11fe7a13ad470ff3c39423f1ebb5b7abff8cf8a656d2ac97c0183d680d07687c

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$1/setuppicasa39-setup.exe
Size

13.0MB
MD5

3df3d3c125d3bb1a5bd55e88f9e48920
SHA1

72f3e2f18e83d60ec657f03c341a3c1df701c2a9
SHA256

cc36161b6d8ea29528bed7d5883ad260cfc8d8e32825938c52e93c1a495c355b
SHA512

a171cb62b35f63749f25196f5f94805f44b1795ba9d0c4e9a26f2511afff82f500f76b913b96f83e777e0a4089a4dcd5d804b1fcd5a655dc094b741198b25bcb
SSDEEP

393216:1pOtxS2JzVMrK5r8KmON15WytJQmA79/uFJOV:1pgxSezmdq1ztJQl

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

GPhotos.scrPicasa3.exePicasa3.exe

pid process

2784 GPhotos.scr
1600 Picasa3.exe
1432 Picasa3.exe

pid	process
2784	GPhotos.scr
1600	Picasa3.exe
1432	Picasa3.exe

Loads dropped DLL 17 IoCs

Processes:

setuppicasa39-setup.exePicasa3.exe

pid	process
2348	setuppicasa39-setup.exe
2348	setuppicasa39-setup.exe
2348	setuppicasa39-setup.exe
2348	setuppicasa39-setup.exe
2348	setuppicasa39-setup.exe
2348	setuppicasa39-setup.exe
2348	setuppicasa39-setup.exe
2348	setuppicasa39-setup.exe
2348	setuppicasa39-setup.exe
2348	setuppicasa39-setup.exe
2348	setuppicasa39-setup.exe
2348	setuppicasa39-setup.exe
2348	setuppicasa39-setup.exe
1432	Picasa3.exe
1432	Picasa3.exe
1432	Picasa3.exe
1432	Picasa3.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops file in System32 directory 1 IoCs

Processes:

setuppicasa39-setup.exe

description ioc process

File created C:\Windows\SysWOW64\GPhotos.scr setuppicasa39-setup.exe

description	ioc	process
File created	C:\Windows\SysWOW64\GPhotos.scr	setuppicasa39-setup.exe

Drops file in Program Files directory 64 IoCs

Processes:

setuppicasa39-setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\greyfrm\framebase.tpl	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\no.lproj\i18n\cdgo.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\fil.lproj\i18n\restore_stringres.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\lt.lproj\PRMainMenu.nib\keyedobjects.nib	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\ca.lproj\i18n\restore_resexport.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\fi.lproj\PRMainMenu.nib\info.nib	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\blackfrm\itemheader.html	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\greybg\includedtarget.html	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\sv.lproj\i18n\cdgo_stringres.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\English.lproj\PRMainMenu.nib\info.nib	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\ca.lproj\i18n\cdgo_stringres.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\ja.lproj\i18n\cdgo_stringres.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\Current	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\runtime\winedisable.txt	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\blackfrm\frameImageSet.tpl	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\xml\footer.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\dropper.png	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\ca.lproj\PRMainMenu.nib\info.nib	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\pt.lproj\PRMainMenu.nib\classes.nib	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\runtime\Praxis Semi Bold-Heavy-13-1.000000-700-0.ytf	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\bg.lproj\i18n\cdgo_stringres.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\GoogleBreakpad	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\de.lproj\Localizable.strings	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\runtime\gpuploader_filestatus.fen	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\greybg\preview.jpg	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\ca.lproj\i18n\cdgo_resexport.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\zh_TW.lproj\Localizable.strings	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\es.lproj\PRMainMenu.nib\info.nib	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\uk.lproj\PRMainMenu.nib\info.nib	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\runtime\Praxis Semi Bold-Heavy-12-1.000000-400-0.ytf	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\runtime\gpuploader_quota_error1.fen	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\documentation\examples\footer.html	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\whitefrm\footer.html	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\fil.lproj\i18n\cdgo_resexport.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\zh_TW.lproj\i18n\cdgo_stringres.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\blackbg\imagetarget.tpl	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\zh_CN.lproj\i18n\cdgo.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\whitefrm\thumbnails.tpl	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\de.lproj\i18n\cdgo_resexport.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\lt.lproj\i18n\cdgo.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\cs.lproj\i18n\cdgo_stringres.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\bg.lproj\i18n\restore_stringres.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\lv.lproj\PRMainMenu.nib\keyedobjects.nib	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\lv.lproj\i18n\restore_stringres.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\runtime\Praxis Semi Bold-Heavy-18-1.000000-700-0.ytf	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\i18n\uninstall_el.html	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\blackfrm\footer.html	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\whitefrm\imageset.html	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\whitebg\index.tpl	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\hr.lproj\i18n\cdgo_resexport.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\sv.lproj\i18n\cdgo.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\runtime\gpuploader_download.fen	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\runtime\filterdesc.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\greyfrm\preview.jpg	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\whitebg\includedtarget.html	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\whitefrm\assets\style.css	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\Dialogs.nib\info.nib	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\pt_PT.lproj\i18n\restore_stringres.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\sk.lproj\i18n\restore_stringres.xml	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\web\templates\greybg\index.html	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\en_GB.lproj\Localizable.strings	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Resources\zh_CN.lproj\Localizable.strings	setuppicasa39-setup.exe
File created	C:\Program Files (x86)\Google\Picasa3\runtime\slingshot\respack.yt	setuppicasa39-setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

setuppicasa39-setup.exeGPhotos.scrPicasa3.exePicasa3.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setuppicasa39-setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GPhotos.scr
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Picasa3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Picasa3.exe

