4b6aeeaf055aed0e88dbed7aa3739aa7863a24147c
SHA512 f478539bb842f1eb60b4742e65ca189b643727a1ddf07a759a58ef9a4e5966b255080f29ca0da41a3df78cc5c0b2e2953e270afbe70a1bfb3a5e61b61bb84a79

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_sk.dll

MD5 33db6a23eafa0b38a5807da2818f14ea
SHA1 86417b60a3dbc32231d56dc1f0d9e1964c5f3798
SHA256 913570f399ea5c271ab23c72cc5d2599d9e922147307ec66aa9ee52e9eefcdd8
SHA512 24076302aa44ee53b5963aade954102dc682cf871af3ee99ef56672c9ea14cfa87830e0ec93ae64fc53e80c9c1309e4350212a27488de712f1c394b4451f308a

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_ru.dll

MD5 1f3a5baae2ef7cc12019890a025bb2e8
SHA1 c4c788f9aa2dafb35f596edaea2f106779e996a4
SHA256 ead8fd54f91c7f0cfaf3ce972f2a90550320cb9e8bc380ba8e938d527cfbe169
SHA512 3102ed0b9913a4f9d4aa5ff1a0ba2539b64355aca6f4ea152f88ad69bf9f02105f08c82c1a065d95757ecfca6ec8ab06b14a34044907fa452d54d781624d5f42

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_pt-PT.dll

MD5 7fd5dd5778d37d82205c5040ca70a2d5
SHA1 a3e945242159d23db2b7288086d041e50195e542
SHA256 4b20441e4f8b23981e98469b5c9f85d7739ad65c111e20478be10dc0670abfe1
SHA512 b613fef1623c02c75632903cd11a668f15551fd3caa66495e242f4a92346527f04f09bad6135cfc2b8e69af285a97d1b9c7d189ee9e913cbbd3cc0e9eb2b7989

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_pt-BR.dll

MD5 ada7f4da7f765305cf374a3a671cde1b
SHA1 1a64312059ebc84d62c4c3350881bd2cdde3d582
SHA256 62debb832e3f44455c9f99befbe9246ebe5e7d9eefab19a2192f7d2cc39198e8
SHA512 c613cacca9a7854bac82fec7d7383825420af0ad87287c34ccc9b0b9f8a34c4205019f30e8de151098857a64fb98a6285a123613377d44c76adf04578c6f9e51

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_pl.dll

MD5 a3af28940d85e5e8471953d5fc0711bc
SHA1 a9ab4ba000b0a48340d87c287ab1dd330ec6ade7
SHA256 2abefeda97eb2c572415ccba1b62a76a6526e25a2156dd7a9c20fa3c9228ed4e
SHA512 49e210b0c6ea267610eaee6410281072f4ac34038959349f8341ad095b6da733f854e3a8bee23e3172b738da0970ee2f77ecc7b421980b1ee89918b7326de5cf

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_no.dll

MD5 4de9242fd0e24bf965b3b55484d66d8a
SHA1 f946444d5bda76fd758e5bfce49cffbe01def0f2
SHA256 a9b7e5d5bb1e4d9a177996f460fe2d27b0d165257d761581b803c975f5d70d88
SHA512 41d3f12f4c14a12a571038ce40f84ff8df212b2168db6240e733336ef4aad55bb60ad5b90189a25a61de6bf7cede104ea11fd3aac7db720db36af1557bb88b1d

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_nl.dll

MD5 77eea5029625fbf5ea4e7935c258018f
SHA1 cfcd17ec9547220cfcb49bf3987286b87583579b
SHA256 755a1bf1e8dd39927feafaba7cb9f0986f426904e8549b24fea7c14e2aa1d744
SHA512 a0284682936584996ab8e301f2db960062b55ff0fa0bf07f5d0bd43965bd19ac118741bce34e145d771fa16476ad537b00f1846c250215338662e2d54e2764ea

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_ms.dll

MD5 9be02e84c8a2d7276e235bb9beb98269
SHA1 fec638bc9f0fe1c39bd98b4693a2e02a505db81e
SHA256 cb6c561e082a14da36c4dd918b21fa8fffec89d9a9ca0f0ebf4d52ab0a6ac043
SHA512 52702e02609e3afba1c1776db09540226beb7c72487adf4ec6a286883103d2dfdf8ea0ea282c7f2502b4f1ef548567d696d6130e5fd4612bea7a24456bb0c9dc

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_mr.dll

MD5 e0036f65e81f061474f5b02b8a5d0cbc
SHA1 b123e7b261a6c76d857dd6ff8a42079c3c82e00e
SHA256 9b21202d5d8f5040f096b66fcb4485bc0767b75f3d62bcc8fa4a2d215a049562
SHA512 1b0a473c3413f6bf226a6ecfee3b7961bfcbf7b1a8c05aea164a3aa3c989d78cea920bbb7abd3e9317985adda9b7fe7d76fc091853f2810ac676e08eb9669209

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_ml.dll

MD5 299876173bd1d287810f2b228676b2d2
SHA1 8869960af433f7834cc52856beb4477fe4934ea0
SHA256 4ccd80bba3e5c68ff394233d1888ae0be69bc6530c8c86a397ec88778644f678
SHA512 463b5b3cc1bcea025c57bdf333d155c8883c113820b712355e937c2fa3aebcc8066a7e567244590c897009b7af13da9e33fe7fa7cc8daa04a77cd8b42530a757

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_lv.dll

MD5 0a9b66838b78c6495747bd0771faf528
SHA1 5f20b60dd6bfc66a33f5c548a4c2d4ca3a9c523c
SHA256 4e23c5bb7ee2729b7a3900c8893c63e25b578962e481e06479d11071704c3935
SHA512 3fd7c467098d0151aa46516d246fc5b49b088ed326eca75324dfcdfd92a414374c41b1f47a790fc9289d48b6b156faa2f4c232f8170738a14ddd221580d07fcc

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_lt.dll

MD5 ef4a6970622f9aec0d07878506f53428
SHA1 431a38893d85cb56da24b04edb84cb9d8a2db562
SHA256 1e3567d589f9065c07f23568d72484129369b312000fcad39b3c396a16ca4a79
SHA512 bce29c943b1a98c78fd7da729498efeeb10c0e6b73790c8bc9c0bd7203818268ac1639c9022a462b3b2904fadbed26f44e9995fbc7887a9ee2784091ef15a5c1

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_kn.dll

MD5 8fbede52d1f0fa0b60bdc5848195e305
SHA1 ec8afc7ca1d065b9a1347a4b6e13afaca7297bea
SHA256 f874b0a857cb1942ff026ba0ed5fac59de972febd5132cc79dc43c556351c970
SHA512 66fba1aa39a63d3555b83fc981ffc3dac2448f5d611c1ab08663b4f873ed6724ff9a14cffab15c30d5d1936c400166022c90fb31a42a048b6f8f71d73f4999d6

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_ja.dll

MD5 2d8aa5109d9c85ef618b58869f178253
SHA1 7d339a31f10438cd48edfaec408c56b22a72ae88
SHA256 2c50b3a69a2aeab774a6b9f3b394d928ae2bf9b77b89912ef2a7f8c3864b5e43
SHA512 1d5a0e11929c88520ab5d21465229c2e47a63c22965df4d3759f62032b5b3d1769d55ad414d040ce037a89e86f02d47b1234827822fed94ff55255b5571182e1

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_iw.dll

MD5 2312d6b5e536f90691fd56d9552370fb
SHA1 af2485771bbec5305d4928821d1b7b0695760ec1
SHA256 cc985b473bb9984124d28b2d8f12b95b01ea82df9abcad99d45f0da8b38d7383
SHA512 217bfbdb3e601866f820bc0bc1bef6449475848be0754ac9ce15473082892aaef64e918b3bd7ccbb423aa09ad5884247a96f75e679a425f6d33d8b3747d63797

