hxxp://drive[.]google[.]com

Analysis

max time kernel
279s
max time network
277s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-10-2024 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://drive.google.com

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe	GoogleUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0"	GoogleUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 24 IoCs

pid	Process
3664	GoogleDriveSetup.exe
1144	GoogleUpdateSetup.exe
3340	GoogleUpdate.exe
3224	GoogleUpdate.exe
476	GoogleUpdate.exe
560	GoogleUpdateComRegisterShell64.exe
1636	GoogleUpdateComRegisterShell64.exe
3408	GoogleUpdateComRegisterShell64.exe
2640	GoogleUpdate.exe
2996	GoogleDriveSetup.exe
3244	GoogleUpdateSetup.exe
2060	GoogleUpdate.exe
4268	GoogleUpdate.exe
2052	GoogleUpdate.exe
3204	GoogleDriveSetup.exe
4984	GoogleUpdateSetup.exe
4092	GoogleUpdate.exe
1736	GoogleUpdate.exe
4244	GoogleUpdate.exe
5044	GoogleDriveSetup.exe
4608	GoogleUpdateSetup.exe
3788	GoogleUpdate.exe
3164	GoogleUpdate.exe
1864	GoogleUpdate.exe

Loads dropped DLL 19 IoCs

pid	Process
3340	GoogleUpdate.exe
3224	GoogleUpdate.exe
476	GoogleUpdate.exe
560	GoogleUpdateComRegisterShell64.exe
476	GoogleUpdate.exe
1636	GoogleUpdateComRegisterShell64.exe
476	GoogleUpdate.exe
3408	GoogleUpdateComRegisterShell64.exe
476	GoogleUpdate.exe
2640	GoogleUpdate.exe
2060	GoogleUpdate.exe
4268	GoogleUpdate.exe
2052	GoogleUpdate.exe
4092	GoogleUpdate.exe
1736	GoogleUpdate.exe
4244	GoogleUpdate.exe
3788	GoogleUpdate.exe
3164	GoogleUpdate.exe
1864	GoogleUpdate.exe

Modifies system executable filetype association 2 TTPs 8 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\lnkfile\shellex\ContextMenuHandlers\DriveFS 28 or later	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\DriveFS 28 or later\ = "{EE15C2BD-CECB-49F8-A113-CA1BFC528F5B}"	GoogleDriveSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\lnkfile\shellex\ContextMenuHandlers\DriveFS 28 or later	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\DriveFS 28 or later\ = "{EE15C2BD-CECB-49F8-A113-CA1BFC528F5B}"	GoogleDriveSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\lnkfile\shellex\ContextMenuHandlers\DriveFS 28 or later	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\DriveFS 28 or later\ = "{EE15C2BD-CECB-49F8-A113-CA1BFC528F5B}"	GoogleDriveSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\lnkfile\shellex\ContextMenuHandlers\DriveFS 28 or later	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\DriveFS 28 or later\ = "{EE15C2BD-CECB-49F8-A113-CA1BFC528F5B}"	GoogleDriveSetup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\locales\ru.pak	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_storage_grey_24px.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\preferences_dialog.bin	GoogleDriveSetup.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.51\goopdateres_cs.dll	GoogleUpdate.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_warning_orange_24px.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\photos_logo_outline.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\libcef.dll	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\locales\fi.pak	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\Selling-point-3-dark.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_upload_grey_24px.svg	GoogleDriveSetup.exe
File created	C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_no.dll	GoogleUpdateSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\chrome_elf.dll	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\locales\en-GB.pak	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_folder_with_drive_and_checkmark_light.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\workspace_blue_cloud_dark.png	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_info_blue_24px.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\Folder-offline-mac-light-static.png	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_error_red.png	GoogleDriveSetup.exe
File created	C:\Program Files (x86)\Google\Temp\GUME173.tmp\GoogleUpdateBroker.exe	GoogleUpdateSetup.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.51\GoogleUpdateComRegisterShell64.exe	GoogleUpdate.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\search_dialog.bin	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\locales\am.pak	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\locales\lv.pak	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\uninstall.exe	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_warning_orange_24px.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\Folder-offline-mac-light-animated.gif	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\locales\ta.pak	GoogleDriveSetup.exe
File created	C:\Program Files (x86)\Google\Temp\GUM72A.tmp\GoogleUpdateSetup.exe	GoogleUpdateSetup.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.51\goopdateres_ja.dll	GoogleUpdate.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\Compare-Drive-sync.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_cloud_24px.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\locales\hu.pak	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_folder_with_drive_logo_outline.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\preferences_dialog.css	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\locales\sr.pak	GoogleDriveSetup.exe
File created	C:\Program Files (x86)\Google\Temp\GUM79AB.tmp\goopdateres_tr.dll	GoogleUpdateSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_computer_24px.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_loading.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\GoogleSansText-Medium.ttf	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\Folder-offline-windows-dark-static.png	GoogleDriveSetup.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.51\goopdateres_th.dll	GoogleUpdate.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_done_all_green700_24dp.svg	GoogleDriveSetup.exe
File created	C:\Program Files (x86)\Google\Temp\GUM79AB.tmp\GoogleUpdateHelper.msi	GoogleUpdateSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\dot_onboarding.bin	GoogleDriveSetup.exe
File created	C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\GoogleUpdateCore.exe	GoogleUpdateSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_person_add_24px.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\locales\hi.pak	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_computer_24px.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\drive_logo_outline.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\Onboarding-success.svg	GoogleDriveSetup.exe
File created	C:\Program Files (x86)\Google\Temp\GUM79AB.tmp\goopdateres_ar.dll	GoogleUpdateSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\Compare-Drive-sync.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\dot.css	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\Onboarding-all-set.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\preferences_dialog.bin	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\Setting-up-dark.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\Selling-point-1.svg	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\roboto-700.woff2	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\GoogleSans-500-Greek.woff2	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\home_dialog_home_dialog_module.js	GoogleDriveSetup.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.51\goopdateres_lv.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.51\psuser.dll	GoogleUpdate.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\GoogleSansText-Regular.ttf	GoogleDriveSetup.exe
File created	C:\Program Files\Google\Drive File Stream\97.0.1.0\html\monitor_dialog.css	GoogleDriveSetup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\GoogleDriveSetup.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdateSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdateSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdateSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdateSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2640	GoogleUpdate.exe
2052	GoogleUpdate.exe
4244	GoogleUpdate.exe
1864	GoogleUpdate.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725498743395562"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\ = "IJobObserver2"	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{C973DA94-CBDF-4E77-81D1-E5B794FBD146}\InProcServer32	GoogleDriveSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{EE15C2BD-CECB-49F8-A113-CA1BFC528F5B}\Version	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C973DA94-CBDF-4E77-81D1-E5B794FBD146}\Version\ = "1.0"	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8AD5CECD-DF0D-41C3-BA21-1E22114CC73C}\InProcServer32\ThreadingModel = "Apartment"	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32\ = "{C3EA5C5C-31DF-437F-95E2-BCE4B2E83EE9}"	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F1196F08-BAFE-4C9C-AEE7-71C69DA5B818}\InProcServer32\ = "C:\\Program Files\\Google\\Drive File Stream\\97.0.1.0\\drivefsext.dll"	GoogleDriveSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{03E6C474-8D95-4C1B-9268-4AA3FA16DE4F}\Version	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32\ = "{C3EA5C5C-31DF-437F-95E2-BCE4B2E83EE9}"	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\AppID = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods\ = "4"	GoogleUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\VERSIONINDEPENDENTPROGID	GoogleUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\Elevation\Enabled = "1"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ = "IAppCommand2"	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ = "ICredentialDialog"	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{F1196F08-BAFE-4C9C-AEE7-71C69DA5B818}\TypeLib	GoogleDriveSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\ = "ICoCreateAsync"	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E27EC053-3263-4908-8ECD-5AFDFB754728}\1.0\0\win64\ = "C:\\Program Files\\Google\\Drive File Stream\\97.0.1.0\\drivefsext.dll"	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03E6C474-8D95-4C1B-9268-4AA3FA16DE4F}\ = "Meet Outlook Add-in Provider"	GoogleDriveSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{A8E52322-8734-481D-A7E2-27B309EF8D56}	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8E52322-8734-481D-A7E2-27B309EF8D56}\ = " GoogleDriveCloudOverlayIconHandler"	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ = "ServiceModule"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\NumMethods\ = "10"	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{A8E52322-8734-481D-A7E2-27B309EF8D56}\InProcServer32	GoogleDriveSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NumMethods	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F1196F08-BAFE-4C9C-AEE7-71C69DA5B818}\TypeLib\ = "{E27EC053-3263-4908-8ECD-5AFDFB754728}"	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE15C2BD-CECB-49F8-A113-CA1BFC528F5B}\ = "DriveFS ContextMenu Handler"	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods\ = "5"	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback\CLSID\ = "{598FE0E5-E02D-465D-9A9D-37974A28FD42}"	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\PROGID	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE15C2BD-CECB-49F8-A113-CA1BFC528F5B}\TypeLib\ = "{E27EC053-3263-4908-8ECD-5AFDFB754728}"	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\NumMethods\ = "11"	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{03E6C474-8D95-4C1B-9268-4AA3FA16DE4F}\InProcServer32	GoogleDriveSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ = "IProgressWndEvents"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{E27EC053-3263-4908-8ECD-5AFDFB754728}\1.0\FLAGS	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\ = "IAppVersion"	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E27EC053-3263-4908-8ECD-5AFDFB754728}\1.0\ = "DriveFSExtensionLib"	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ProgID\ = "GoogleUpdate.OnDemandCOMClassMachineFallback.1.0"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51EF1569-67EE-4AD6-9646-E726C3FFC8A2}\TypeLib\ = "{E27EC053-3263-4908-8ECD-5AFDFB754728}"	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03E6C474-8D95-4C1B-9268-4AA3FA16DE4F}\ProgId\ = "DriveFSExtensionLib.Meet.1"	GoogleDriveSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\DriveFSExtensionLib.Meet\CurVer	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ = "Google Update Broker Class Factory"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{03E6C474-8D95-4C1B-9268-4AA3FA16DE4F}\InProcServer32	GoogleDriveSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{A8E52322-8734-481D-A7E2-27B309EF8D56}\Version	GoogleDriveSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{F1196F08-BAFE-4C9C-AEE7-71C69DA5B818}\InProcServer32	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachine.1.0\CLSID\ = "{521FDB42-7130-4806-822A-FC5163FAD983}"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{8AD5CECD-DF0D-41C3-BA21-1E22114CC73C}	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03E6C474-8D95-4C1B-9268-4AA3FA16DE4F}\TypeLib\ = "{E27EC053-3263-4908-8ECD-5AFDFB754728}"	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ = "IGoogleUpdate3"	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachine\CLSID\ = "{521FDB42-7130-4806-822A-FC5163FAD983}"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\VersionIndependentProgID	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{A8E52322-8734-481D-A7E2-27B309EF8D56}	GoogleDriveSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\NumMethods	GoogleUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\PROGID	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalizedString = "@C:\\Program Files (x86)\\Google\\Update\\1.3.36.51\\goopdate.dll,-3000"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03E6C474-8D95-4C1B-9268-4AA3FA16DE4F}\Version\ = "1.0"	GoogleDriveSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync.1.0\CLSID\ = "{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\NumMethods	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\VersionIndependentProgID	GoogleUpdate.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\GoogleDriveSetup.exe:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3740	Winword.exe
3740	Winword.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
3340	GoogleUpdate.exe
3340	GoogleUpdate.exe
3340	GoogleUpdate.exe
3340	GoogleUpdate.exe
3340	GoogleUpdate.exe
3340	GoogleUpdate.exe
3340	GoogleUpdate.exe
3340	GoogleUpdate.exe
3340	GoogleUpdate.exe
3340	GoogleUpdate.exe
3664	GoogleDriveSetup.exe
3664	GoogleDriveSetup.exe
2060	GoogleUpdate.exe
2060	GoogleUpdate.exe
2060	GoogleUpdate.exe
2060	GoogleUpdate.exe
2996	GoogleDriveSetup.exe
2996	GoogleDriveSetup.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
4092	GoogleUpdate.exe
4092	GoogleUpdate.exe
4092	GoogleUpdate.exe
4092	GoogleUpdate.exe
3204	GoogleDriveSetup.exe
3204	GoogleDriveSetup.exe
3788	GoogleUpdate.exe
3788	GoogleUpdate.exe
3788	GoogleUpdate.exe
3788	GoogleUpdate.exe
5044	GoogleDriveSetup.exe
5044	GoogleDriveSetup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4788	OpenWith.exe