Modifies Control Panel 1 IoCs
evasion

Processes:

GPhotos.scr

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Control Panel\Desktop GPhotos.scr

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Control Panel\Desktop	GPhotos.scr

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

setuppicasa39-setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\Picasa = "3.9"	setuppicasa39-setup.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

GPhotos.scr

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-18	GPhotos.scr
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\curtheme25 = "burnstheme"	GPhotos.scr
Set value (int)	\REGISTRY\USER\S-1-5-20\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableStarList = "0"	GPhotos.scr
Set value (int)	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software\Google\Picasa\GBScreensaver_d\Preferences\GaiaSilent = "0"	GPhotos.scr
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\EnableFavoritesActivity = "1"	GPhotos.scr
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Google\Picasa\GBScreensaver_d\Preferences\scrid	GPhotos.scr
Key created	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software	GPhotos.scr
Key created	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software\Google\Picasa	GPhotos.scr
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\EnableFolderSources = "1"	GPhotos.scr
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableScreensaverAlbum = "1"	GPhotos.scr
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Google\Picasa\GBScreensaver_d\Preferences\ext_install = "Oct 2, 2024 10:21:59 AM"	GPhotos.scr
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d	GPhotos.scr
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Google\Picasa\GBScreensaver_d\Preferences\GaiaSave = "0"	GPhotos.scr
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Mozilla\Firefox	GPhotos.scr
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\GaiaUser	GPhotos.scr
Key created	\REGISTRY\USER\S-1-5-20	GPhotos.scr
Key created	\REGISTRY\USER\S-1-5-20\Software\Google\Picasa	GPhotos.scr
Key created	\REGISTRY\USER\S-1-5-20\Software\Google\Picasa\GBScreensaver_d\Preferences	GPhotos.scr
Key created	\REGISTRY\USER\.DEFAULT\Software\Mozilla\Firefox\Extensions	GPhotos.scr
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\EnableRSSSources = "0"	GPhotos.scr
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\GaiaEmail	GPhotos.scr
Key created	\REGISTRY\USER\S-1-5-19\Software	GPhotos.scr
Key created	\REGISTRY\USER\S-1-5-19\Software\Google	GPhotos.scr
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableLHSources = "1"	GPhotos.scr
Key created	\REGISTRY\USER\.DEFAULT\Software\Google\Picasa\GBScreensaver_d\Preferences	GPhotos.scr
Set value (int)	\REGISTRY\USER\S-1-5-20\Software\Google\Picasa\GBScreensaver_d\Preferences\EnablePicasaSources = "1"	GPhotos.scr
Key created	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software\Google\Picasa\GBScreensaver_d\Preferences	GPhotos.scr
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft	GPhotos.scr
Key created	\REGISTRY\USER\S-1-5-19\Control Panel\Desktop	GPhotos.scr
Set value (int)	\REGISTRY\USER\S-1-5-20\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableLHSources = "1"	GPhotos.scr
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Google\Picasa\GBScreensaver_d\Preferences\GaiaEmail	GPhotos.scr
Key created	\REGISTRY\USER\S-1-5-19\Software\Google\Picasa\GBScreensaver_d\Preferences	GPhotos.scr
Set value (int)	\REGISTRY\USER\S-1-5-20\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableRSSSources = "0"	GPhotos.scr
Set value (str)	\REGISTRY\USER\.DEFAULT\Control Panel\Desktop\SCRNSAVE.EXE	GPhotos.scr
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\EnablePicasaSources = "1"	GPhotos.scr
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\EnableStarList = "0"	GPhotos.scr
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\GaiaSilent = "0"	GPhotos.scr
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableStarList = "0"	GPhotos.scr
Set value (int)	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableFolderSources = "1"	GPhotos.scr
Key created	\REGISTRY\USER\S-1-5-19\Software\Google\Picasa	GPhotos.scr
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableMyUnlistedActivity = "0"	GPhotos.scr
Set value (int)	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software\Google\Picasa\GBScreensaver_d\Preferences\GaiaSave = "0"	GPhotos.scr
Set value (str)	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software\Google\Picasa\GBScreensaver_d\Preferences\GaiaUser	GPhotos.scr
Set value (str)	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software\Google\Picasa\GBScreensaver_d\Preferences\GaiaServices	GPhotos.scr
Set value (str)	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software\Google\Picasa\GBScreensaver_d\Preferences\scrid	GPhotos.scr
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\EnableLHSources = "1"	GPhotos.scr
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Google\Picasa\GBScreensaver_d\Preferences\GaiaSilent = "0"	GPhotos.scr
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Google\Picasa\GBScreensaver_d\Preferences\curtheme25 = "burnstheme"	GPhotos.scr
Set value (int)	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableRSSSources = "0"	GPhotos.scr
Set value (int)	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableMyUnlistedActivity = "0"	GPhotos.scr
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\GaiaSave = "0"	GPhotos.scr
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\GaiaPass	GPhotos.scr
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableMyActivity = "1"	GPhotos.scr
Set value (int)	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableFavoritesActivity = "1"	GPhotos.scr
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\advanceinterval = "3.0"	GPhotos.scr
Key created	\REGISTRY\USER\S-1-5-20\Software	GPhotos.scr
Key created	\REGISTRY\USER\S-1-5-20\Software\Google	GPhotos.scr
Key created	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software\Google\Picasa\GBScreensaver_d	GPhotos.scr
Set value (int)	\REGISTRY\USER\GPSCRSAV-{D5CB4A03-D2A0-4FBC-93FF-3AC90EEDD337}\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableMyActivity = "1"	GPhotos.scr
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\scrid	GPhotos.scr
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableFolderSources = "1"	GPhotos.scr
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Google\Picasa\GBScreensaver_d\Preferences\ClientCrash	GPhotos.scr
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Google\Picasa\GBScreensaver_d\Preferences\GaiaServices	GPhotos.scr
Set value (int)	\REGISTRY\USER\S-1-5-20\Software\Google\Picasa\GBScreensaver_d\Preferences\EnableScreensaverAlbum = "1"	GPhotos.scr