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_it.dll

MD5 e1835371ee49dddcb6898b2a8015c1c4
SHA1 2dc11fe158cabbddaad18fe5c90a90cf02cb8468
SHA256 e7f301cb7c6deb08aaafd289d4b669cb55e5979cc7703fe28e044ca7d41c40d1
SHA512 57240774fc9dfe57ac58888de8ea80699a2e0b628c01ea371e0deba3564ad40a16a0c76dafb7cc6a1658117edd48e25cff8e2241a893c28717634e2ddf56951e

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_is.dll

MD5 5c79ef8f4467dbfcf0161c384677f2dc
SHA1 4e31e1ac60c85c01f622166682550c615c240f99
SHA256 b7ebd5f63c0268b423a37ed5606be4c5a98ac7b79c3b2c7a908e7758736ac486
SHA512 5a6015f3428c3952aaf87b16a1b6bb344f42f155304172078f05cb862f386e371140ccd14798646e69ce80d8cf432888aa0d2f69245f9f33affea16cef3c3bfa

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_hr.dll

MD5 e47b4a862dddc6fa892bff0fd3e6c6a0
SHA1 dea727187788b56e621fac92721f22f35616977b
SHA256 bab75e543851c62d9f7b1c71cdaecd2aadc1bb7c6769f8341db817f2616c6b68
SHA512 8dff1d00924dcd3395179a5f531ef8005b6eb3a6e577abc4204f3c41a234f8c19de76e87786934138efa996d188469bfe89c30b2a03a00979ae99275286654da

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_fil.dll

MD5 b1c8a5d0e251ad0f88c33ac82daaee6c
SHA1 c575c763de138d96550fd7022ee8bf737c528e3e
SHA256 48e3f78b12fd65fbfa64344c86c0aaf84b3f1bbeaea4bbe71c35fc8ebef9cff2
SHA512 4ab68b42d485c3d301ffd787e320dc6efb5b41d17e58e0f8cd76a02038512785b9af7599e029839218dc41abb1d5e5f4f922364edca3d691ea4f7f1b544c433e

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_fa.dll

MD5 49a43c647de8381f1ec6aa7fdec9e40b
SHA1 3573dd447925707b7ab4f7dc20aa167e055d4c7d
SHA256 107940a04c9392143b9693437832b60413e496f3a4152568001e370ff5c63b6a
SHA512 c2b3c3378223d4b14dc47b9e08077cde1d631ed0a4ea1b2bdb8d056d3537b8802c2c1e7f78cf8afbf388e947a22c5e797a582fb2c3489feca491c180374fbec7

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_et.dll

MD5 3734e667b7ac97726ff4e77b30eb47ea
SHA1 13e223c19933dda3d13db6aaac23a93dd0854082
SHA256 1687cc0d1b9948221fa2d005dc6aeacbc730dd5f79073118318578eeceeb0a11
SHA512 e2d41c8c7bc9ba30df30ae2805a0189a901c1c05c423622099e6fdca10a5b26d7271715dd51389afeb3732d7a052d30a8bdec0b1cdcf84b01ce2b485c435a81a

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_es-419.dll

MD5 154e315c8210c0b4a0c33a03c1f2c0f7
SHA1 c432d540d85bc8995bbc80f2ae748e22abe8ddcc
SHA256 d6ef58c4f99d160dcb0690e17fc53c4cbba9584995b5c787efd7d5a03f461856
SHA512 47e84f07baddeb1ef91f84f9ff0c02872b749dfcfe293fb994edc35cdf74d44235c1c75cc31e1c638ed9d9b251abf41cf9f159b8ebe844708f183f15b04e19ec

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_en-GB.dll

MD5 cebb69519acdc7dd799eed5c196c6c82
SHA1 cbb2d6717df5a48526968e7e269d4825cbda3257
SHA256 8ac7bc668a8e1c317e9f84796b4df2f804d6ad47a60f8759f54990bf243e6981
SHA512 e57f9a568d32e7fad73a7ad43bbcf1afb44361e894f1b336c0251ad21c4de09f6c1d61ef3b09334dab664c32b47f8a5c921053cbcb72ee4f3281f747c2a139ea

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_da.dll

MD5 de1a987c14f42ff6635643465fa2c60b
SHA1 efc5b757c1076991bb8c3fa9b5eba30146a94c37
SHA256 c768ff1ccfece2edfd19ca3c90f67a32e061cc153987d3865cc1146587b1cb26
SHA512 bbd258b319786752d8ad4cc285f211f2ad269e8282c9442dcdd658d16cf0f60905d921ccd10c568705974195ac45f0a1e8fc23d9f52b73a6b5e9404ce205d7a5

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_cs.dll

MD5 5613fbf25517fbed703346cfcb5c9c4d
SHA1 0ff5e78e51217c7234c2c03047ef0431272132bf
SHA256 dff5216c302bd82c514e053f0a7091b315b98229c9a7c67bd37a41a9a825798e
SHA512 c150adf69b458ff174594ba1e994d90f16a6d2371a69eddf56ab9f1ce3ddd3e3a46ed23301c299bb4b20b641bfb326f945cab55c54c758f851c98c957626675f

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_ca.dll

MD5 a6bf27ef56da45d41cccd66490addf04
SHA1 c6f29f1c0ef1f34d96a6339cb77ee6e54fae7c90
SHA256 83898433d55d80a230b260af4f746621124c35d2a9814339372de47a57cf6619
SHA512 5379586153249969e2edb0b95cac883cb98646264d20d7e837ee96b46b9cc6f54925e1518bde07ac3052edb8ba7bf48f9cb1dbdf6fa1d6855ea181fa32e06579

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_bn.dll

MD5 949aae7ecde2e0d1ec1e78e925dd86ad
SHA1 7836d5c2f0b22b22a2c3c03f3b88eb93577da660
SHA256 adc617b5e3e647355e47006d5b9a130341323c1345fadd25ee880bba89eb95d3
SHA512 2e89840a58c9109799846514474d09808e6c7c0bab3e09dfa0fcaaca74c966225e31586be3e47fbf04a1000fa5f0ded58915183b94ad2e3c11e3632dac31f510

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_bg.dll

MD5 db8908b6627859104bfca1e777743b25
SHA1 c8f25b474747183c7d453616e82c0cbee299b5f2
SHA256 bb6569ad79623eed5f042982c2fe2808d8a9cd2b85b98d9bd0a0cf8999c31eba
SHA512 435f779820588cb885fcbf6aefd2dda37eccd569856a144621417aa8a8ea577ef0a11d4cc708af7cb2cfafe897c75d8e247de0fad6f0ea8e87e00c11b36a1519

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_ar.dll

MD5 7129735aa717dae6a2dab0574e31ceff
SHA1 7851be57ed9f76de24ec2a9264352679fcf9ff8c
SHA256 f4a1a5b7749bafd84927ae0a281db0eee2e2a1ce9cd77ca08165f8bc587cc3b3
SHA512 cadf0a4c93798139ad7a5e95b12411a927d5cc78980389aa94be7a86b6d61e6c64f807bcfe2a494a02e9ef242cc4515566c004acf8fa5d6c33685171e87a6e32

C:\Program Files (x86)\Google\Temp\GUME678.tmp\goopdateres_am.dll

MD5 3d047b2327fdc1490d35de702cabfd87
SHA1 7e95b34cdd0e778c5f8e99a719084d6058752647
SHA256 dd0e5047fe6036f3fbea9d04c7563afdb31bd88e42f19879d75299c685c08dd5
SHA512 bb0103fe46fa005d4b979b0304f6c4df225427d4d5ead92c3ed6deb36feae26429664a2a6d4ac046db9ff3387dade1f9ef757f3e26b9a392663f99e920ff1837

C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleUpdateComRegisterShell64.exe

MD5 54fdef34ec0349a9c8ee543cafa25109
SHA1 2b0c0ae0a7ef0ea23d5d9e0c3406cf5df969d50e
SHA256 974ec719d34ac9af4d37681a8a6dfeb24f3dd136b2681be09dbc86afb6d9f616
SHA512 02a381991259df41a15f2cd49e906fa926a5d979913596f8d606aa652a500ec3316d6dd7b35d836307081b1dc5344b352de92e6bd6f2f2c882764f3f976cb561