Suspicious behavior: LoadsDriver 7 IoCs

pid	Process
652	Process not Found
652	Process not Found
652	Process not Found
652	Process not Found
652	Process not Found
652	Process not Found
652	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
3664	GoogleDriveSetup.exe
1144	GoogleUpdateSetup.exe
3340	GoogleUpdate.exe
3224	GoogleUpdate.exe
476	GoogleUpdate.exe
560	GoogleUpdateComRegisterShell64.exe
1636	GoogleUpdateComRegisterShell64.exe
3408	GoogleUpdateComRegisterShell64.exe
2640	GoogleUpdate.exe
2996	GoogleDriveSetup.exe
3244	GoogleUpdateSetup.exe
2060	GoogleUpdate.exe
4268	GoogleUpdate.exe
2052	GoogleUpdate.exe
3204	GoogleDriveSetup.exe
4984	GoogleUpdateSetup.exe
4092	GoogleUpdate.exe
1736	GoogleUpdate.exe
4244	GoogleUpdate.exe
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
3740	Winword.exe
3740	Winword.exe
3740	Winword.exe
3740	Winword.exe
3740	Winword.exe
3740	Winword.exe
3740	Winword.exe
3740	Winword.exe
5044	GoogleDriveSetup.exe
4608	GoogleUpdateSetup.exe
3788	GoogleUpdate.exe
3164	GoogleUpdate.exe
1864	GoogleUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 4288	4876	chrome.exe	78
PID 4876 wrote to memory of 4288	4876	chrome.exe	78
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 4888	4876	chrome.exe	79
PID 4876 wrote to memory of 2852	4876	chrome.exe	80
PID 4876 wrote to memory of 2852	4876	chrome.exe	80
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81
PID 4876 wrote to memory of 4764	4876	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://drive.google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed68acc40,0x7ffed68acc4c,0x7ffed68acc58
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,873143071211754275,13111567253573948665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1932,i,873143071211754275,13111567253573948665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,873143071211754275,13111567253573948665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3012,i,873143071211754275,13111567253573948665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3020,i,873143071211754275,13111567253573948665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3528,i,873143071211754275,13111567253573948665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4648,i,873143071211754275,13111567253573948665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3336,i,873143071211754275,13111567253573948665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5196,i,873143071211754275,13111567253573948665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5252,i,873143071211754275,13111567253573948665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5536,i,873143071211754275,13111567253573948665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2880
- C:\Users\Admin\Downloads\GoogleDriveSetup.exe
  "C:\Users\Admin\Downloads\GoogleDriveSetup.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system executable filetype association
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3664
- - C:\Users\Admin\AppData\Local\Temp\GoogleUpdateSetup_241004211233_3664\GoogleUpdateSetup.exe
    "GoogleUpdateSetup.exe" /install "runtime=true&needsadmin=true" /silent
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1144
  - - C:\Program Files (x86)\Google\Temp\GUM72A.tmp\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Temp\GUM72A.tmp\GoogleUpdate.exe" /install "runtime=true&needsadmin=true" /silent
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:3340
    - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3224
    - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:476
      - C:\Program Files (x86)\Google\Update\1.3.36.51\GoogleUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Google\Update\1.3.36.51\GoogleUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:560
      - C:\Program Files (x86)\Google\Update\1.3.36.51\GoogleUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Google\Update\1.3.36.51\GoogleUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Program Files (x86)\Google\Update\1.3.36.51\GoogleUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Google\Update\1.3.36.51\GoogleUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3408
    - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi41MSIgc2hlbGxfdmVyc2lvbj0iMS4zLjM2LjUxIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezA0RjlCMDNELUJFQ0ItNDBCNi1CQjVFLTQyMEMxNEQ5QTQ2QX0iIHVzZXJpZD0iezA4OTM0MzFFLTdGMjMtNDY2Ri05Q0RDLUUyNDEzNTE1NjgwQn0iIGluc3RhbGxzb3VyY2U9Im90aGVyaW5zdGFsbGNtZCIgcmVxdWVzdGlkPSJ7RUFBQ0FEMkYtREY5MS00RjkzLTk2MDYtRDM0MjM4OEM4NzNCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IjEuMy4zNi4zNzEiIG5leHR2ZXJzaW9uPSIxLjMuMzYuNTEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNzM0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=964,i,873143071211754275,13111567253573948665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2156