Modifies registry class 38 IoCs

Processes:

setuppicasa39-setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\Shell\Upload To Web Albums	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PicasaPhotoViewer.exe\Shell\Preview\Command	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PicasaPhotoViewer.exe\Shell\Preview\Command\ = "\"C:\\Program Files (x86)\\Google\\Picasa3\\PicasaPhotoViewer.exe\" \"%1\""	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\DefaultIcon\ = "\"C:\\Program Files (x86)\\Google\\Picasa3\\PicasaPhotoViewer.exe\",-102"	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\picasa2.autoplay\DefaultIcon = "C:\\Program Files (x86)\\Google\\Picasa3\\Picasa3.exe,1"	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\picasa2.autoplay\shell\import	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Google\\Picasa3\\PicasaPhotoViewer.exe\" \"%1\""	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\picasa\shell\open\command\ = "\"C:\\Program Files (x86)\\Google\\Picasa3\\Picasa3.exe\" \"%1\""	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\Shell\Preview\Command\ = "\"C:\\Program Files (x86)\\Google\\Picasa3\\PicasaPhotoViewer.exe\" \"%1\""	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\Shell\Upload To Web Albums\ = "Upload to Web Albums..."	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PicasaPhotoViewer.exe\Shell\Open\Command	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\picasa\shell\open	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PicasaPhotoViewer.exe	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PicasaPhotoViewer.exe\Shell\Open\FriendlyAppName = "Picasa Photo Viewer"	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PicasaPhotoViewer.exe\Shell\Preview	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\Shell\Upload To Web Albums\Command	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\Shell\Upload To Web Albums\Command\ = "\"C:\\Program Files (x86)\\Google\\Picasa3\\PicasaPhotoViewer.exe\" /upload \"%1\""	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\picasa2.autoplay\shell\import\command	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\picasa2.autoplay\shell	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\picasa	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\Shell\Open	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\picasa2.autoplay	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\picasa\ = "Picasa Command protocol"	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\Shell\Open\Command	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\picasa\URL Protocol	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\Shell\ = "Preview"	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PicasaPhotoViewer.exe\Shell\Open	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PicasaPhotoViewer.exe\Shell	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PicasaPhotoViewer.exe\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Google\\Picasa3\\PicasaPhotoViewer.exe\" \"%1\""	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\DefaultIcon	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\picasa\shell	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\Shell	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\Shell\Preview\Command	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Google.PhotoViewer.3.0\Shell\Preview	setuppicasa39-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\ = "\"C:\\Program Files (x86)\\Google\\Picasa3\\Picasa3.exe\" \"%1\""	setuppicasa39-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\picasa\shell\open\command	setuppicasa39-setup.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

GPhotos.scr

description pid process

Token: SeRestorePrivilege 2784 GPhotos.scr
Token: SeBackupPrivilege 2784 GPhotos.scr

description	pid	process
Token: SeRestorePrivilege	2784	GPhotos.scr
Token: SeBackupPrivilege	2784	GPhotos.scr

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

setuppicasa39-setup.exe

description	pid	process	target process
PID 2348 wrote to memory of 2784	2348	setuppicasa39-setup.exe	GPhotos.scr
PID 2348 wrote to memory of 2784	2348	setuppicasa39-setup.exe	GPhotos.scr
PID 2348 wrote to memory of 2784	2348	setuppicasa39-setup.exe	GPhotos.scr
PID 2348 wrote to memory of 2784	2348	setuppicasa39-setup.exe	GPhotos.scr
PID 2348 wrote to memory of 1600	2348	setuppicasa39-setup.exe	Picasa3.exe
PID 2348 wrote to memory of 1600	2348	setuppicasa39-setup.exe	Picasa3.exe
PID 2348 wrote to memory of 1600	2348	setuppicasa39-setup.exe	Picasa3.exe
PID 2348 wrote to memory of 1600	2348	setuppicasa39-setup.exe	Picasa3.exe

C:\Users\Admin\AppData\Local\Temp\$1\setuppicasa39-setup.exe
"C:\Users\Admin\AppData\Local\Temp\$1\setuppicasa39-setup.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2348

C:\Windows\SysWOW64\GPhotos.scr
"C:\Windows\system32\GPhotos.scr" /c /installcheck
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2784

C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
"C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" /register
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1600

C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
"C:\Program Files (x86)\Google\Picasa3\Picasa3.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Picasa3\buttons\core-lh2.pbz

Filesize
3KB

MD5
a306fd2cb1f4a18102f02d404c37c17a

SHA1
ce21b7960d44bbc75665f8f87a84e99a6d990e03

SHA256
7d10126097b52abc9eb146a9f6853f7a471315a27c639e12786289a8a97b7f3d

SHA512
d84982c36e6abd4ea3e067dcf7c608f3f38981e4f9cdae660f417c514cceab64c20b3947bba64e6a2d4f81ffbeee8ee2f0f130aa5427cf1a0230b3086bf19c66