C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleCrashHandler64.exe

MD5 71e73162f75ef1c1094f8e8ac5e9bed3
SHA1 083bccb889e8a01cabe52941dfeb8bf51e560c70
SHA256 2ae4d76b2037bf4ea615e92c7064272c93fc6a5cd649a95502234f6f32b9b151
SHA512 6e05aa298723a52d27f3897c8332d6c3e3c4651fe0a1cbd55e6034810556162f0c3d07056f276577925de647a5ba847846d203c3b230f9fcfd012b03e15ba295

C:\Program Files (x86)\Google\Temp\GUME678.tmp\GoogleCrashHandler.exe

MD5 b6b844cba41f7c190a001941a9a34e9a
SHA1 9496eba9714f323c7e17b61ea536acc6bbbe05ff
SHA256 03e91a5144ab49e6a39df0d920987e718fd36f8d5ca34e243506025e8da1db78
SHA512 4a4a6452234f56221743e0a2ac5efe2f546201b1ca3e97fe5bf3b82ef179918f0b0479845225ac4f459c349ac71894295a6bc0efa1e57da3d9c9267d265e725e

memory/2984-299-0x0000000010000000-0x0000000010030000-memory.dmp

memory/2984-298-0x0000000010000000-0x0000000010030000-memory.dmp

memory/2984-297-0x0000000000B10000-0x0000000000C67000-memory.dmp

memory/2580-300-0x00000000745B0000-0x0000000074793000-memory.dmp

memory/2984-304-0x0000000010000000-0x0000000010030000-memory.dmp

memory/2984-310-0x0000000010000000-0x0000000010030000-memory.dmp

memory/2984-334-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\setup.exe

MD5 b42b8ac29ee0a9c3401ac4e7e186282d
SHA1 69dfb1dd33cf845a1358d862eebc4affe7b51223
SHA256 19545e8376807bce8a430c37cab9731e85052103f769dd60a5da3d93ca68c6ec
SHA512 b5269e7392e77a0fa850049ff61e271c5aab90d546945b17a65cc2ea6420432ae56321e1e39cfd97ccdb3dfc37ddbd6ff77907f5685cc2323b8635c8cdb4a84f

C:\Program Files\Common Files\System\symsrv.dll.000

MD5 1130c911bf5db4b8f7cf9b6f4b457623
SHA1 48e734c4bc1a8b5399bff4954e54b268bde9d54c
SHA256 eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1
SHA512 94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0

memory/2984-360-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Program Files (x86)\Google\Update\1.3.36.132\goopdate.dll.tmp

MD5 c334b5636e5d11b6232d235bbdd90e26
SHA1 7eea00997d335a0a7707f5c64a106690cc4b784f
SHA256 63dd05d6c3edc07adae1f4d765d802c9b34ac0c8b5f00314ecc0d23539b43850
SHA512 8b489ab750e0ebf5f432f3b5a98f5a814d2352754c8c6b9dfc8ebe974a0b0918845d00c036a9e749e08102ffa1b75ad4b911b0cee77887bbddf0de4489a78c6a

memory/2984-376-0x0000000010000000-0x0000000010030000-memory.dmp

memory/2580-377-0x00000000745B0000-0x0000000074793000-memory.dmp

memory/576-378-0x0000000073D10000-0x0000000073EF3000-memory.dmp

memory/2580-385-0x00000000745B0000-0x0000000074793000-memory.dmp

memory/576-392-0x0000000073D10000-0x0000000073EF3000-memory.dmp

memory/2624-404-0x0000000001100000-0x000000000114C000-memory.dmp

memory/2984-406-0x0000000010000000-0x0000000010030000-memory.dmp

memory/2580-407-0x00000000745B0000-0x0000000074793000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-16 06:40

Reported

2024-08-16 06:43

Platform

win10v2004-20240802-en

Max time kernel

142s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe"

Signatures

Floxif, Floodfix

backdoor trojan floxif

Detects Floxif payload

backdoor
Description Indicator Process Target
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\127.0.6533.120\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A

Event Triggered Execution: AppInit DLLs

persistence privilege_escalation

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\127.0.6533.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\e: C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\psuser_64.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\Extensions\external_extensions.json C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\Locales\fa.pak C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_fil.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_is.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_lt.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_nl.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_uk.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\psuser.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\libGLESv2.dll C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_sl.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\VisualElements\LogoCanary.png C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\vulkan-1.dll C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\chrome.exe.sig C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_ca.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_iw.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\127.0.6533.120_chrome_installer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\Locales\ar.pak C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\VisualElements\Logo.png C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\chrome.VisualElementsManifest.xml C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleCrashHandler.exe C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_bg.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_ms.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_sk.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\127.0.6533.120.manifest C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_de.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_sl.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_sv.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_zh-TW.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\chrome_100_percent.pak C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\Locales\vi.pak C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Common Files\System\symsrv.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_zh-CN.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdate.dll.tmp C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\Locales\zh-TW.pak C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\chrome_pwa_launcher.exe C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe.tmp C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_ro.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\icudtl.dat C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\Locales\th.pak C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\Locales\et.pak C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleCrashHandler64.exe C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_ko.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateCore.exe C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_hi.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\psuser_64.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateSetup.exe C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\Locales\lt.pak C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\chrome_proxy.exe C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\eventlog_provider.dll C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\chrome.dll.sig C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_lv.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_ro.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_ml.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_te.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3984_1397656863\Chrome-bin\127.0.6533.120\Locales\ml.pak C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_no.dll C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_hr.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.132\goopdateres_pt-BR.dll C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32\ = "\"C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\GoogleUpdateOnDemand.exe\"" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\ = "PSFactoryBuffer" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID\ = "GoogleUpdate.CoreClass" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods\ = "12" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ = "IAppCommand2" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc.1.0\ = "Google Update Legacy On Demand" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync\ = "CoCreateAsync" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\AppID = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ = "IGoogleUpdate3" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusSvc\ = "Google Update Policy Status Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2} C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\ = "Google Update Policy Status Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation\Enabled = "1" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32\ = "{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ = "IProgressWndEvents" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods\ = "41" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods\ = "9" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\Elevation C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VersionIndependentProgID\ = "GoogleUpdate.CredentialDialogMachine" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6B5068B-8F3E-4850-B5C8-B004AFE2B38B}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.132\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ = "IAppCommandWeb" C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\127.0.6533.120_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\127.0.6533.120_chrome_installer.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5112 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe
PID 5112 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe
PID 5112 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe
PID 620 wrote to memory of 4528 N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 620 wrote to memory of 4528 N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 620 wrote to memory of 4528 N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 620 wrote to memory of 396 N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 620 wrote to memory of 396 N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 620 wrote to memory of 396 N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 396 wrote to memory of 1764 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 396 wrote to memory of 1764 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 396 wrote to memory of 3244 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 396 wrote to memory of 3244 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 396 wrote to memory of 1384 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 396 wrote to memory of 1384 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe
PID 620 wrote to memory of 1400 N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 620 wrote to memory of 1400 N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 620 wrote to memory of 1400 N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 620 wrote to memory of 4960 N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 620 wrote to memory of 4960 N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 620 wrote to memory of 4960 N/A C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3396 wrote to memory of 4140 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\127.0.6533.120_chrome_installer.exe
PID 3396 wrote to memory of 4140 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\127.0.6533.120_chrome_installer.exe
PID 4140 wrote to memory of 3984 N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\127.0.6533.120_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe
PID 4140 wrote to memory of 3984 N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\127.0.6533.120_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe
PID 3984 wrote to memory of 432 N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe
PID 3984 wrote to memory of 432 N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe
PID 3984 wrote to memory of 1700 N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe
PID 3984 wrote to memory of 1700 N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe
PID 1700 wrote to memory of 2980 N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe
PID 1700 wrote to memory of 2980 N/A C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe
PID 3396 wrote to memory of 2988 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
PID 3396 wrote to memory of 2988 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
PID 3396 wrote to memory of 2988 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
PID 3396 wrote to memory of 3488 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
PID 3396 wrote to memory of 3488 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
PID 3396 wrote to memory of 3660 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3396 wrote to memory of 3660 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3396 wrote to memory of 3660 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4324 wrote to memory of 5000 N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4324 wrote to memory of 5000 N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4324 wrote to memory of 5000 N/A C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Processes