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4460

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:704

C:\Users\Admin\Downloads\GoogleDriveSetup.exe
"C:\Users\Admin\Downloads\GoogleDriveSetup.exe"
1⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2996
- C:\Users\Admin\AppData\Local\Temp\GoogleUpdateSetup_241004211303_2996\GoogleUpdateSetup.exe
  "GoogleUpdateSetup.exe" /install "runtime=true&needsadmin=true" /silent
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3244
- - C:\Program Files (x86)\Google\Temp\GUM79AB.tmp\GoogleUpdate.exe
    "C:\Program Files (x86)\Google\Temp\GUM79AB.tmp\GoogleUpdate.exe" /install "runtime=true&needsadmin=true" /silent
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2060
  - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /healthcheck
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4268
  - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi41MSIgc2hlbGxfdmVyc2lvbj0iMS4zLjM2LjUxIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezY1RTNEQ0NELTRFOTktNEE0OC04NzA5LUVCNjY2QzNCOTA4OH0iIHVzZXJpZD0iezA4OTM0MzFFLTdGMjMtNDY2Ri05Q0RDLUUyNDEzNTE1NjgwQn0iIGluc3RhbGxzb3VyY2U9Im90aGVyaW5zdGFsbGNtZCIgcmVxdWVzdGlkPSJ7OUYwQUJERTEtREZFNi00MzM0LThDQ0UtRUE4Q0YxQjMxMkVFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IjEuMy4zNi41MSIgbmV4dHZlcnNpb249IjEuMy4zNi41MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxNzEiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      Suspicious use of SetWindowsHookEx
      PID:2052

C:\Users\Admin\Downloads\GoogleDriveSetup.exe
"C:\Users\Admin\Downloads\GoogleDriveSetup.exe"
1⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3204
- C:\Users\Admin\AppData\Local\Temp\GoogleUpdateSetup_241004211322_3204\GoogleUpdateSetup.exe
  "GoogleUpdateSetup.exe" /install "runtime=true&needsadmin=true" /silent
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4984
- - C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\GoogleUpdate.exe
    "C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\GoogleUpdate.exe" /install "runtime=true&needsadmin=true" /silent
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4092
  - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /healthcheck
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1736
  - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi41MSIgc2hlbGxfdmVyc2lvbj0iMS4zLjM2LjUxIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0ie0E4REVENUVFLTkwQzctNEIzQy1CN0I2LUE5NzREMEQzMDI4Q30iIHVzZXJpZD0iezA4OTM0MzFFLTdGMjMtNDY2Ri05Q0RDLUUyNDEzNTE1NjgwQn0iIGluc3RhbGxzb3VyY2U9Im90aGVyaW5zdGFsbGNtZCIgcmVxdWVzdGlkPSJ7MzZCRTVCQjUtRjdGMy00NzU1LUFBNDgtNzIyOUE5MEFBQjc2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IjEuMy4zNi41MSIgbmV4dHZlcnNpb249IjEuMy4zNi41MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyNTAiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      Suspicious use of SetWindowsHookEx
      PID:4244

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4788
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Desktop\GoogleDriveFSSetupLog_241004211330\GoogleDFSSetup_241004211225_3664.log"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:3740

C:\Users\Admin\Downloads\GoogleDriveSetup.exe
"C:\Users\Admin\Downloads\GoogleDriveSetup.exe"
1⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5044
- C:\Users\Admin\AppData\Local\Temp\GoogleUpdateSetup_241004211540_5044\GoogleUpdateSetup.exe
  "GoogleUpdateSetup.exe" /install "runtime=true&needsadmin=true" /silent
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4608
- - C:\Program Files (x86)\Google\Temp\GUME173.tmp\GoogleUpdate.exe
    "C:\Program Files (x86)\Google\Temp\GUME173.tmp\GoogleUpdate.exe" /install "runtime=true&needsadmin=true" /silent
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3788
  - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /healthcheck
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3164
  - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi41MSIgc2hlbGxfdmVyc2lvbj0iMS4zLjM2LjUxIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezAyMzk3MDdCLTA1OUEtNDdBMy1BMDgwLUE2RTMwQTQ2QUMyQ30iIHVzZXJpZD0iezA4OTM0MzFFLTdGMjMtNDY2Ri05Q0RDLUUyNDEzNTE1NjgwQn0iIGluc3RhbGxzb3VyY2U9Im90aGVyaW5zdGFsbGNtZCIgcmVxdWVzdGlkPSJ7MDkyREMwQTItRjY2NS00RjEyLUIwNzktMkI0OTc5QjhDRTkzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IjEuMy4zNi41MSIgbmV4dHZlcnNpb249IjEuMy4zNi41MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyMDMiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      Suspicious use of SetWindowsHookEx
      PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Temp\GUM72A.tmp\GoogleCrashHandler.exe

Filesize
286KB

MD5
e8efff9e03f5eb49c5205b739d4e5698

SHA1
acd6f130238fe953ec023cc3c3c596384cab2d23

SHA256
48374326938273e5804c33c4355d72cc4bb470421527a53b1c30cc0d1247dca6

SHA512
e0098c1f14e82ec9c2591ccb2815ad5c619b2a80b74004673896063d871f5738400030e1a484f7a5a0e08c6b5e10ad14cf2d98f7d6d4df8b4fbf01936d6c1333

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\GoogleCrashHandler64.exe

Filesize
365KB

MD5
cfbc1f97cc7e387223399a39c6425f91

SHA1
1edf91b84494cba598dca076d060ea4b9130d55a

SHA256
06d800a11205b5fbee8b6a29671f78d72f1b27cd484f8307ebc79b53e6f0db7a

SHA512
2a7296aa615db963b5a5ab3ad29cd64875e91087fc7572f5ab27f3d458436c2552d56451e9cca91f1d983d283066d027127d088df6797cc912c16f122280c496

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\GoogleUpdate.exe

Filesize
151KB

MD5
3aa2c853d6bc7af7f2f9b8a934943efd

SHA1
9660c6086b4936d1ad9de462b91547c937fb4c41

SHA256
07034876b9ec0b59432b96fedb7e10e332440159f9802faad5f5b99f01885f6b

SHA512
6fbe601cd2fd9aa067813f089d17e141915fca457b2def394c6ca3248d786a4238a881a8ddf923aa9fb3d36c5e96f704ee06bf680368a8cc534f28976423bb2c

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\GoogleUpdateComRegisterShell64.exe

Filesize
178KB

MD5
ed9a0098d3115a7a0d2a46c5bc1a2487

SHA1
d8f742ff55a401bcb742ca1a142611b4cd695742

SHA256
13cc01c5c92a0465d7ceff6e6b576ac001e07f29176565f38805013b252e4142

SHA512
959d0a1dc524bc2d2c2158345d1c7d36995f6d418f0b8d910bc353b5d2795320c8be52cef050f4e13b1ca89d06ac61dfc0813984421c8a235b4dd6c5a08a04ec

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\GoogleUpdateCore.exe

Filesize
214KB

MD5
7717d49466ee1c823c7d041a57b4c1ee

SHA1
14fdffeb640f897c120870155f7fb2c8ea62af44

SHA256
a3065658d885d13999de771a234763698f7c34849ab81ca00efdaf327e4e59e9

SHA512
1fa3c32a0c784a692244e354179a4361fc8f94a7723a5d11cd335855bd84d6616172f1d286ceb3d526eb6d10f1df6e51470e6c7bf95eedac7026d9be13f72f32

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdate.dll

Filesize
1.9MB

MD5
fdad9777ddee7ec26b36e888aaa71d4f

SHA1
eb8279fbe23358085755c2f107eae513178d9266

SHA256
d5abed592dc5b84cc26e8881b7d8ebd8efea8faa3934737e2904329ad92e272a

SHA512
4ad581f2b4b1b082f23bbe490444883225d8c4ce8918fe5cda87514a8d82f1f91422cd5e5c48341818a12316183095c308b8acaf27af690cd028de6b64fc4849

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_am.dll

Filesize
46KB

MD5
063627a1cc164a9e01c5d2232b4cb1fe

SHA1
37023cf51fe6f3a19da122ae06545cf15f8f98dc

SHA256
a4025e23b677c8fd36d09ac3f39334790d9154fb6a4983a406a0faefae742b15

SHA512
9f735fb0ce98d60c93fee97e683ac45c1625dd2e07b05b015b11ba12a34db9f4a0a002588c8eba8acfb269a69163b910654a93758f1a6cb63502e2361c97040a

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_ar.dll

Filesize
45KB

MD5
21247d0d53ed7f1c3bf7438e0fe9d95e

SHA1
ef133d0be86cb06ce1d6ee69a2a36d25d399f81c

SHA256
f747c20d48635d4dc203b7ca760b89766928875a436672b0a3958a7cc54a5614

SHA512
96ad4c291982816d450fc0012b0800d1dfb1c7deca58091724e8c99f16dd8f3edace1450a0fb44549781f3d65750e839036f959e1a80c0cf11c60d0ca3043ca0

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_bg.dll

Filesize
48KB

MD5
4892125afcb8473e42b18f307b971629

SHA1
fef0e69890f3035de38e8bff38e531b7901add3d

SHA256
15a30a47e9153f060240c802df3592730a1975b528d1c1c1de557bfd606a80e3

SHA512
3519bbd73717b1a46b619563df7d3f3b05b34c9b10d09c86ef57d4258d3a748b7461b94dc296596b93ab5852e300fcdeb4e7986d9ce87a02359f961a18f3f0f2