Download Submit
C:\Program Files (x86)\Google\Picasa3\buttons\geotag.pbz

Filesize
8KB

MD5
5034b7b3289fa1e53fa83d6cfdde2ec9

SHA1
4de41b594d977406edccc119fe5591b947fa8dc2

SHA256
a345b36cb926592e5c69eb8152151c08e186eab5daf20aa45726636f68cf3905

SHA512
5cb7d1bdaaf230d7b267192a75acd6db0bdea3cd18a5acf7c23f0724ebcd1838b79bf7a3846bc240a9bcd0b65c12909e9afe3fe1c157a3a52272d6235d5c07e8

Download Submit
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Resources\de.lproj\i18n\cdgo_resexport.xml

Filesize
52B

MD5
4be3304509673d14428bd2ffc3070ef8

SHA1
269c46096236a213905c8f2987cd0c422389d300

SHA256
cc678e75294007e177344fb3d841b23e1aa9877b4f5e22aacf93a8fe15fa5b4c

SHA512
96e17a55395aa231d5fdb5103a4a5c8d89074e3806909f6bda2d275a614f01555549db7280f9e48515af472e4d0aabb5568d2589ebc1310218a970c3b09bcb1b

Download Submit
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\PkgInfo

Filesize
8B

MD5
23b7d7d024abb0f558420e098800bf27

SHA1
9f9eea0cfe2d65f2c3d6b092e375b40782d08f31

SHA256
82502191c9484b04d685374f9879a0066069c49b8acae7a04b01d38d07e8eca0

SHA512
f77d501528dd0ced155c80406cfbee38d5d3649b64d2a9324f3d6cee39491eb8f54cdebae49c6e21a20d2309d8fae1b01c41631224811e73483db25a2695738c

Download Submit
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\da.lproj\PRMainMenu.nib\classes.nib

Filesize
1KB

MD5
afe57505e88b3c6cd5d7a27ed6539c66

SHA1
ca6705b7559326c5c60f8a15dfc6751208dd0643

SHA256
bc6af85cb27e3e742ea8e5519483aca800f0d2c3c469c1e6af2161cc5be647f4

SHA512
d5ec7cced627e987028e4eab5030126d31e105c1ea91616a956d55552f19f2e71a1ea327d4039428959d661a33e4f072b806ba20bfb3cdd2d5eb0df98cd4466c

Download Submit
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Resources\de.lproj\PRMainMenu.nib\info.nib

Filesize
530B

MD5
0e168543fd71a479fa5ad0e0613a1ba5

SHA1
9acd86a59ce7ec341021d75817d082118d351c56

SHA256
7c87e946fb8e106d8856a962c780503f602fae5b09a818f5ad3acdfc6468546a

SHA512
dffab3a94b1994d3ec558f308729ded11a9759cc6b4c6e0022ece502ae5d2bb8437211b37549454ddb43ccacf91f0989e61a1c173b4f59fbcff423bafbeac44a

Download Submit
C:\Program Files (x86)\Google\Picasa3\runtime\Praxis LT Regular-18-1.000000-400-0.ytf

Filesize
82KB

MD5
c4eb1660d0346fed620a3b944ffb6b3e

SHA1
aee1df703f84227a7c17f753363a5a6ef27e3d44

SHA256
34dbc906133c2261b1ec33b1db60ac74530330086f9b006a30847cb1590e37c4

SHA512
969ca47fc216e2e49ddb5016a5aa0d1c70f4e7f1f39872b468136ec9d8b996e9fe6959d4433e710f25f96ace5148199cb4f05fce64cc1ec1541a75d73fae7fe1

Download Submit
C:\Program Files (x86)\Google\Picasa3\runtime\Praxis Semi Bold-Heavy-12-1.000000-400-0.ytf

Filesize
46KB

MD5
b9b1fb694d8b9bb80aa95f6616c12fe5

SHA1
804e25542d43f22e6260bb97b45b455e18bcca6d

SHA256
8a9b0a34b7882aadcb8f115d1d4afd2853920008da9f1325abe7433d6e1e9476

SHA512
4f4676d4281aff8fa5848c75d0ff3657b2a9d9f71ac76bf567cbe28b0566ea995f378e8e335563419c0f6515d775736777ee1b9010eac003dcc8ddff0b06743f

Download Submit
C:\Program Files (x86)\Google\Picasa3\runtime\Praxis Semi Bold-Heavy-14-1.000000-400-0.ytf

Filesize
58KB

MD5
487a4d5862bcf560873a344b7767070f

SHA1
c78e60da12d40abee0a63e5180b374a30884ebc2

SHA256
9f8b160fd8c86c6a4fa4ab625482c17112887390b82c0ffc7ac08896f0bf3fa5

SHA512
8a2ffcb06858a3cf8f84761af0e48405d7b128656934faa960a723dfa5a4d66e09f6aae0e99258c9f50c20bcc88d3c3470e64023c7f0a15277486394b4c9c5f0

Download Submit
C:\Program Files (x86)\Google\Picasa3\runtime\constants.ui

Filesize
1KB

MD5
868abfe7f82c10bbc0e344f7121d2e4b

SHA1
cd725b907cac43d4e189719e3544cf5c81ac562f

SHA256
d18a2e2a29fbe16a3a94bde0f441860f80416fe3b1d6bd01107666428d2c12b5

SHA512
8d92626670f30f4c83fa428c09b0c1f18cad8818ffbf44701756f509986bb00e4b96cc062554ca2c0bac1d261ac34b4be210f42e7e3a39e3b02d322bf9984072