C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe

"C:\Users\Admin\AppData\Local\Temp\e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe"

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={23B7F606-DA1B-291C-61C0-F4F2AC577668}&lang=en&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=YTUH&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xMzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4xMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTdEQzUyREMtMzg4Ny00MTRFLTg0QjktQzE4RjY2RUNGQTA2fSIgdXNlcmlkPSJ7QTNGQzZDRDMtMTM3Ny00M0I3LUIxRTItMzI2QURGQjE3RENEfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezE1NjI2NjhBLTBEQzUtNDlFNS05NkI5LUJFNjRFOTIwNjgyRn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjM3MSIgbmV4dHZlcnNpb249IjEuMy4zNi4xMzIiIGxhbmc9ImVuIiBicmFuZD0iWVRVSCIgY2xpZW50PSIiIGlpZD0iezIzQjdGNjA2LURBMUItMjkxQy02MUMwLUY0RjJBQzU3NzY2OH0iPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNzE3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={23B7F606-DA1B-291C-61C0-F4F2AC577668}&lang=en&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=YTUH&installdataindex=empty" /installsource taggedmi /sessionid "{17DC52DC-3887-414E-84B9-C18F66ECFA06}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\127.0.6533.120_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\127.0.6533.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\guiE9A4.tmp"

C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\guiE9A4.tmp"

C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff70f9241f8,0x7ff70f924204,0x7ff70f924210

C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{66EB6BC4-7AAB-4738-AF5E-0B06A2F02110}\CR_86FB9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff70f9241f8,0x7ff70f924204,0x7ff70f924210

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xMzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4xMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTdEQzUyREMtMzg4Ny00MTRFLTg0QjktQzE4RjY2RUNGQTA2fSIgdXNlcmlkPSJ7QTNGQzZDRDMtMTM3Ny00M0I3LUIxRTItMzI2QURGQjE3RENEfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezIxRDBDRTBDLTBERkMtNDE2Qi1CRUM5LUY2RUE1Q0FDNjJFRH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI3LjAuNjUzMy4xMjAiIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9ImVuIiBicmFuZD0iWVRVSCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjEzIiBpaWQ9InsyM0I3RjYwNi1EQTFCLTI5MUMtNjFDMC1GNEYyQUM1Nzc2Njh9IiBjb2hvcnQ9IjE6Z3UvaTE5OiIgY29ob3J0bmFtZT0iU3RhYmxlIEluc3RhbGxzICZhbXA7IFZlcnNpb24gUGlucyI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9lZGdlZGwubWUuZ3Z0MS5jb20vZWRnZWRsL3JlbGVhc2UyL2Nocm9tZS9hY25jZHp6Z2kzMmVwMmR0YjNmNmF5cWh6aTZxXzEyNy4wLjY1MzMuMTIwLzEyNy4wLjY1MzMuMTIwX2Nocm9tZV9pbnN0YWxsZXIuZXhlIiBkb3dubG9hZGVkPSIxMDY3MzcwMTYiIHRvdGFsPSIxMDY3MzcwMTYiIGRvd25sb2FkX3RpbWVfbXM9IjIyODkxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3MDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI2MTAiIGRvd25sb2FkX3RpbWVfbXM9IjIzOTg1IiBkb3dubG9hZGVkPSIxMDY3MzcwMTYiIHRvdGFsPSIxMDY3MzcwMTYiIGluc3RhbGxfdGltZV9tcz0iMjkzNDQiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 5isohu.com udp
FR 142.250.179.67:443 update.googleapis.com tcp
FR 142.250.179.67:443 update.googleapis.com tcp
US 8.8.8.8:53 www.aieov.com udp
US 45.33.20.235:80 www.aieov.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 67.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 235.20.33.45.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 5isohu.com udp
US 45.33.20.235:80 www.aieov.com tcp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 45.33.20.235:80 www.aieov.com tcp
US 8.8.8.8:53 5isohu.com udp
US 45.33.20.235:80 www.aieov.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 5isohu.com udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 45.33.20.235:80 www.aieov.com tcp
US 8.8.8.8:53 5isohu.com udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 45.33.20.235:80 www.aieov.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 102.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\Program Files\Common Files\System\symsrv.dll

MD5 7574cf2c64f35161ab1292e2f532aabf
SHA1 14ba3fa927a06224dfe587014299e834def4644f
SHA256 de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA512 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

memory/5112-3-0x0000000010000000-0x0000000010030000-memory.dmp

memory/5112-5-0x0000000000891000-0x0000000000892000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\A1D26E2\6E6994813F8.tmp

MD5 9afad7bf01e35e70fa27345e1885b587
SHA1 62f2ce3e6ced43c03253c5b6acf45685e5f69df5
SHA256 0ef3cefaf49ee9df05becd8b5591ace3bd52c457f6c166228f720aac1cbc4697
SHA512 5d7ad98c67bfe58f2f48c3317799421528b9688aa91c790605bdb0e64819bd15bfb7bba570762cd73f97b923d6f40f852bed59bd35cddbb9426bddb6d17ef882

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdate.exe

MD5 e885bf92c289c674cd32f3e85ab2b922
SHA1 c0a98fd8c74d031f54fda658a1c67d8886b5e076
SHA256 63854e78780866d2ae56a58958a1fda017a71f54b71fe70cf5403958e961862a
SHA512 618d0cb1e6b50716ad877616da547d45099d92c6d00158da0ee2a76cf08f13ee540d365f747a031f0da96b238acc7fc9c0996c8de3feb7753966a9458e5f2512

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdate.dll

MD5 c0afc2fd557628f98ac9b7834ce7d966
SHA1 7ddfcc41f315d807d36dfef3b0217614aadb0151
SHA256 b31ed15eeb3e535d1318a566000adc069b793fd0f19ba9ae18342f7656121596
SHA512 b3a68dc8a2707d247f6224936c629bf162b72a29e50f48d763d151d0aa83d2b95e0e9a6110005f98e40e819fb41535f4c4e90a6ba95c94b4404b7e7eb1f4d4ba

memory/620-84-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_en.dll

MD5 2d042e395936029bce585828ebfdbb7f
SHA1 f329cd1fd339a3bae7aa296c7c9059ed106c5146
SHA256 22b51dc5d66d1487b5371353253ec26a6cb99c5425e800d06e670b4321e52472
SHA512 f08617418537c031653f3a675cddc1a7d422301a6d639381766f8eb80efc1be92ec3c35f0e5e12aadb6fa7daa4bd854004253ac8bf2960d0a32a68c7e59bfda9

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdateCore.exe

MD5 2c6849cca1783f20415a54ff80bd6a82
SHA1 555691825d70c89152ee00932412a59eb7585ff6
SHA256 eae6d2053a0f4ea3af887c9244770d31cbacab69f165d4ac5fa49b619f0d6bc3
SHA512 a1e66f6260dd2e63f7b2e0cee4b45e35f5d2740e6c2f129b6ba1af88cc9c12a669d76d41a59a7a067ec610b53ddfc56e8beb31659fa79734655510d182bdc075

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleCrashHandler.exe

MD5 b6b844cba41f7c190a001941a9a34e9a
SHA1 9496eba9714f323c7e17b61ea536acc6bbbe05ff
SHA256 03e91a5144ab49e6a39df0d920987e718fd36f8d5ca34e243506025e8da1db78
SHA512 4a4a6452234f56221743e0a2ac5efe2f546201b1ca3e97fe5bf3b82ef179918f0b0479845225ac4f459c349ac71894295a6bc0efa1e57da3d9c9267d265e725e