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_bn.dll

Filesize
48KB

MD5
2a9a7d576e6dd89bb3e1605eea50e818

SHA1
5d5792a44047f57bcea08a8754bb81e68318064a

SHA256
4cd7c118f283f549c6c75da44b9cff333e3865a25d648eff7bf5d33b2ee8ae43

SHA512
34eb973c4cdcb06dbc883ac671aca9e30a49446f68355b70c1757dc2cd89ebd55b454d98a582dd336432f7587b5a1154a9084846bd5b01aaf2b2324a2703fe5a

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_ca.dll

Filesize
48KB

MD5
b5c5dff00808acf8f8488b28069f538a

SHA1
f71f422db98ce92f481da1605db0808da72577dc

SHA256
ca5dbe2a2439851310dfd2107a43292608fcc27de2cc56a52e9b0d8f00314b21

SHA512
6394a8ec122eab880443abde1305c9d5376b77440164791f451b4f088ad54650d9cb21c3570287520983afca408630e5c40f578dd1c4a04719c7f576f101bcdb

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_cs.dll

Filesize
47KB

MD5
57b51baa81b5ac8219ff2393be470660

SHA1
7777a0e42f50adbf85942bddc87786c1ab3270cb

SHA256
70a5ee3f83a521021cb9459fe559ab9545a340a540d91068bf8ded01ea4009c2

SHA512
e2da254588625cd2493ef3dbbba96496a00e1d2ab40196115f66a2d21b5ed001be5ef051b838c7f3efd50472b672777ae465c55551e397987d2c0c3c208e9871

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_da.dll

Filesize
47KB

MD5
b97007a5c0cbc73e609ae650de7b3578

SHA1
dde25dcebd4643d06cab00140111a1a86368c72d

SHA256
767458eb9fba15470d18e0d1612b957154369cb483423729325cbed89c04c86e

SHA512
454176f9d5948cd4cb033a75a189ebbe59bc51973214a40357142373a31d385fd45be3131ae0387d16c8def9748aede0aa5a400a027a36a10875ad3260ee0f83

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_de.dll

Filesize
49KB

MD5
021af2acf16063a70aafb8f11c38efea

SHA1
8f4dbb01c8890d5cd84571a15021e92a2bedf01e

SHA256
6697cd2cc26c31f1550d3cf1230ee8efe25d91ed9b4cdcec3f420d72c030bb10

SHA512
0214dfd395e648751b192f1a1cb93316c3d70d27f9932f633fc3d68bc62b84ff6ade0ceca46f83a49d5ba4085e8d9c250758ab218a5e0ac09a963c79d66984f8

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_el.dll

Filesize
48KB

MD5
d90357160322dae26a45d990a1ea5d9f

SHA1
f6ef7037978962a0b3ec9b64715d88e2dae91576

SHA256
c57103fcb12e6d497894e27f3352f40d7b88de527a470b0a31ad0cb133ede98b

SHA512
e95e3a66b757dcb19137e124874c88facbfc0f0042bead574de711adfb19a4ad51fdfef572b665d1ce8445b0faa6ab3c2891d71fa430b43b194f4f753c52139a

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_en-GB.dll

Filesize
46KB

MD5
90d14a0cee59c93d4e10a3fa452c56bb

SHA1
dc86d7063ff67878125bb3ae5c4eaa065ee88c76

SHA256
2e05aa8ef7d25a18e3aef2a6e0733942adbeec379a26f56baa1c69c0234e851b

SHA512
ae88011b3889c9c5c8ba394c9b91694148aa71fef02b72205504fca1155da6b15cb25d5b03349fde85c9fd26d7140f5a82849ad7ccee530e20af7e1221dbb91d

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_en.dll

Filesize
46KB

MD5
c34d467851020038a00404892dcf2805

SHA1
edeb87618fca5565d66a8ee95bc6e1437b194599

SHA256
7155dae04f8612b613e6a4319d15eedfb8dead5dc50a97e28a6d0aad055cd40e

SHA512
9351441b89c727e46d0b803561aa5e85d7b72f241def7675f849ad4f0acdbfe465d5df594da8760c480b82448da310a6bcea34dcd4111730e628967b37c84e67

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_es-419.dll

Filesize
47KB

MD5
cb74e66220434f5867a74318ee3d7a53

SHA1
e971cac51a23a7a6fd8e89026becd4081e08c818

SHA256
ab339a8d9dc684d7fbaf663640d20116e9fbba3df9595827ef5e349095c752bc

SHA512
0be263ffd397d788be2d93fad772c46e110582af2290c5baedd64d4fbbba358232cb36d6d9527b9522a595132bc57df5da54dd75ed223d0972efbf5a9d553df2

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_es.dll

Filesize
49KB

MD5
078a63de8547809de283934035810a5d

SHA1
af533a7d4939e4566359626faef187175925935c

SHA256
9f9f1585ca62c0e3b8837861611152bc920476bf5f90864eed3f2c468bcf14f4

SHA512
44e11b286418b8cfa7e018b4ca41794d6b62047858572e7096841ed4e48f318837b53b591c545c1121945c6801d5679e32aa4c9399c28f0aafcbec2611591899

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_et.dll

Filesize
46KB

MD5
60c32fd870fc131ab4b565ea8d4e96a2

SHA1
6a04e8c40ae39325de2aa724e14c0dc20148bbeb

SHA256
36b3a3c79ee4cfa76b887bcfb3a974e58e464cd571d2f0bf067b2debd531315d

SHA512
85c5b04d1d0d65f470acdd47ece8db43ace7702f9ff6c025f359bbbab5e126f0bd14105c9d3ae460fa185d940d4f25f57b9e511ff6ca014a760b18fc062a7094

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_fa.dll

Filesize
46KB

MD5
bcbc803f85d3c30089bdf50bb226ab66

SHA1
ce91e08c9de3f041f2b633e2a0569912aba44c85

SHA256
45c91146eb671cb1a57a89a014e6e6ff3b3b81d2eaef00c73181463fecc4045e

SHA512
c92affcf728c443cff0c86dcafad9f083d76ae91fc92ecd7466f12c57dc66c57811ca4e3b0f65faaf7a5baafb5b7b485c40c5b8157d22bd77a479bb7cd717c10

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_fi.dll

Filesize
47KB

MD5
37cbddefb808ed22289f62ffb4fbb445

SHA1
785ef152b87f07baf70668611e6a00c1c5caa820

SHA256
5df271136734316fbb28b14e13ee5aad247fbaa12a43a045eedbcde03dfd0cf1

SHA512
d8d7d9ef60f5d4efa522f1d4648341267db7d7851214a5dffe0742888fbde531e52e5eaf9497135a04374fb42c5a9b03330b3ad6b8c775873e412fc67ae52348

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_fil.dll

Filesize
48KB

MD5
56113a11375cf6ec43c51b9ef9560f21

SHA1
e555ecb08a249296116f7253d4a1021493cb32ad

SHA256
2948577a8a81d29a101d479b2de123f2972189e5919e467d5dd589c02bf35b55

SHA512
fc3ee21012458ad1c890fb0fbd047d276d1b4cb13022e07b9046ea9a501c9fd402f3c526a95082972b1b111f1c5d2ef5e9a5d45e9251e241bedd787a658084f0

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_fr.dll

Filesize
48KB

MD5
29b646396511a47107cf79e41012092b

SHA1
2e02496cde789ad8becabdba97ac135ef22678f1

SHA256
cf17585398188e77d2e791b0ca1b4d8272380c5ac47d16ac3186b0843132da57

SHA512
d3f2601441cfddb3f6e57129422052c3ce7e4e39587cc32c4d4642b2fbb921af9261978282d59ce57fede1f01690afc135ea29134af2032695a9c7324fcb70b7

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_gu.dll

Filesize
48KB

MD5
223f92841d260ca4dd0c85559bb18260

SHA1
337c6ddd494527c9d6aa94862b84740275415a86

SHA256
85fdc7ba96030e374a1b8e4a6d073f371b96aa4370870ba81704c957be818f33

SHA512
5a0504fbabe18fe48ad919259886344b68aac353f73d5ef41ac250e4945b0412e653987c1e46315425dcb6999a1b141e86762d2c503bc84f9fa6c038981c2684

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_hi.dll

Filesize
47KB

MD5
b467f3f297b5d610e0d50070a8de808a

SHA1
9f865d199c194d681b279a4e71a6a4e93fed2816

SHA256
415b2964ff9104443a9e37243170ece9fac1c0e5b4ca6d354e5fb117b9736fc2

SHA512
e9a5a4c8caae27ed1c8ecf3e3c6914a3061202ead61934e389f5f28ed635628dd2f76fc3aa06981a5d27961bf8307267e1c8e38f42481d6cd0a88ecc8525efe1