Download Submit
C:\Program Files (x86)\Google\Picasa3\runtime\defaults.ini

Filesize
356B

MD5
4488879c5b32982f7d98c274348e6a7b

SHA1
61f5897a43b9ea291a137be8b500a2e5d731eb65

SHA256
dc04fcffa784ade6ab0226450158dc6bd76e2dec6afa7e27ef1b9ec2ffd8435d

SHA512
5339c8156964c7af8b830c711edea3b2bc612a85387c4ee40797f10664861b03e32b453e80fee0f56af2a739526a0fd406ff1cd0be4b71a3ec979a9492fc310e

Download Submit
C:\Program Files (x86)\Google\Picasa3\runtime\favicon.ico

Filesize
24KB

MD5
16f2debd59c4f4b5daf07be31d0fce1b

SHA1
88ff8c5577a457d3d0363d6d3f18deafd74e3db6

SHA256
ec9d4952fa4feaa1329a70869d7cbb52d8bd4f43c0bb5bea4e212519c539c73d

SHA512
c47e063e6de4bd8da58301c079f863c0ccfd7433bd6a4455768f3a14a23d6c4c90ce8e6988abdb8859f3723bb5cf888cf22d49b2eba6f189b231d15980db2c70

Download Submit
C:\Program Files (x86)\Google\Picasa3\runtime\filterdesc.xml

Filesize
61KB

MD5
2cdd163f7ab2cec09d0f6990f2a179bc

SHA1
596ef286c13dc4a83da3c89fa70e6d3ccafef943

SHA256
34373e60269bf1fd6ab0adea02e848784f018cbbcd3f2f72b9ba4653e3ac640a

SHA512
3cc3d6a361f270111ce1d45690c6c7d8761ec3a09838224ecbef6b6eb3d9636571c10d44a43ebb6ca9aa5983eca655e9f070bd9211fc7b18b1c025ec4249120f

Download Submit
C:\Program Files (x86)\Google\Picasa3\runtime\filters.txt

Filesize
107B

MD5
585e25bb4a4d3a4b576e701c37812da2

SHA1
1896186835f60dc42205ad75766fcae9b795bfd8

SHA256
283404ad7d36459aff05b33843939158279bd42055080ff47e30d686ad134ea5

SHA512
f29fca1e10d37b9a4caba67a28504bcf09f601a91d9923d909a65e9edcb9cfbde523e2de2ac8eb804e1f25c2e66e08ea3c8b0c81c510fcc2192a66f2c1aeb2aa

Download Submit
C:\Program Files (x86)\Google\Picasa3\runtime\fliprtl.txt

Filesize
2KB

MD5
8a1ca7381ca83f1d564a8009685a6357

SHA1
a21cbc795d3ca4b42a9b035ea3d02ef5164b04c7

SHA256
2a5275e4f3b232c360a8e5c05a4629c046aecc7a94c99aa0294d0168f2d808c2

SHA512
f8fe00166654a9d35be82367d064f59df56a1eade3b7c916c070528c9c2bc57b082c53e4a3bf694c4e1e4cc7b1befc1e9ac9a8e9c69d6fa74e3c98eafc4814a9

Download Submit
C:\Program Files (x86)\Google\Picasa3\runtime\respack.yt

Filesize
3.7MB

MD5
b36ca3db66a3357d94b8790cd8771c65

SHA1
10c0e8c6ebef517963bbea04d79d16bdb1464f42

SHA256
247040b6aef7f8255e1dae35cd22007c9a67cecc6b8e66946535ea14d0475444

SHA512
5e49852dc974f6acf4baf8885bfb3b4c6474d50a11a86f4fc3257e2fed7d2d5626bc613524d1ac4a9333f09267a430bd2094e4c826a173708c59afba823aa549

Download Submit
C:\Program Files (x86)\Google\Picasa3\runtime\splashbk.jpg

Filesize
43KB

MD5
dde7ce5ea50e33bee533609428d713d3

SHA1
f4b491360680ad0409b63b31213bbeacd930327c

SHA256
a25cf9995bc198418d5b513db1a5ea272dd871fd109313f7f04e5bb5db8276f0

SHA512
04a19252a709c5e6c130b5f24c3f15ffbff45fd1fb96b49d84f17afcacdd73ef3f0ad4f8a1ef26ad6e6175ddbbb03b1ec27f67b2f23910c0d0bc5d4d67f06e4c

Download Submit
C:\Program Files (x86)\Google\Picasa3\update\LifescapeUpdater\currentVersion.ini

Filesize
67B

MD5
1544ce8fc87fc86288c6b464f5b0828c

SHA1
f13665bd7d1a3ce88147d70e577125665eb39591

SHA256
652b5a200af64ac1f836646e948e46c0584425f70263bcdafc28d6c8b4e2fd55

SHA512
dceb4586c651b5938e59d8fcc56f48c84f4d5b0dfb3f82e9fabb4b33e6d1a2446dfc9f6535a9f10d5567881c4391046b1943c2df1f76fc4d9627a958ea4d80e3

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\greybg\frameset.htm

Filesize
462B

MD5
1f4d1252156541cf6825b694a4d51566

SHA1
6bd741aab174a778b0a912ef6db825c4a7e2650c

SHA256
e45227535c0e87ce3b3e121e7cb568114a65f38b24de3a951d91906be838293e

SHA512
7fa923a564aaf18eadbe90569bd3a3a29e55436f84622c2584606b2069983a881c4bbb8447bcb68b1febee9c471e27018de26a6f39ea17e1843e60d12d035a76