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleCrashHandler64.exe

MD5 71e73162f75ef1c1094f8e8ac5e9bed3
SHA1 083bccb889e8a01cabe52941dfeb8bf51e560c70
SHA256 2ae4d76b2037bf4ea615e92c7064272c93fc6a5cd649a95502234f6f32b9b151
SHA512 6e05aa298723a52d27f3897c8332d6c3e3c4651fe0a1cbd55e6034810556162f0c3d07056f276577925de647a5ba847846d203c3b230f9fcfd012b03e15ba295

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_iw.dll

MD5 2312d6b5e536f90691fd56d9552370fb
SHA1 af2485771bbec5305d4928821d1b7b0695760ec1
SHA256 cc985b473bb9984124d28b2d8f12b95b01ea82df9abcad99d45f0da8b38d7383
SHA512 217bfbdb3e601866f820bc0bc1bef6449475848be0754ac9ce15473082892aaef64e918b3bd7ccbb423aa09ad5884247a96f75e679a425f6d33d8b3747d63797

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_kn.dll

MD5 8fbede52d1f0fa0b60bdc5848195e305
SHA1 ec8afc7ca1d065b9a1347a4b6e13afaca7297bea
SHA256 f874b0a857cb1942ff026ba0ed5fac59de972febd5132cc79dc43c556351c970
SHA512 66fba1aa39a63d3555b83fc981ffc3dac2448f5d611c1ab08663b4f873ed6724ff9a14cffab15c30d5d1936c400166022c90fb31a42a048b6f8f71d73f4999d6

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_sw.dll

MD5 28ad86ac9dcf32d3f94a7753ed60ef03
SHA1 205d5f1d404cef9a5a1ca4c849fc69463b78ce05
SHA256 a31235a4ae88911304d50eb1b1a0ad9e86509213e8725e60324a601401a91108
SHA512 c37ea9c1a29718acb7c07e6b9e0a85c5ce55a2de4fa0525322ece9061e8d6f2f878b603a8320b430400f0b28736781eafbabeec62b5ad50078a2e0838c1e9f43

memory/4528-283-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_vi.dll

MD5 bafa8c4769aa2df183da63e309ea47f2
SHA1 53b9cb0b76512dc60856e4bbb060192e1748f3f5
SHA256 364ed3f184dc33b5a4c40328a668433b861ebcdd9915937032d353c9c4ba040f
SHA512 6d985102cb10bc522c4f4b77f244539e6e4f4c4e05a3109c08333543219027429ff4609a05fa7f4e6d8a9828ce1b494f08b0f447a6e93067849389c272645c56

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_ur.dll

MD5 fe817223d979e00374c9daaa1904eebf
SHA1 792ec323a17cf22f6520d8195e821ad195d615ea
SHA256 0aabe7cf5293482c749fc9ed97878d0cbdd02efe0d29ab52d0abeb92e910e5db
SHA512 3b3ec840a898df645d2914d1751212eb062f199a1e77719c71bbf58ff7c1b9857d518da5bce83e5e9ed906299c104747833e4d6ab4930b2031eeb35681df2767

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_uk.dll

MD5 23f23a3e67e8209f194397886c4053c5
SHA1 2b214481de1ec3b23ed982936435e3300a2c1f27
SHA256 a1fada665f8a72a02e1475beb53c6a6e771c75fa5f46594dd3df0fef70ebd5a1
SHA512 ba93b18c6843e2170827c8e72e1c6e34b2d1c26776b91e34fbc1e88a5cb9c2680cb5d47a96e351d994586461d191d24c18b8c0540546a8c4234920197035c11e

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_tr.dll

MD5 74fb101e66473c598bca69b211344803
SHA1 952c8d80fabc9d3b84e2cc8ed85c31cc5aa5ad92
SHA256 eb61f9e6afcef3165c54f213491f6df95b76c2be201f4d7019e504d76ff47447
SHA512 844313ff0043a8416655012be1c61f3b257ea012b08ffc74c149c55d742bb02bbacf9f6fdef9033c0db3d8d7fc2e647de279e422ae5400721c88033c33f9c258

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_th.dll

MD5 e969e95952657ebb7e1ab1920fa4dab4
SHA1 6d45bfb33ee2e908f258c9a54eae502d10df9f33
SHA256 fe5a2cf08240957d1ad339bf8954ca9af8c92de008670ef453790093e4c2289e
SHA512 673d3c7c794370c074db4f5055b826e0f89c89aed4f354dd2d34521eff6985e621b000de60716256734ae5d6716ffa74de16d6bed9236d3a8b4811d4761b2900

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_te.dll

MD5 e90726fdb00ae01f27ed42f7586fdde4
SHA1 95d7eca60b09a4b7d64e0e097dac4184ed8f4c23
SHA256 3f28a7afc7bae974cec6fa7711c18a5240d700a6c16549b8a0ff58380a9383f2
SHA512 b165dd4842dd58fb26ec856bc30cd3a367402a0b0cdbd0290179d237de0e541da488aabc94606aaaff4f16d9a2f3af5b6f973587eeb1f1a52a06155474c028f9

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_ta.dll

MD5 927975947073f145daf62ca70648ee96
SHA1 0d89303305c7736f1781da67aa69a6a224d45480
SHA256 9989fac81fe341ca2331c43c3486f0f54629990a829c2a34d18ef6177ef1c156
SHA512 5ab5f5f87b2b6a94190ee683089adc09f59506802cd17e1967c3f9ae2665448f61c06477de389aed96e316b13af74ffb626c94fae0eecf12f40ccdb331a99334

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_sv.dll

MD5 2fa6a257ea8e99c8fc998f7b5b59fb23
SHA1 a27f23f1fafc8eb7e24957d0f24634bf0aabbde4
SHA256 4e789d125fc64baf4c91ff794a0e940c1669b2198148bca2f6e99038efda7463
SHA512 30b6ba4f3fa2a88a9ebb38e40109e32c5fd2c7b1d3c42d001f734f06ebfb6fc88dd7c0b7b5a0e15a53dd324ee4e500e3dbe931f497d7fc1176d253883f759fa1

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_sr.dll

MD5 4779a26f70a514b696c10e8321e61e52
SHA1 033a5b32fe1e4c387c3aca3e851cbcd853bedc92
SHA256 2ad574c16dd25d7ba856d6174f127c29c195a831694e1b9a21a2ce11ab4a8074
SHA512 9208c2ad791ffa77a4b3eb39f0718bf435f7cb0e85fe1459660514d5c8324bf355548101cebd0d38779890e8ba0906f36fd12b8d90a249da48d0d0983b63ce24

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_sl.dll

MD5 52daafc6ff6d922e762d65c6442fa5be
SHA1 0c1db525653c6c49f676700630ce307cd216d0f6
SHA256 d4223c3182a8ecdb02f3ed4b6aeeaf055aed0e88dbed7aa3739aa7863a24147c
SHA512 f478539bb842f1eb60b4742e65ca189b643727a1ddf07a759a58ef9a4e5966b255080f29ca0da41a3df78cc5c0b2e2953e270afbe70a1bfb3a5e61b61bb84a79

memory/4528-285-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_sk.dll

MD5 33db6a23eafa0b38a5807da2818f14ea
SHA1 86417b60a3dbc32231d56dc1f0d9e1964c5f3798
SHA256 913570f399ea5c271ab23c72cc5d2599d9e922147307ec66aa9ee52e9eefcdd8
SHA512 24076302aa44ee53b5963aade954102dc682cf871af3ee99ef56672c9ea14cfa87830e0ec93ae64fc53e80c9c1309e4350212a27488de712f1c394b4451f308a