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_hr.dll

Filesize
47KB

MD5
9377918eb4b882467456f866307bb950

SHA1
398f518fe591d8f0e807f9d90e0cd079216ccfd6

SHA256
72a0fa5ddc8c65371ce4ef97374f25a1884e5fff963fa90d2f39d08d5907bfeb

SHA512
754e9b1d374cd673185c2ca06e987bd8e0765a2963934a3a432eb45af5aa5c2d94d3e7ad2250401cb37a63d8e57d6421c6ee637920a9b68a150b080c31e7bfcf

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_hu.dll

Filesize
47KB

MD5
b3888b44ee9fc262d2de24ffba0163f1

SHA1
766e3b623356a9cff6ce364cb862ce02aa550140

SHA256
e3ae701c7712bdbfbf8b37f846a438997c17d8e204c121c542d680d3e927b505

SHA512
c7206cb77848c00f57231c3528fbf7667412665432d3a0a5a422fd2fc1d796cfb3636014e859a16cda790f30e3de788794e66223ec9b0fdec6755518034084cb

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_id.dll

Filesize
46KB

MD5
ecc0b9036d66e77fc9c8893478a6e899

SHA1
53fb7a38a8768fa884139b15de1562e09098add8

SHA256
2a43bf3234f71812191a1ff1b0a27dceec01d465420d9bbd3227e18d20f2b518

SHA512
6e6196232af09ed66d313ab102ee84c120ebc1ff228628fceb81afc7da79daa74634b738118203ad7598191c7b1d8a8e0bec385fdfcfc23f453586f3d4344181

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_is.dll

Filesize
47KB

MD5
f08ac641ead71cc153d9804e478016bc

SHA1
e3f7296fc4498258f90ac124165e43d8354f5197

SHA256
68a710d6ce1d3648e6739bc644a2cab6ebeedf2448038bdcc5fe2ec67c86c02a

SHA512
c051c289c1daa7ac586b129edbd964d585dfb9015396d773915195beac163aef4640fe45e1cd441f47c21941fc49a3cbb3bd918978216b50deb392f40348d3a2

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_it.dll

Filesize
48KB

MD5
ef02a86bebd4e1665ce64fdd78481724

SHA1
534cb37437927757b23705775571898647f112d1

SHA256
1791dcb38ce8fe269f43c42e33a988bbab2a437a6fad9ef3ba77c87b6f4cdecc

SHA512
f00f92b19c98aae867f1fd89cc0f2bb485ff44c19be9c75940c0e6197b86d9f36f38ad3db4f790c31c40772831e3c72b7df5609bf8e4acb6134166db3079fce5

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_iw.dll

Filesize
44KB

MD5
c8a7a4749f367750937e89b2602c4451

SHA1
761e8696e1ed6a9d99d4fb3c3704c6462e9cfacf

SHA256
570a48184febb60c7035eca71d923902f589cb5c4f66da0d01f9c56071de25be

SHA512
75253c7ea56c8adebd66af1e9bbcaa8e6f73b77523cab98c565ae8cdde29ed0e7cbeb825db571a06c79fd79d291610db592e007f021b64b47b72a1d3ca31c7c5

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_ja.dll

Filesize
43KB

MD5
9709271cd02b2a9f20583f16b350ccb0

SHA1
c8718188a1f3dfdc7d0e7a09f44158cd461c4518

SHA256
c962f65343eaa730abcc44bbcb3114e18f43665acd600a752bb1f6b40883ee17

SHA512
1edf909d6afdf4d9037e4803fcd3718c8a4f1329fe07a57befefc80605c9201c93c9f2900b28da00a41558d307b8b824faa89748452c81a738c72462f756250a

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_kn.dll

Filesize
48KB

MD5
8651270902cc62dc57f32ddaac809034

SHA1
abf82dda57dda9fca54b702604a7f145dcca0b3a

SHA256
80926b31ff7be1ea9fc53255be0c471be35ca05fdbc98a4be770260d7e4fb4c7

SHA512
2648334bb72e9645ce38e157bf5c42c17c581f5edc634b93d31fa77aec6d652124601309c20c089bdf1349d11a2b5a49232722b754f77da07352657ae8b233f3

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_ko.dll

Filesize
42KB

MD5
bed308e1a3d3851f1c491972ffded880

SHA1
ff6c42e3f5e5d4a589f290d29ed0ac17ce1f2c73

SHA256
68dc348f06b8b92ae908827133e3242220dd5e964d905493fe440e2f6d638865

SHA512
89262050679ce30584fe2b97f97643b180b98918c627436357ecb551c55f9596e660041ea81f723dec73052a89373891178d3b912c71dbc8cdabb19656e49e5f

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_lt.dll

Filesize
46KB

MD5
f056d1cbd2a2b79eee183bed5715dac0

SHA1
0f022635da4c2453231c25810b5502dedd226fd3

SHA256
6a5c0cdcbd9638e6df5579dfa80e5de4147d58bf63caeca36364f678233e680a

SHA512
fbb10c43cfc6bfde70a95568356c47910619d80721a270dea4e21f8b49f2f52794734366de698477430d6d8efd4c43b3374a7e88b800d25e9e8044a5fc62698e

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_lv.dll

Filesize
47KB

MD5
3b2bd6e7ed42184c9576e0b95dddfb8c

SHA1
3f82a478ada7d32952ab8c998421baff29047404

SHA256
466236d452a725676ee6db361d58d084e1cd84e06a4b4a4786466273403bd42c

SHA512
9e03059938b7844c802f1a45fbadc79f7904d38b58591dee1a57a411c16fdb53dad789e73df2f32ecc87d18a869c723e36a81b73deec032ef942926e19340b1d

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_ml.dll

Filesize
50KB

MD5
7a232e7f36dafbc037c06615f23fb206

SHA1
e0752378ff73c89e4c0d585719764480e3bdb4c2

SHA256
b0bb73842a0a9e28d37887bdc03c9252f8334e0a249eced8b5130bc4cdda7db5

SHA512
56907540a29221177d09f74fd2af7319e557afd5b0e13e138956e6570cec82e78c11a2bf6a8d166e6414a978d7fd55b979ffe78bd92ce597e961a4870b45aa08

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_mr.dll

Filesize
48KB

MD5
cb3ff031f063a787b9ea4df4c4affc0e

SHA1
6bc542ef09fa611caf7755d21bed857a96748bfa

SHA256
0195256841232b063f6fbbce8d9e1eca1046aa52a2f3e8765b6d95c643202d9b

SHA512
8d996939cb0007cbe26aa4708baadb254aeba0989076fcffd4931ca6d581dc9855a3790637ef2b48332ac1fb8c3671f5489b74f2d905ab38cb71be5ca8bb5a07

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_ms.dll

Filesize
46KB

MD5
1ff956d5003eb56b8e367586099e2191

SHA1
35a826c35ca35ba556fdd15d5da785852efda006

SHA256
30ea4db1a62825ea1b0668aeec973637279e231954acb0e37074a50a3c7d7756

SHA512
892bdedeabadd4708d1a4c1b167e47caa16d117cdc879c5fa078ce0b648b4fb1a96aeb59c895a71b4795c7c695e0db64133afe75f68dce89a1dffd71e0bd15fd

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_nl.dll

Filesize
48KB

MD5
ded4f2735f7d31a87545ef80a94e3ef7

SHA1
e4420206402cffd7d6cdce11ef338f5100100af5

SHA256
598cd289e973412b9b32603b41888136d2500bc011204e328da89640cceec27e

SHA512
198db33d9b9b7010fb4150ec9a694c35bb8111fc07d4990c547e70f4d69327e76c6565aa387a5238971584beaec0e51ce53030684d8b806d65e21f01c2332301

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_no.dll

Filesize
47KB

MD5
54b28814753ff01bfab732300cea6c28

SHA1
e838b05136bfa563d51bbd07004a5ad3ad5035c8

SHA256
da2ebd19fab7343309b249836ea01cd9da6e0578c50447c055062dd9a9e1485b

SHA512
41cb4185bfd1db3098d3ee65e7ddd8606d547e9fa37b6ee381d9d1d30090d816ca08a010e2cdeb6c4d759bae6c78244133442673738d34073f45e2a2d13a5a0d

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_pl.dll

Filesize
47KB

MD5
f0b4b2a22a8355e08c6f675c72c44a0a

SHA1
2e928be4e4fc9ad60bdbfb64ed5a4e919826e7ff

SHA256
14c058bdc23ee09d36b86749bff56f3b2df5db78fdf00183605ef2f88d246b5c

SHA512
50afad5fe2a400e15dfa14b17a9cb6d09f84f251e7f30bc1b3c8343a0475fb71e1c3ba797d6ecf4d5577f12464d71104aba74dd316cd46d98a536bff06bc3abf