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\greybg\header.html

Filesize
359B

MD5
e97374844ef118e3ac0a81a97fbf21bd

SHA1
de4dec146a2427c3d3eed03034788f7cdc3bf5fc

SHA256
41e483b5e01ec66c066f13d810612a58ed8eb7b3b753d8a9b47ede62a4af7ed5

SHA512
795fce4edc52ea656e6a89df5ea8439d40a944c65ef414783ae1e20440d59bb50f81a00ca947d4ae5039dacd9a92212bcaebed2fbcb2cfbcc79ce80713ad84b2

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\greybg\imagelistelement.html

Filesize
182B

MD5
1f5bc1d3d13e36cd76e50f44b1ccac2c

SHA1
e1b99b2e996bcae144ced09ce491795c40d2764f

SHA256
bedb80e2c65c7ff96469cc894bbd114737784ee7866ed5c0ffc7284aecb20d6c

SHA512
c897d5bca66c6cf2f08403c4f153395c6781cbcc0a820cd479f9b045e236020b8960ef1b0ab545cce18c87df312c0ca04b711feeb3a3e4ded3cf247e3f238572

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\greybg\imagetarget.tpl

Filesize
1KB

MD5
8aff34838dcedbe0c42ec0a66a58d032

SHA1
57a389e5d389161e6b0ce936c54ea036f1604404

SHA256
51764ba905e29b298e15ebb858616172e2de9c2cae0b27516810922668666ed5

SHA512
2a176cc0d1261d20e716f69d08d72ac3e43f9c7086421acc3fbd13913794fe92a70cc0ca105724c53b099eba1e81a929f46f43e170e8a5c21f6a463b01890c4d

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\greybg\includedtarget.html

Filesize
178B

MD5
cc8ffe5be72c7f6aec09b84a7dc6c974

SHA1
c6b620e722543d7ecaa45a3e2b07043ca22184b3

SHA256
7ab014bfdf2fb111b45087c90a495a14c339453c77da9215b2b034d432386711

SHA512
6d4644c3f0800b32cfacc388dc1515abb1fd668bf4f04258352cc5308f0e882cc67add65b72636f9e53132cee30afad1dbe3274df1db7570bf2bc6f23b28f5d1

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\greybg\index.html

Filesize
667B

MD5
94e21252fdb65e018486cd928c8d1378

SHA1
b9169e767c9182c22ba3c5449a22ca5ec7b531f5

SHA256
ce651deef969e7e1204e6cdc7c85d136a793103d893032acacd4ef9e30dac2c2

SHA512
987bdea4635ba0aefee39285f974c03e26b17e861ddef1ad2b8f3468a219c056e086cd0d6dc91f93e2e2cdd9c50faa24d0aa6be7f80bf40a2fa8616e25463d5a

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\greybg\targetlistheader.html

Filesize
85B

MD5
478250a789bb70b5121aeb9947fbddd0

SHA1
6a8b5e1b38e1f69e34ec146dd4ff9937c605c67a

SHA256
10d1d02f182a22dd96088c47434a9d35722ae9c8375d693c76576aa1a4ce8355

SHA512
21765c84d130bc020c66357c6f7c7a1709fbc204b35f8a47d20684e0faf228b2ce8adb657f95d4e6b26b97d44e01dc52601efee6371a055ee6a23564a62215c6

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\greybg\verboseimagelistelement.html

Filesize
366B

MD5
ed8842064398e0abc3bf8bf40926168c

SHA1
c9175ec82fae118a375e9adfa39f10603af58f2a

SHA256
f485215249fd7978bb633cb75a02a3c6569bf3cebf7d4ed2a591544c1a79f48f

SHA512
02bde287797ddf754fe3eb3cde4891936f0a3de83815d1404ee27b8c0db17a05c929e2bce1823d71028c80d52e329c97f2ab6f70e24ef15bba689f6add2413b3

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\greyfrm\caption.html

Filesize
337B

MD5
7a4c88d0249e2a5c6d8fb9d85fcae445

SHA1
035fb924ac0176e2c3cb447a18ed3a74b046e977

SHA256
e41227f996e9b68a8689180a18ed543d82d010273001d4786d1ae3435aedf70b

SHA512
389e0eb00a3360bab13899d74d628723cf700b5bd45cc2aedc336c4be8606d822134e261393d96af08dac22f8171b17fb7f5fd6827367a457b6e270e37c1d8f8

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\greyfrm\footer.html

Filesize
16B

MD5
1fff66eff9242eee8ec3324428e15032

SHA1
7bdb1e034041cbf3313dc597518e44660d3c2392

SHA256
02ed54edc42fbbbc36988b2a184b67e49568be4807832538ba9b7edda53744d8

SHA512
15c2a4a649b4a7bd3185d66bd41217f3394994dc79ab99aba0db9fac3f8c91c7703e91cb22b788108c9f937e84a1cb3042cca1fe9952346ac2bd1a387f84b266

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\greyfrm\frameIndex.html

Filesize
373B

MD5
ccbde7a32e8bdb607ede9f0ba023ef40

SHA1
141af16ae6a28f731ee39d6fc4b60104f80a251a

SHA256
f4d789dda14f143c0d52b0bc92e1b2414f77d95c4c851941d3a892dbf9767885

SHA512
7bfc667e908d148b0c7e4ba1ad0cc0a148c06c60bf7ce191eee73bb4d8174871261daa367c99f0f909ffc1b8414269fb783ea1df4fa509edacb3a4c7474e958c