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_ru.dll

MD5 1f3a5baae2ef7cc12019890a025bb2e8
SHA1 c4c788f9aa2dafb35f596edaea2f106779e996a4
SHA256 ead8fd54f91c7f0cfaf3ce972f2a90550320cb9e8bc380ba8e938d527cfbe169
SHA512 3102ed0b9913a4f9d4aa5ff1a0ba2539b64355aca6f4ea152f88ad69bf9f02105f08c82c1a065d95757ecfca6ec8ab06b14a34044907fa452d54d781624d5f42

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_ro.dll

MD5 2711b56ecd2a6fcc85df51514797d6e6
SHA1 ab6026a8150f94968f096f7909a828e7fdf6cfdc
SHA256 952ecac650a4a8072b481d5e7a298140058defe6fa7148e8b2a9025c624987bc
SHA512 2bd567b3b6ebf2506f8e23ed778a00ed762ed03701dc5e1559662ad1480f3c70624083ae1586768a1843053df9428cb352c6607b2ae4da6e19a63bc9c977cc00

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_pt-PT.dll

MD5 7fd5dd5778d37d82205c5040ca70a2d5
SHA1 a3e945242159d23db2b7288086d041e50195e542
SHA256 4b20441e4f8b23981e98469b5c9f85d7739ad65c111e20478be10dc0670abfe1
SHA512 b613fef1623c02c75632903cd11a668f15551fd3caa66495e242f4a92346527f04f09bad6135cfc2b8e69af285a97d1b9c7d189ee9e913cbbd3cc0e9eb2b7989

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_pt-BR.dll

MD5 ada7f4da7f765305cf374a3a671cde1b
SHA1 1a64312059ebc84d62c4c3350881bd2cdde3d582
SHA256 62debb832e3f44455c9f99befbe9246ebe5e7d9eefab19a2192f7d2cc39198e8
SHA512 c613cacca9a7854bac82fec7d7383825420af0ad87287c34ccc9b0b9f8a34c4205019f30e8de151098857a64fb98a6285a123613377d44c76adf04578c6f9e51

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_pl.dll

MD5 a3af28940d85e5e8471953d5fc0711bc
SHA1 a9ab4ba000b0a48340d87c287ab1dd330ec6ade7
SHA256 2abefeda97eb2c572415ccba1b62a76a6526e25a2156dd7a9c20fa3c9228ed4e
SHA512 49e210b0c6ea267610eaee6410281072f4ac34038959349f8341ad095b6da733f854e3a8bee23e3172b738da0970ee2f77ecc7b421980b1ee89918b7326de5cf

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_no.dll

MD5 4de9242fd0e24bf965b3b55484d66d8a
SHA1 f946444d5bda76fd758e5bfce49cffbe01def0f2
SHA256 a9b7e5d5bb1e4d9a177996f460fe2d27b0d165257d761581b803c975f5d70d88
SHA512 41d3f12f4c14a12a571038ce40f84ff8df212b2168db6240e733336ef4aad55bb60ad5b90189a25a61de6bf7cede104ea11fd3aac7db720db36af1557bb88b1d

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_nl.dll

MD5 77eea5029625fbf5ea4e7935c258018f
SHA1 cfcd17ec9547220cfcb49bf3987286b87583579b
SHA256 755a1bf1e8dd39927feafaba7cb9f0986f426904e8549b24fea7c14e2aa1d744
SHA512 a0284682936584996ab8e301f2db960062b55ff0fa0bf07f5d0bd43965bd19ac118741bce34e145d771fa16476ad537b00f1846c250215338662e2d54e2764ea

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_ms.dll

MD5 9be02e84c8a2d7276e235bb9beb98269
SHA1 fec638bc9f0fe1c39bd98b4693a2e02a505db81e
SHA256 cb6c561e082a14da36c4dd918b21fa8fffec89d9a9ca0f0ebf4d52ab0a6ac043
SHA512 52702e02609e3afba1c1776db09540226beb7c72487adf4ec6a286883103d2dfdf8ea0ea282c7f2502b4f1ef548567d696d6130e5fd4612bea7a24456bb0c9dc

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_mr.dll

MD5 e0036f65e81f061474f5b02b8a5d0cbc
SHA1 b123e7b261a6c76d857dd6ff8a42079c3c82e00e
SHA256 9b21202d5d8f5040f096b66fcb4485bc0767b75f3d62bcc8fa4a2d215a049562
SHA512 1b0a473c3413f6bf226a6ecfee3b7961bfcbf7b1a8c05aea164a3aa3c989d78cea920bbb7abd3e9317985adda9b7fe7d76fc091853f2810ac676e08eb9669209

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_ml.dll

MD5 299876173bd1d287810f2b228676b2d2
SHA1 8869960af433f7834cc52856beb4477fe4934ea0
SHA256 4ccd80bba3e5c68ff394233d1888ae0be69bc6530c8c86a397ec88778644f678
SHA512 463b5b3cc1bcea025c57bdf333d155c8883c113820b712355e937c2fa3aebcc8066a7e567244590c897009b7af13da9e33fe7fa7cc8daa04a77cd8b42530a757

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_lv.dll

MD5 0a9b66838b78c6495747bd0771faf528
SHA1 5f20b60dd6bfc66a33f5c548a4c2d4ca3a9c523c
SHA256 4e23c5bb7ee2729b7a3900c8893c63e25b578962e481e06479d11071704c3935
SHA512 3fd7c467098d0151aa46516d246fc5b49b088ed326eca75324dfcdfd92a414374c41b1f47a790fc9289d48b6b156faa2f4c232f8170738a14ddd221580d07fcc

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_lt.dll

MD5 ef4a6970622f9aec0d07878506f53428
SHA1 431a38893d85cb56da24b04edb84cb9d8a2db562
SHA256 1e3567d589f9065c07f23568d72484129369b312000fcad39b3c396a16ca4a79
SHA512 bce29c943b1a98c78fd7da729498efeeb10c0e6b73790c8bc9c0bd7203818268ac1639c9022a462b3b2904fadbed26f44e9995fbc7887a9ee2784091ef15a5c1

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_ko.dll

MD5 521b303acba2fdc8f4188577b96bc30a
SHA1 c7bea12d9c28c6fa5c5949f23a9c20a9f5f2f70e
SHA256 2488aef59063829972e7b5bcee9ca191807e89adc594fcacd8ae6007470ffaa6
SHA512 6de536de414ec2a5d68323dd77c2d6c0cd5b8c8503c94f9eca0a89f68f04892b374ab047686fe96a2ca8c9ced7da8c83d5a7ba2a793642529e28ee75cc37a048

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_ja.dll

MD5 2d8aa5109d9c85ef618b58869f178253
SHA1 7d339a31f10438cd48edfaec408c56b22a72ae88
SHA256 2c50b3a69a2aeab774a6b9f3b394d928ae2bf9b77b89912ef2a7f8c3864b5e43
SHA512 1d5a0e11929c88520ab5d21465229c2e47a63c22965df4d3759f62032b5b3d1769d55ad414d040ce037a89e86f02d47b1234827822fed94ff55255b5571182e1

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_id.dll

MD5 9ddf346af7105078f3c5f6ca15b062d6
SHA1 890727a3efb6c1752b060b12a78811bdb05c8429
SHA256 3d125804addff9eb36b7fb9afeacdf7866fc2120b8e35f06aaf0bd5f98e8dfa5
SHA512 d82f6bc3c532a7b61839c5a038414d9c16195cd4d0ff9a69b31bcb3afdebc24f13be53cecf931957bbf1dd3d879b15ad70375096f4bc2bbfcd62e938ae730d3b

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_hu.dll

MD5 36f712250df4a20e5a28ab54354608a4
SHA1 2057995d379d70b8ecd1d9b93197383f99edacae
SHA256 e7005ab9665440218bd456e0512c0c7f6bdee837724a6ff28848df22baa83ae7
SHA512 7fa014767238a0f490c56e75bfe27a64078479d490a4f95dfb3292236d3d6eba67e39564b2dcf4e44850c7222db530d846fb0503eca4e659bb57c627da6233ea