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_pt-BR.dll

Filesize
47KB

MD5
4a0ac10149514772b8ed115881507823

SHA1
cf055f84b3fe1c0ea876d7f4a2da6b60ac00c49c

SHA256
c30f7fe5ca824613d64c00c11dccde78b314d4077b085dd76ad3f31aff6994d4

SHA512
b22ce4fa60c817ee8aaa2addeba3d80a09388b53b9b12ed17bd7cd9a30c5ed596feaf74c624122881c7648636791d72257d25a4526d23ee2c1d2660bfa9242a4

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_pt-PT.dll

Filesize
47KB

MD5
f25ea294364f76e9403bfb9a7c4df3d2

SHA1
15279194292edf3a5ef7c0895661f9346d6b736a

SHA256
fcc7cfb1b9f765b1028c3bd4a28328be09b3f1563c9982caf640aef2d85548ed

SHA512
e9beacb912e7f23532e14ea84993c7c208ca76e8ec4751032e2dd39e2f4be4c2cf572974fa3673d36d7959732f76d68901e88042b22e4425f639b0508bc1d609

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_ro.dll

Filesize
47KB

MD5
e18232fc4c20995725b7569d4d7c5e39

SHA1
317811fe437d014a414aa8ca9a8e34cfee2a9d62

SHA256
36497cecc0e9204f640afcc1f4b7f9c07e0ffe9ec91680b3b9bf101a1dadf3a8

SHA512
49a7e946061dd6ee65d79f40c3d4f47014fbdd90d13f45eb67efb8ddf48452ec4b22bbb6235c2e50d6fde8fbc0b20478590cbabc4ff3107b03b5cf332f17f25c

Download Submit
C:\Program Files (x86)\Google\Temp\GUM72A.tmp\goopdateres_ru.dll

Filesize
46KB

MD5
3c5420963472fd9fd35a821f27ddfe39

SHA1
cf4c1dbea586d6a46dfaa79967403d5cf033152a

SHA256
b08b1fb85e641f285d1d80bc706021b9ca9efc204b5c4acd4339c8ae21db9031

SHA512
4d8f67eb7eaa407de592b40502b7ff7074c8aa92f6959183b0c149c4117aed15590d537835cfdcb2986605b4d948807e6503069595e27ccca3f53b7f1832b2bb

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\GoogleUpdateBroker.exe

Filesize
98KB

MD5
f75f7fa66251839c45818040a6a37b95

SHA1
0f1fa61d7e5627806be957f6f929f824799135b5

SHA256
a42e52d85ce20b21d4831eae860a8c8d05604772b2dba24a97931c6b2054f64e

SHA512
ff5d752ed86c18771521c9b74ecbb1ffbd09f8eb407160fcf45bc52ffddf922c92a2bf2ed26f7e3ecc7f6e830e0d6e8e9fcf56f730071cbc48dbe0dc089192e3

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\GoogleUpdateHelper.msi

Filesize
40KB

MD5
00d01757986f9699ed1776192b23879b

SHA1
078e770984c7dfc0d1fa4cbfdd21d5f0518504cb

SHA256
255d41980163063182d9f737088d16d175674b031a92e7425fe5aedbcbbf16e2

SHA512
679f19fb6feff2de9f08001206e56f244444fb4e6c6dff6d703d8382acf946c8bf7dfed9228fb81767a8981f74a40ec7c2408a457283fe1243a23230d1a21680

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\GoogleUpdateOnDemand.exe

Filesize
98KB

MD5
6e07d38f57f11856bb57f8a07e3905f4

SHA1
84401701e89c74a8afa8860214a8ef6a2f2e3d6c

SHA256
7b5a33d5d3ecb3bd3d08139f67c38d78546ea5f2be2814a727e82d5dad94022f

SHA512
036dd7ae8edb7a959dc4c3505287c818bac8acd58153c7a6624c8dc6006ca3a845000d672a5926242775f27603fe26cf6545efe954160d99246d9ed4445dae3d

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_sk.dll

Filesize
47KB

MD5
2ba0fbcb318f871e4e2546f76f1406f1

SHA1
cd76cf2cfa775bcccf6c9b95d7c9e614d0fcb7e4

SHA256
e2cc74a9c6108858a3f98f954ce0e954b3fb455de0c5912adc968f831f5f16e7

SHA512
f6446050415392962616a64c617d6ce63e7bfc3924ca3d18d0a39d79e9b4e3155ce4bf0655d6680af10f37b69ad61ee1adac367a59c858902129168defa6e56f

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_sl.dll

Filesize
47KB

MD5
0832910c6cf029f39b83b8ca177fdb36

SHA1
9f1f10a9cbf9d258813bb086cc04491fcd3edacf

SHA256
4d2a7b3f5dc97029885052a2eab625b15883e3b1c7c9f0c06da70f78d4b0767e

SHA512
29f82df4c245b8211e30579cc382433e2378ab1c1f116842a48f7c63254e6d2ca64de0ae69dae1b5c9e63011359ce567c97132818747b9382adf17af6eb44a1c

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_sr.dll

Filesize
47KB

MD5
f3b884a81e7c29b331e8b84178f88c21

SHA1
8ce0b26a1a66da52308b5e0f94cc325c503bc9e5

SHA256
5248ecb78c9045f2b253aeae320a4a1c00197d66a73f08a2b594722f6368c0cd

SHA512
0114609953e264839a18fab0420f15d2939e2a8f66ab8796cacfb5f0f09b5c18176a51e14840c479c2dba067293e0225df7c48d07e11d3c593ede33ddb9df89f

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_sv.dll

Filesize
47KB

MD5
932154577d7cd1c4f33795259060c9ed

SHA1
651cd7def53819da738033f47e045c2dbb409db1

SHA256
04f458898d9f27b827ed1dd6ba26ff35ad98ff9cdb327e26a98cf22d2f7238e6

SHA512
36eff4db8ddfbfc1ef5c9245b0e1d8d67e6cd5f300ef7d56b641229c25a306d6d315cb34f36df8c3f1693bc273385693628565ec06c9cec9c3ed28717daf64fe

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_sw.dll

Filesize
48KB

MD5
a6b129a60b160360f9c04e1496a0b461

SHA1
007342f5b1ceb115ab1b65421cd9c68a393f7622

SHA256
6b27da78263099472d5eb2be0bed03455bb30fcb59f0136a9fd125055797fed7

SHA512
e68132706b337ec84ccc4908e3b02367783cd279375aa0ba89523d51dc513948b86f238b14a03f2a96a93b5c5a3ed011573d7eb8591f5e283e03326569fe9889

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_ta.dll

Filesize
49KB

MD5
a78bcbdb7bea75499b0abc87f223e61b

SHA1
8ba8aafcb6bed92c4aaba9165f2802c721fab267

SHA256
f3c8bf639077b2c785c29e0b5ab928a318d31f56ed6155e39edb78268c60dc4d

SHA512
ae4506231d763a64c9d374a6bc2876f096efb32c06916af3722bf30ae94baea906f1e90385584133ae424cbdb2c55327c2ce53d13d68eb1baa72e1f1dc6b6063

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_te.dll

Filesize
48KB

MD5
288663eaff06ecd417e63dd1cac1d399

SHA1
ab1db6d76c9656cf79cfa1205c16c0f78a49e7e7

SHA256
4bb7639b806a0df60493a182740a4d963a40cad40acc83197e6aa4fc13aabe17

SHA512
440b37a6a665ec86a267c47fa46d1c2bb12fe1d6cc31122dc5a22035afa680beb0327cf19c917bb13021f8b96ad73b3c172a5c28b610cc75ef446ea1768ef952

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_th.dll

Filesize
46KB

MD5
4709640c68557944a3546bceaed4e35e

SHA1
ba3f8f7ed1ed920c18c14e8330cdbe2f53265d61

SHA256
872277a33574c7ff2bc438454d92ff7a63e4230865cb3b018a07da270f3ca53e

SHA512
6d5a859d98fca2490dc567d799868da32ac803bfae8db8d5fb6c6bdca9e69782221e08a4aaa58772539855f3911c16bcb7e5f912ae043d0cdc2dd30da37577d8

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_tr.dll

Filesize
47KB

MD5
434630f73a1abddaeeeac32512c0bf99

SHA1
b7f15ccb8e1b75805cc1b913c2b71a8ea1e74b53

SHA256
bf49999ea6bc30808a9d12a141f18853bda782707d45a9f755b63fd162a8c429

SHA512
22986c2e76460f43a94fb954953ea63af2b0875bf3bad5734ddc06af5ab4818df845644b214b45d81715e789bd5fa46b57dec574970d450d6822da28c2278b3d

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_uk.dll

Filesize
47KB

MD5
311ec34c1427989f20666849066681bb

SHA1
eba04336711a00313b6fe94af4041075ef880d82

SHA256
ae0f72ec8cf21bb047ec4932946394437ef6f77e88e69a2380f9f9fbc5761674

SHA512
78c38879534c63c676e389efdc14f05c6ca5770b6a016263db88ee69c9f27d97b52403d1d98004ebf3d5bce52896944b8a14ddaf0f329ce83d2e2e81cf8f2c29