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\greyfrm\imageset.html

Filesize
371B

MD5
ca0a0add9a6cd2de7364e16a011dcb08

SHA1
2a78c4ef7ddfd3b18341d2ea9ead89fc6264784d

SHA256
eda2bc2d247ab47594c6ededa99efe9a1704b61ddc081b8324dbea98702b4750

SHA512
1e97af247a1ddabcca01f3d5533530c660b5d0f8a0736cb3860dc7dcf760ab077d6c0aede89d5c93c7afc21c045613f9060f080fe26cfe300585af104f2c3d6e

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\greyfrm\targetlistelement.html

Filesize
1KB

MD5
d1a14817b1137560bc6ca3a22a6ce189

SHA1
aceac48828d0832f4d9c0aadd8df65a5da29998f

SHA256
8e717b2a957308a9d1572d048f17ebc13548276238c3f5fac7b6d1ee56972876

SHA512
16ad7b04fc506557907baf79793d7b1e48657ddcf96fc95f312ee978370405a21a9b543f0fc855311b7029b5fce51a104a9d3af8825b23014249cc516d94b704

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\whitebg\footer.html

Filesize
103B

MD5
75ce1c70a50c40e76ffd78cda74ab479

SHA1
d322eecb2d31480831ddf71b587409646bf19995

SHA256
e8ca4079f6a9bf0360b6bd871ec5323ccebe0ba0f9a6a55f545c40683dda527e

SHA512
55d96a665a2e447c6c72d71666976bce91cc086046e8ca4c078e30af3f6fcf378b83df9a7827ea8b00d304ee30e2e5e87e1480f6e2d1d9c37c01bd54474ff722

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\whitebg\imagelistfooter.html

Filesize
12B

MD5
e0c74237602b2a467d4d5001ec2eeab6

SHA1
c6a25edaf62ecda9412b72e55e9d49880c8176af

SHA256
c9469a26c597e2155429150f992554598b7bf93ef906fd7f3ccd4b8ba4e6a082

SHA512
1627831bf78371aa2d16dcfbcc8723a93ea1651028f89a2c873cacd39a165fdc6843627114c5af1628b44da185a72718baa3e8176e2ccf4620d4d4d4c1e121a8

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\whitebg\imagelistheader.html

Filesize
3B

MD5
4da1a46ec20cf93ee5c846a51e04f0ed

SHA1
63ada55c0ba212a5b1f8d5a70890788f00972bf4

SHA256
33f2799467177287a29260780a107ac98ea63dd6165f67fcc0d74767d0a82090

SHA512
cf55201bf1ac8ccb9a9aa36352064f3270a754c9b596c52f6e250f438e6ac9962e60a6696c55d90c8160c3682cd20adef0176068b8a832f5f4a9d134eace8624

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\whitebg\itemheader.html

Filesize
215B

MD5
331cfc47c3bd9a84097c6dc889ab366c

SHA1
271273696cff4df446eb93a72f99a98a045bf5b2

SHA256
9891fc499e4fadbd26096441ed72bb1909fa5fb5540156d86278938be69caa60

SHA512
7118766a6dcdc078b985c99c94d38fe5ee35cbae3324a64d761bb33bdccc9eb16e24fc7d82b493d17f9dfffd5ea3188dd9289356b6933c035d742336e2a7d2af

Download Submit
C:\Program Files (x86)\Google\Picasa3\web\templates\whitebg\style.css

Filesize
78B

MD5
28d394bf7f25566b8ae5101c8472c963

SHA1
f87166aed2280d329f2f5cc8cfb68dcb9f79b3a8

SHA256
08cb5b18f7a2dae61f8239af79c105cf42350b0e484d50f2344049444c513866

SHA512
51d352560dfccfb178e08c978ccb33dde3fd2a60e87697695c34a3e1dd5bff83b8d63f36ae3c18fcf8251054a0384e003a1996086a0c7175e6c9db76ca9751eb

Download Submit
\Program Files (x86)\Google\Picasa3\Picasa3.exe

Filesize
9.7MB

MD5
6ad50a491f52b1cbece23b603037fbdf

SHA1
4acfb5f57a464610483a7d652cc5f4d1c5f427cc

SHA256
b4684fb49917bd97741802848a8b7eac189a178df56b7fcf5d0b078d892502a4

SHA512
ccaa8a1300ada8c777d32ab51b6c1687b120cfa638ff0c20f1bed78d63fa1020afc69717e8dee7414cc139a7cb5f6871c96568bf85190ee74289f1d1f363fea0

Download Submit
\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll

Filesize
25.7MB

MD5
a7b28efe1c5d15f3a3f99756aadcea0e

SHA1
d60c036e436d570ef62a71157a37173deb036b26

SHA256
05b40c68ba874537a76a3c03ce094884e288a2c7055fb99329bad3bc2104cf04

SHA512
7bd42ac92b2f5c67c9c24f5adcc136d342f92c48ddc07dff31f44827c57bdf621deabf890fee0dd19dadd7eeee7c9e16cfad630da538a24b1ef7849498f57972

Download Submit
\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe

Filesize
4.6MB

MD5
69b20702debc005cd1da0906b4a3c4f5

SHA1
3194ec345ed795b0e86d46ee88bfb8781c681c82

SHA256
4bd5f244c5ee6adab8d3f20654eb4d3b418cd214a8abdf8fd4392310927c1413

SHA512
0696b0ebf05ca8d3a6e2bd1fefeaca8d507d54d2398a05bf13fda2cf516206258d0d4973625a21088eb27fc332b4ec3f44e363fd63b4cb3ecf1ea4b093c039b7