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_hr.dll

MD5 e47b4a862dddc6fa892bff0fd3e6c6a0
SHA1 dea727187788b56e621fac92721f22f35616977b
SHA256 bab75e543851c62d9f7b1c71cdaecd2aadc1bb7c6769f8341db817f2616c6b68
SHA512 8dff1d00924dcd3395179a5f531ef8005b6eb3a6e577abc4204f3c41a234f8c19de76e87786934138efa996d188469bfe89c30b2a03a00979ae99275286654da

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_it.dll

MD5 e1835371ee49dddcb6898b2a8015c1c4
SHA1 2dc11fe158cabbddaad18fe5c90a90cf02cb8468
SHA256 e7f301cb7c6deb08aaafd289d4b669cb55e5979cc7703fe28e044ca7d41c40d1
SHA512 57240774fc9dfe57ac58888de8ea80699a2e0b628c01ea371e0deba3564ad40a16a0c76dafb7cc6a1658117edd48e25cff8e2241a893c28717634e2ddf56951e

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_is.dll

MD5 5c79ef8f4467dbfcf0161c384677f2dc
SHA1 4e31e1ac60c85c01f622166682550c615c240f99
SHA256 b7ebd5f63c0268b423a37ed5606be4c5a98ac7b79c3b2c7a908e7758736ac486
SHA512 5a6015f3428c3952aaf87b16a1b6bb344f42f155304172078f05cb862f386e371140ccd14798646e69ce80d8cf432888aa0d2f69245f9f33affea16cef3c3bfa

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_hi.dll

MD5 1af755c765cdadb74de6f4b546588720
SHA1 8508af996cbe21b630095ff1afff0763b9030836
SHA256 bc4d28cf08cb49c6a96f11e837b862c2570b8feae40a320979fef4689292f262
SHA512 b8aaa9b789b54a07ece1e410f50e36c35943d85dda6baabb0b99ef4ce50f18db5aca61fff6ec0acc78af0f56598104f99109ae32c93bd79911c66a5d1cd8fd54

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_gu.dll

MD5 b261ca243143132113962d060983c600
SHA1 342b514ddb1566ac8d89d432b1e607536828bf85
SHA256 b3111f3e780a788bb10232408a7a13bd16304cd99d6be5b2415798827f70003a
SHA512 9491446f975f9ac27dd97f3459a9d463b62805440461c241ed27af0957ff0974325d58a61189bec60f626b8d3dc93caf3ae4e776e696bc92b4d6208bacbdbcd3

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_fr.dll

MD5 3769c44cc293a7894c7014b2cceb8578
SHA1 d9bc63916a2d96e5c0ba2cf3e533aecc6463270c
SHA256 484b8c7997926aa611bf15665f6a3482b35d5a99d91493cc822ef90d70719ba5
SHA512 dd135d5e6f4af7e46233bf41e743ef25802a41f92f7fdd36da680f1edda0941ac53aaca276a38f3ec34f7b47f706d15f26e21c613d09b2a823a4bbd0d7ab60aa

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_fil.dll

MD5 b1c8a5d0e251ad0f88c33ac82daaee6c
SHA1 c575c763de138d96550fd7022ee8bf737c528e3e
SHA256 48e3f78b12fd65fbfa64344c86c0aaf84b3f1bbeaea4bbe71c35fc8ebef9cff2
SHA512 4ab68b42d485c3d301ffd787e320dc6efb5b41d17e58e0f8cd76a02038512785b9af7599e029839218dc41abb1d5e5f4f922364edca3d691ea4f7f1b544c433e

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_fi.dll

MD5 0cea0902425885aa28ce33941ac5ba86
SHA1 f7075b25ed4acb54863af75f2847461840b538c0
SHA256 7b398f815cbc97a0c2182356a860f58a929beae897423fb2c918f0f6f19348b5
SHA512 2c5aff3d2a6125888158e560ae85c56c4ca2d908bcdfc3df4dbeb353c01be8606aa563044a4e19a8971e197fdb1aaa03d04e4d4bc9fa525d6cc6f012eb02c028

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_fa.dll

MD5 49a43c647de8381f1ec6aa7fdec9e40b
SHA1 3573dd447925707b7ab4f7dc20aa167e055d4c7d
SHA256 107940a04c9392143b9693437832b60413e496f3a4152568001e370ff5c63b6a
SHA512 c2b3c3378223d4b14dc47b9e08077cde1d631ed0a4ea1b2bdb8d056d3537b8802c2c1e7f78cf8afbf388e947a22c5e797a582fb2c3489feca491c180374fbec7

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_et.dll

MD5 3734e667b7ac97726ff4e77b30eb47ea
SHA1 13e223c19933dda3d13db6aaac23a93dd0854082
SHA256 1687cc0d1b9948221fa2d005dc6aeacbc730dd5f79073118318578eeceeb0a11
SHA512 e2d41c8c7bc9ba30df30ae2805a0189a901c1c05c423622099e6fdca10a5b26d7271715dd51389afeb3732d7a052d30a8bdec0b1cdcf84b01ce2b485c435a81a

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_es-419.dll

MD5 154e315c8210c0b4a0c33a03c1f2c0f7
SHA1 c432d540d85bc8995bbc80f2ae748e22abe8ddcc
SHA256 d6ef58c4f99d160dcb0690e17fc53c4cbba9584995b5c787efd7d5a03f461856
SHA512 47e84f07baddeb1ef91f84f9ff0c02872b749dfcfe293fb994edc35cdf74d44235c1c75cc31e1c638ed9d9b251abf41cf9f159b8ebe844708f183f15b04e19ec

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_es.dll

MD5 452eef818bfc9cfb0b25c8fcbfc87aab
SHA1 7a6bda3d78588b8bf979fa231fcf3ddf21c972ee
SHA256 113def0d64b16936e317fe1cd64d8e76c6b0d3aa2dcf510c69205b733d6edba5
SHA512 8115b59eee3acfd80ce51546af65dfb150f6ce355b0aa09c93a48774e6d97e3f6c69e34e06ccd829a60095f11681b24a8ad0bd14062f50cdda85b0540721f514

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_en-GB.dll

MD5 cebb69519acdc7dd799eed5c196c6c82
SHA1 cbb2d6717df5a48526968e7e269d4825cbda3257
SHA256 8ac7bc668a8e1c317e9f84796b4df2f804d6ad47a60f8759f54990bf243e6981
SHA512 e57f9a568d32e7fad73a7ad43bbcf1afb44361e894f1b336c0251ad21c4de09f6c1d61ef3b09334dab664c32b47f8a5c921053cbcb72ee4f3281f747c2a139ea

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_el.dll

MD5 9dddfb7ca127c2d1e61a6ca4961e9c0a
SHA1 ab0255abc59d74e02fd6fde7f5f0893fa8e7045e
SHA256 be8800221c1ffa7c0a28bbd2042bdd14bfcb8536f8ffab569b07a8c80f8252bb
SHA512 981cf8ead9ea81bdbf70d2556d1843ebb49a5f3b2278d680b264b5f0b83cc50caa351325e4ab62af758e6a8ca41474d4f54355df84c796ca1dd3c6cd689067cc

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_de.dll

MD5 35e401fe16fcb9c81aff7bf56becac57
SHA1 b23eb49d5dc11265b86d74c7eb93b76d5de23fc7
SHA256 5267fbbfb123d5603cbbb60f2d00a0d446dd5885a1e5f032887a49a8a3da08f1
SHA512 7f84d08778a83f32cad5b297ea559cc05cb6b52ae0e72c660e9d0ac8bdf903b797333953f8fc9aff63f997ba35bbb2012b2551e83b85ce985eb3503e30ba54bb

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_da.dll

MD5 de1a987c14f42ff6635643465fa2c60b
SHA1 efc5b757c1076991bb8c3fa9b5eba30146a94c37
SHA256 c768ff1ccfece2edfd19ca3c90f67a32e061cc153987d3865cc1146587b1cb26
SHA512 bbd258b319786752d8ad4cc285f211f2ad269e8282c9442dcdd658d16cf0f60905d921ccd10c568705974195ac45f0a1e8fc23d9f52b73a6b5e9404ce205d7a5