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_ur.dll

Filesize
47KB

MD5
466acee475c55b374490ec74cf123172

SHA1
0b9a155975b5f9834138027ecc6777a52d14cd7f

SHA256
7b02d10830734b35af7daa1c7a554a4d9d3dfa8a0b68673a4db63e3b92843568

SHA512
3be21a624f0dbc93a5dd0e939983d14ab1c6ac82276f2694985d49da6cfbe93a2268c2041cca9793fc8f6d89f7ca764fcb4af991f1ad530dcf8b1ea60236e17a

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_vi.dll

Filesize
46KB

MD5
a8e0e759c048679d1ec1da42e9879cc8

SHA1
579e61c3a6b4d1909c1d566409ed73b3942062f0

SHA256
31ba407f7ce644894611626db6d167e3dc8f721573dc88947905e06dde0c1119

SHA512
92873aa3200ed3369cd082845a675ff55e900299b47f2946b488080fd539b413230c4e1983143abd7b5ac32cba57b03f033b4bf2896dfb0417b6047d422a6018

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_zh-CN.dll

Filesize
41KB

MD5
4e6fdd91de9e8a49b47d714e09261408

SHA1
583510bfd56f775303eeab62e62e34d6c3490c84

SHA256
fbc86fa6c17ad3a8c6e61baefe4f161e240bacdc161b62056ba21771e185fef8

SHA512
222bc13cc2b4c74d800d18d8cc24a304b80a327054a7345340361069876dfea30f39db105f08cbfaf33e709cf1c43f60d02c3235391691535faf5a73f3a8ba2b

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\goopdateres_zh-TW.dll

Filesize
41KB

MD5
65461cf3d910a55c4ecdb237d6730e64

SHA1
47432cc0f24eb0a89f18cf83a4d542f400a18ced

SHA256
bcac4bdb4d8698d6cbc611247d63b8a7c1ecf81ddafac4d594474e30bae5c878

SHA512
9bd9f4acb31b225c9910a4913e4449eba9f2afbccaa8326c328710ce8cc05b41a460519599b049d1ad984b8bceeb7434c5adb241a8a9433afff510bf3a01765e

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\psmachine.dll

Filesize
263KB

MD5
2a57bf5cd74135829b74c95fbab99948

SHA1
0e9d27adca65561cfe4df87215968973d7c0cbcc

SHA256
7afafe66618fbe358d533575ad11942d5aa24a2fda7701dd8467b62911e31b7d

SHA512
81b57c6a1ad19af133b848ae2e4a28332d4fdee8761227dd946ce4a0fa3e0d0940961c58559d97af998aa2b4aeef04c066f01ae64a963ae4e132b8ed73fcdfd8

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\psmachine_64.dll

Filesize
324KB

MD5
b525dfa42567e62cb97942a9de070093

SHA1
809c3da4495268ca8218f6acbfdbe03b2484d833

SHA256
b3e6e6d8ce5625ef4fdfce7ed63776fccefb78b291c4d6bd34a6dd041a2486f7

SHA512
c349ec82fdfe17459259c951a212772ac80398b398975a8142273376e2487b7e45dbaa9d1d9268ff8f9e6be19adf4982fc4c24455e16d3beb3488a88799726a9

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\psuser.dll

Filesize
263KB

MD5
8945946604ab84d9d90155d434231c69

SHA1
2fbaee265f2e252b2389deeeadb88c434aeb85dc

SHA256
b4933be3dc2b7f1e14f900e27ffa4f10b7b90c9dd07e6874fe381335ea2ebead

SHA512
5da75ccd1cd44e57f36057de3fac82a138f481b0ae82a39389b3ab72ca65e2a9c64ab8d779466d1f1b1a2713fe7947c1448c67ff5eaed27228ac0e24589e9460

Download Submit
C:\Program Files (x86)\Google\Temp\GUMC3D3.tmp\psuser_64.dll

Filesize
324KB

MD5
e20f561b084b5463b4ce41cded4b24f5

SHA1
a46630dd3467476efec2d799b858e5b90222fced

SHA256
c620d36aedf98bd7819914000af790faaa2569e708de3aa62c8de55a921c38d2

SHA512
b065ecc8be6288e3c07ef5635e72ff2225d107e5d2a7c8236661aa60998260e9f50b5a0203ae168897f7bdead879b1f4e62cff776106207a12648f76ccf0efb6

Download Submit
C:\Program Files\Google\Drive File Stream\97.0.1.0\docs.ico

Filesize
278KB

MD5
78dd649ecd3385d695f35d2f7472fc59

SHA1
f406687a375a7a639133cb1c23a0f0a15dd983bc

SHA256
010178e6dcf6827f55d49d1f2ed00897ab518ec6a01ade3a8b5d6fe783902f20

SHA512
37966b5399453d579df354348834426f040e8e697be8c4314c38b1c1ca8d2b30c2d25201888c320c01f3aa7bfac405528ce86a7c29b503560cb63c5ad4362e03

Download Submit
C:\Program Files\Google\Drive File Stream\97.0.1.0\drive_fs.ico

Filesize
22KB

MD5
ae77b5d8aecdaf681a310bb86f52fa0d

SHA1
e2490385480044d6449f4b618c9d44be15c3a915

SHA256
19578a8efd2f893172931a5f86b9492e0b04c9c873f079764a5224fa1095fe42

SHA512
d41a412025eb20446e71174338329074e4a56a7355ef2db62e315430bd5020bbdaac7a34fb18293ffc61649fd517116b0273bcf6f83d67a8bf5ad23c3732ca69

Download Submit
C:\Program Files\Google\Drive File Stream\97.0.1.0\html\Folder-offline-mac-dark-static.png

Filesize
32KB

MD5
d6f7361c78024edc66041842b16f6882

SHA1
691f7848a0b6192945b55fa3cfc44f16a4b2fba2

SHA256
305addd20094d23480906fa6bee606befaaca9ef3bdbe7d529eaeadfc53a01db

SHA512
7a017b938946d88c29113cd949db94563a3f5f99680da8ee7eae28862e5e5c119c460a6e115d7ed27e6c74e792c7dbd01b35e48483b68e8d9b4f106b4adffafa

Download Submit
C:\Program Files\Google\Drive File Stream\97.0.1.0\html\Folder-offline-windows-dark-static.png

Filesize
8KB

MD5
c9720214d101fff4dc74c6ffce00c063

SHA1
780d108045a24681232b735866264fac85f023db

SHA256
4552a0319ec3e3f3a622233d54ded519564db4c2b47e6fe3b89f2c9286576fd9

SHA512
3689b388b777bd6f3ad1344ea76f880a2aa91ec3dd55c03fd2982c37ccea4ac7ab7bf192e4a693b6e3fb423a3f7bc498d24438f7539ecfcf53b57bddc249b03f

Download Submit
C:\Program Files\Google\Drive File Stream\97.0.1.0\html\dot_onboarding.css

Filesize
112KB

MD5
a6777d750eb84a43b2f32bb4cbf8e148

SHA1
180c594cf535b82a7e87d8d14337a2f6315c0853

SHA256
f4dcf0b6b0dd87ce377e0e2eef4bae123399b874c8e25c6d95d1c84b92c552e7

SHA512
221f4eaa7b9403889860019aac0600d2769705572711339ce5d5ec6b4af02b622a8ef10a9defc3837a8efe06ee89f0d27b01d1268452ed45ec405929cdee2414

Download Submit
C:\Program Files\Google\Drive File Stream\97.0.1.0\html\drive_logo_24px.svg

Filesize
1KB

MD5
4e660325cd9813fb2d0d4b85ac402147

SHA1
459df5749bed7e9499eae619b3ee546ecd6afd3f

SHA256
653c51a6a15fc98ba963f72ce2009308e261030fc3535c63fe0932b1ea43933a

SHA512
cd41b3df416497bf9d4b8c83c1a1e58877df5b7ba416c47aaa936db310208cff17fe42dcf2c2164dbbca8ac447e5a7fb5657d327fcc92e0996b355f2e90d53f3

Download Submit
C:\Program Files\Google\Drive File Stream\97.0.1.0\html\ic_arrow_back_grey600_24dp.svg

Filesize
229B

MD5
16d1cac0827ca336e6e83289dd4611b5

SHA1
5d04bc7618cd4dd64ef3786587e38518fb2bbb31

SHA256
e61548c9d88e8e22834f766c9d72597f1f5a8897a0b0106fb04eca5293b9f4a1

SHA512
4cc006489b4db1be8842cc2fdecd70d2d3ee8ecc4fec27784f30a2fd545022351609390baaa18ce0e06e86bab23e00ebc60566d9f3797562eb7f3471047fa6a6