Download Submit
\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti

Filesize
396KB

MD5
536779defa7ebb2165d41122bd8ace87

SHA1
4e7d6e127d0a94532aab4659f6b5a42a8022f3cb

SHA256
b7fa5f052f405c8aa098f50f1c5ce9f3c3896004f9255b1e34a3409aeab703f4

SHA512
d709bc613b053de587a6bb96d640559459e7ddb08a8313f38203de8209f2f58095e85d275c68b1ccaa7934b6251808d2ed0c46e185bd216ef3244ecfd5459992

Download Submit
\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti

Filesize
1.6MB

MD5
fe8b28be09159d582285f78239905b35

SHA1
ecbc2529f7fd03e192fdda941ddb8e3840a228b0

SHA256
d6efd4aa7adfd0642ecaeae12edf2452aa6566fb7d2d806286571f6f49dd9d04

SHA512
04d21e6fa8b426f1819cb792e41538ff8660b8d591a577b038cf05cb99cdf2ece7b20c53acbae496ff05e4776b15f62d61857f87685d3f4fa9edf67bbd233a89

Download Submit
\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti

Filesize
420KB

MD5
6d00695b79be2ba620701bda4b800cc0

SHA1
0e7c85a9ad7b170c5dd924582f3c837e2d454bc4

SHA256
38ca2493379aaf59be3613ad67c25fbe6955dcf54d850d43f753b10a407088ad

SHA512
5d6189302a25513cde277d623ef9ae471652a530fb90d1d619fd2d9d53e622faa25a56560ed63cf037874be552e34a1da512ff736a02807aa1babeccaedcf4ea

Download Submit
\Program Files (x86)\Google\Picasa3\uninstall.exe

Filesize
207KB

MD5
3a08977adc09a57df210e6966660046b

SHA1
53647d418ae8548d0359edcf51b80a6f3a43d877

SHA256
002e9254e29d6dc9e760ea08bfc1a0de4ebf887d4b4580df0355eb44420d9cd0

SHA512
fe79f6c6c8003c14885049c0c33e1147b25e6ddc68911f5a717837b56809e8f9cfa6984b422f4912c45c835f9007f11d0e99db30dfcc0d8ea759461819961998

Download Submit
\Users\Admin\AppData\Local\Temp\nsdD05B.tmp\NSIS_Picasa_Unicode.dll

Filesize
116KB

MD5
ba1fab5556089b2f83b816dde35c6132

SHA1
5318b0c62b993377de2e0295f1e2b7a1675c595e

SHA256
9e95b4566ea243c0a6743b5b0626fcf18ec98e38415b62f94f6cbf38276d7fc4

SHA512
4c04e5ce6cb339ad22a77889c11775a263ef13322f37bc9c982ff208852b091809a0c63a7c9515949f81f3ab253a417f93adc6d2eeed9a801f2254fbb5236a50

Download Submit
\Users\Admin\AppData\Local\Temp\nsdD05B.tmp\StdUtils.dll

Filesize
22KB

MD5
56902114955a13ec66bd3a43eaeb46ed

SHA1
0d0bf7e94dad5b04b6da52ed5e4425b17355e10d

SHA256
5b7070e98320f38cd913893c813e59863ec833ec598208f5d33217a120e3e043

SHA512
028c79ff7b4c3b9e731904108dfdfe359bab1c29b53feea758714c7d8e86a1c93193cf80b3e41d691e6a4da08c2de18851a6ff53ac4e612c1000b1930780251c

Download Submit
\Users\Admin\AppData\Local\Temp\nsdD05B.tmp\System.dll

Filesize
11KB

MD5
3e6bf00b3ac976122f982ae2aadb1c51

SHA1
caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

SHA256
4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

SHA512
1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

Download Submit
\Users\Admin\AppData\Local\Temp\nsdD05B.tmp\nsDialogs.dll

Filesize
9KB

MD5
dbdbf4017ff91c9de328697b5fd2e10a

SHA1
b597a5e9a8a0b252770933feed51169b5060a09f

SHA256
be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36

SHA512
3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10

Download Submit
\Windows\SysWOW64\GPhotos.scr

Filesize
4.4MB

MD5
404c6c3c3a59784456da52660f86c52b

SHA1
b3917505f1374e002e480b0f9684945c57b73a98

SHA256
7479d71a52d7a638fe6cd6d0e494b8a6cacd8a5cb04a3ebe8d95dd30023901dc

SHA512
9b997a67b91b16d365c94f102e4d12fb313593cf4c444fbaa7f2d2d1e882659b03b8199de6eff9ea65c2a3fa9d646bb2ecec4c952e99da6f96fcef3af11ca256

Download Submit
memory/1432-1350-0x0000000003270000-0x00000000032DE000-memory.dmp

Filesize
440KB

Download
memory/1432-1346-0x0000000003F10000-0x00000000040AF000-memory.dmp

Filesize
1.6MB

Download
memory/1432-1342-0x0000000003EA0000-0x0000000003F08000-memory.dmp

Filesize
416KB

Download
memory/2348-1295-0x00000000004B0000-0x00000000004CF000-memory.dmp

Filesize
124KB

Download
memory/2348-1316-0x00000000049D0000-0x00000000049D2000-memory.dmp

Filesize
8KB

Download