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_cs.dll

MD5 5613fbf25517fbed703346cfcb5c9c4d
SHA1 0ff5e78e51217c7234c2c03047ef0431272132bf
SHA256 dff5216c302bd82c514e053f0a7091b315b98229c9a7c67bd37a41a9a825798e
SHA512 c150adf69b458ff174594ba1e994d90f16a6d2371a69eddf56ab9f1ce3ddd3e3a46ed23301c299bb4b20b641bfb326f945cab55c54c758f851c98c957626675f

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_ca.dll

MD5 a6bf27ef56da45d41cccd66490addf04
SHA1 c6f29f1c0ef1f34d96a6339cb77ee6e54fae7c90
SHA256 83898433d55d80a230b260af4f746621124c35d2a9814339372de47a57cf6619
SHA512 5379586153249969e2edb0b95cac883cb98646264d20d7e837ee96b46b9cc6f54925e1518bde07ac3052edb8ba7bf48f9cb1dbdf6fa1d6855ea181fa32e06579

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_bn.dll

MD5 949aae7ecde2e0d1ec1e78e925dd86ad
SHA1 7836d5c2f0b22b22a2c3c03f3b88eb93577da660
SHA256 adc617b5e3e647355e47006d5b9a130341323c1345fadd25ee880bba89eb95d3
SHA512 2e89840a58c9109799846514474d09808e6c7c0bab3e09dfa0fcaaca74c966225e31586be3e47fbf04a1000fa5f0ded58915183b94ad2e3c11e3632dac31f510

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_bg.dll

MD5 db8908b6627859104bfca1e777743b25
SHA1 c8f25b474747183c7d453616e82c0cbee299b5f2
SHA256 bb6569ad79623eed5f042982c2fe2808d8a9cd2b85b98d9bd0a0cf8999c31eba
SHA512 435f779820588cb885fcbf6aefd2dda37eccd569856a144621417aa8a8ea577ef0a11d4cc708af7cb2cfafe897c75d8e247de0fad6f0ea8e87e00c11b36a1519

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_ar.dll

MD5 7129735aa717dae6a2dab0574e31ceff
SHA1 7851be57ed9f76de24ec2a9264352679fcf9ff8c
SHA256 f4a1a5b7749bafd84927ae0a281db0eee2e2a1ce9cd77ca08165f8bc587cc3b3
SHA512 cadf0a4c93798139ad7a5e95b12411a927d5cc78980389aa94be7a86b6d61e6c64f807bcfe2a494a02e9ef242cc4515566c004acf8fa5d6c33685171e87a6e32

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\goopdateres_am.dll

MD5 3d047b2327fdc1490d35de702cabfd87
SHA1 7e95b34cdd0e778c5f8e99a719084d6058752647
SHA256 dd0e5047fe6036f3fbea9d04c7563afdb31bd88e42f19879d75299c685c08dd5
SHA512 bb0103fe46fa005d4b979b0304f6c4df225427d4d5ead92c3ed6deb36feae26429664a2a6d4ac046db9ff3387dade1f9ef757f3e26b9a392663f99e920ff1837

C:\Program Files (x86)\Google\Temp\GUM6DAE.tmp\GoogleUpdateComRegisterShell64.exe

MD5 54fdef34ec0349a9c8ee543cafa25109
SHA1 2b0c0ae0a7ef0ea23d5d9e0c3406cf5df969d50e
SHA256 974ec719d34ac9af4d37681a8a6dfeb24f3dd136b2681be09dbc86afb6d9f616
SHA512 02a381991259df41a15f2cd49e906fa926a5d979913596f8d606aa652a500ec3316d6dd7b35d836307081b1dc5344b352de92e6bd6f2f2c882764f3f976cb561

memory/396-287-0x0000000010000000-0x0000000010030000-memory.dmp

memory/396-293-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1400-297-0x0000000010000000-0x0000000010030000-memory.dmp

memory/4960-305-0x0000000010000000-0x0000000010030000-memory.dmp

memory/3396-306-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1400-309-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Program Files (x86)\Google\Update\1.3.36.132\goopdate.dll.tmp

MD5 4e014208b88d99844b69abde741a9246
SHA1 481b93c141985a3b4fb2b4c5eba3c56bd8a9bc06
SHA256 d1ad2029fa6573c6bc1e1da7526003c918ee7f43cc9ea203836e9404da2937f3
SHA512 098f8ff3d7500fd12def4cc2d6b60b28c4ab7ee181759091eed3fdfba27dccc80bbe8b4f66c6d7face92950dc44c030b13ddd837de3ae2cde0a81b2a0b0eb905

memory/5112-318-0x0000000010000000-0x0000000010030000-memory.dmp

memory/620-319-0x0000000010000000-0x0000000010030000-memory.dmp

memory/620-325-0x0000000010000000-0x0000000010030000-memory.dmp

memory/4960-327-0x0000000010000000-0x0000000010030000-memory.dmp

memory/5112-324-0x0000000010000000-0x0000000010030000-memory.dmp

memory/5112-323-0x0000000000890000-0x00000000009E7000-memory.dmp

memory/620-326-0x0000000074D20000-0x0000000074F03000-memory.dmp

memory/4960-328-0x0000000010000000-0x0000000010030000-memory.dmp

memory/4960-329-0x0000000073820000-0x0000000073A03000-memory.dmp

memory/3396-332-0x0000000010000000-0x0000000010030000-memory.dmp

memory/3396-331-0x0000000073820000-0x0000000073A03000-memory.dmp

memory/5112-338-0x0000000010000000-0x0000000010030000-memory.dmp

memory/4960-341-0x0000000010000000-0x0000000010030000-memory.dmp

memory/3396-344-0x0000000073820000-0x0000000073A03000-memory.dmp

C:\Program Files\Common Files\System\symsrv.dll.000

MD5 1130c911bf5db4b8f7cf9b6f4b457623
SHA1 48e734c4bc1a8b5399bff4954e54b268bde9d54c
SHA256 eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1
SHA512 94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0

memory/5112-352-0x0000000010000000-0x0000000010030000-memory.dmp

memory/620-353-0x0000000010000000-0x0000000010030000-memory.dmp

memory/3396-362-0x0000000010000000-0x0000000010030000-memory.dmp

memory/3396-363-0x0000000073820000-0x0000000073A03000-memory.dmp

memory/4960-360-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe

MD5 5aa8ebc484fabcfaba8d10170d0b4b59
SHA1 522c14c36b2a515426b0a97c97d9a11b20605fcb
SHA256 fcdf6ee87d81342d7949eb27d5716de504b0b0c7feb9ade2e24a4f83f2fc4165
SHA512 fd6f029b11908bf19532b4991cdd02a398d1be1bdbcc4b59adba2ae72a3cf3430b52a94be0b6487844b8b74b094aa91d1f514116ea14ae585ca65382f95c702d

memory/5112-398-0x0000000010000000-0x0000000010030000-memory.dmp

memory/620-399-0x0000000010000000-0x0000000010030000-memory.dmp

memory/620-400-0x0000000074D20000-0x0000000074F03000-memory.dmp

memory/3396-404-0x0000000073820000-0x0000000073A03000-memory.dmp

memory/2988-421-0x0000000010000000-0x0000000010030000-memory.dmp

memory/3660-426-0x0000000010000000-0x0000000010030000-memory.dmp

memory/5000-429-0x0000000010000000-0x0000000010030000-memory.dmp

memory/3660-428-0x0000000010000000-0x0000000010030000-memory.dmp

memory/3396-432-0x0000000010000000-0x0000000010030000-memory.dmp

memory/4960-436-0x0000000073820000-0x0000000073A03000-memory.dmp

memory/2988-437-0x0000000010000000-0x0000000010030000-memory.dmp