Download Submit
C:\Program Files\Google\Drive File Stream\97.0.1.0\html\search_dialog.css

Filesize
256KB

MD5
d4dedb3e3647b96b7f3e7d599722a5bb

SHA1
88d04928fb7c6c80a7b6347aee51a427884a148c

SHA256
b2452cd8698d3d6514d06c4769ac69feb0f323f2ead27aca6d3236c474688a3f

SHA512
1446de918c2662b105fa50dee18e1cd07e3d33638e52c623b1f015b5d4a6ebc2ec54cf61028f6e9f7015024b69efacaccbbedbd195159ef084e0ee7f12747d2d

Download Submit
C:\Program Files\Google\Drive File Stream\97.0.1.0\launch.bat

Filesize
1KB

MD5
7c989944f741077c6170a8e0ff0043b8

SHA1
d484e1792c316424a427639e0e1dc30853802387

SHA256
e6c42456c4cbabeb85648131340c34ad8b4c9e457c2789af430bf8a1d5aba067

SHA512
e617bc794ce7671a821b0c6ee43da343164e956ca3733926b7cac17ff2ad31de4c046c41f56535c091d84b208f48ad26f11e9cc3078c1374c74e59fd62ef9fdc

Download Submit
C:\Program Files\Google\Drive File Stream\97.0.1.0\sheets.ico

Filesize
278KB

MD5
5c2e0fd6a2afdfc94df72a6418a00be4

SHA1
7514a01a1402c4a0a7cfe0ca40bf7bfa1815726a

SHA256
41a8ab368c6475c6e37e91624718cb804d736562fd89c0ea9725116b67053763

SHA512
651fbca27ea62cc8dc1c4e7c553b29c32361e690865d4c06446d87ddd9d1db38f072e58d61f9bd7beec5f407ba50a131ec6b881f4e9dd9f22d29174ca57a9c8b

Download Submit
C:\Program Files\Google\Drive File Stream\97.0.1.0\slides.ico

Filesize
278KB

MD5
0644396548c95d0b16db947b86ae9fa5

SHA1
9505d5387b05ffc682d0761687600d02570a0fcb

SHA256
604ff435bf679423a0ba1490fdac232be9fb5bd1702eca7ff3dbd3c317706a94

SHA512
10864a7f45bedfcb178d04e56cfe469f12961763b7991a506a57bd417092c255815ee2aab09942c6ec0e40b6f6a99a3d073fd79dffda420ab54c3bf1402704a0

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\76b939f1-7fae-41fd-83df-e9238d2ab587.tmp

Filesize
649B

MD5
b7c1323de6ceadbe7d833e1d71d78171

SHA1
d8a49ac3707cc7ff296ea2c1ed31dd28ae4347e4

SHA256
08c27cc0677796ce54c3fa03cb3cbab43b167c6887fe58c6b97807c2b9aa7d69

SHA512
6ed3004387f0b22064df7a950aa03360eb24656d8337d87c89280ca3b360272b4075999c8fa89192cb35335b131ddc63657cc41378e5c861777f68f865c3525f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
516KB

MD5
d8affb6e82c5b4f946f1dbe1266d3cf3

SHA1
e32dc2b439483192db7326e0e49913a811347dfc

SHA256
395243fdd0666de3ebca4b6ccca23d9613bee8d9c6102f5b3d6d9b1bc13aca65

SHA512
ccce14a550c3ae21e12ab97fd4afd93bdc736885777813cfd5105bf6f09491a176e251a514f41753de1f8e5a9663ce58ff713a8e877bbdf7672b4fae6fc7ec1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
44a61d3a9dc4d24447f4006ce1770c8f

SHA1
a56aae47d681e5199e217f782516a71201d50e45

SHA256
823032a0f9fdd6561ea9eaa2713b9afd3775adf646b4325279996b24ff15e92c

SHA512
a3287450f9b6841fbcff0b97ca39b90cbccbfd9449a6554691cf41512555d6f0b4c0cc00312fd80681c0f3a84f4b8126f9a3903003edb0d45f0c9493bb338b06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1f54acc189ac52f11ee1116e99c4cd33

SHA1
d47211ca9bd41f71da6ef127de63d5160bbedefa

SHA256
c1464e484c2b09777f587a361622cfeb5e71b77629206ba6d89846a0b847d1be

SHA512
8e2ea70c5f3bb80c79e73366f5b5edce1df726f8ab5b2cf7ccb43526d7a79c1a08bd6e78278d8e885aa0c81a4bde15738f9e5cb8f257126803dbf561a29c5bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ac7ddda7d7899c8746a4071f5a5710e2

SHA1
386cbb57489bc6983c80f521487c9a2600cc689f

SHA256
e511e28185b3615e822f66e1afb7c8f8fa3ea3a639ea81fac96baaef9e70736b

SHA512
7c787c05d76656483b744ab9fdb194ffd98f09724bc0649a91f83d1c9bc580f47b36ee7998c8a51b1eb710cab784bc3c66af441b02eeac96191cb8161a655958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8d995b974ad751e6d095321ea29bab92

SHA1
9afe9b51c221cbd12aa2313997087e601c148a1d

SHA256
f7c5ec01c6338cc18d66d621b5c004810f909d558e0e426b5298360f0a4cc969

SHA512
4233b6f956cb951e57473314637ce1ba9bac93c1f868790df230b18665643368dc12d6715bc8e3464a15f10389a1ae5795d3bf4b5096ffbc33c15e36a757ad91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5bd9dfc87600a8f0d06fc191aa3607db

SHA1
a12689350deadcd4d208d9af6f0ef87fe9611b6f

SHA256
26077b8637f3092351ab1ad43d73f595d7b6a86f7d42b472b847c51a54eb69db

SHA512
735a0baad190bc58b2e4367c9774503db5a861ace85bb3d1cbc7c1030ecef23ace4cc54eaa77049ae95aa9f838074168417240d5aeec0a016fcfcd960f20807c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c3518dcf800d86e11d882d22826f3e67

SHA1
a61412c219f1f523dfee694545fbbd399979f795

SHA256
586ead704e4cd474d583a09d2ac8307e2db6da2ed70fdcb010af6b65a7b6f1d5

SHA512
b7006e03326e69391f7c3ffecee81e1b0ed164142102f205eeb110fdd53e180b735e325d304a9ced030abeadd35f1d7ffb1f3ddca82ad9e4fd0996c594dce06d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e5daa81eb3eb40ff56c5d548d3c2030

SHA1
380c72a5f2ab160e6b24b4717d1d4733fe256914

SHA256
71d7694117f0c5d788ed4f5bf6bddf529b4e859a6953684745007ab6be8e1d73

SHA512
b1af898c0cf08f63cca4283931b7baba161bfc2f8ce71dce1d8856b4c934b1e1ef5d0fbc0a082a8dc9179e26136eca6d07e7816a839c6d6d320aaa631e0246db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e3858653321b5b3e3abcb3b90134261

SHA1
93047b212ad492e581aef35daa3e54b3f5477296

SHA256
5ba3d2dae07da58ad96ba01592219ccdc9519e972aad164e40c635fba9489aec

SHA512
60d45bb10f02c4120b01a1a270663d6be2dbe24b0dac215207205276ad7d6bc5af77b53a736a861735762e85a3c0eb927d97e20060b9ede0049d5fe24f7c9998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed514ee8c1c872615054b7a9351a4c5e

SHA1
1d28068c250fa34867a1de1fff737dfcf9a02941

SHA256
78dc2d635f968294c5a9fc36e5cd3ca6a5ed40e51f10895858b008eb4b0ffaca

SHA512
d52d35f6b5b670de3ba33a68c8ceddf44afef997855647304a45cc08c95820ccf9d4800d272baad825c99e4ddeac1141817b2d30f5bac4d9fecdcd66248e36a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c6f704f0b29dd5d547fd51e776a3392a

SHA1
0bbf4645c4d87e34978d04a57e496a72dc9b195c

SHA256
daa4f7f38bf6f3f27481a6c4ef41000bc5ff078388c24b8eebf954df1fdf37e0

SHA512
b374c30e590bbee74ac313c0aa9f9fe27b6a0d3b06f129abae27cb5d550392ffa7f94495d5bf47cafe76c842c52289f24dc7636876837dc800a1d8b65528f2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d4a2141a789ab441ba8ecc222540ff3

SHA1
9605e6cdd00dd8e22890d00aa58946dadcd78ea0

SHA256
86ffb40aff545ea6507556385b23371bb6cc0511a34084e1fde3ff2dcf83e7dc

SHA512
acca6c9f1b0f58baa0ebc1d9e0a87a621b645c7c0fb5ad1f3b7821cc429d4fc2d363c963110527a4baad029272bad56d670e5fe4d3d3a33129a75add731da6a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d43d57cf3e16678d98207d8778f8c1e2

SHA1
b86473474e4a15e846718b53800b6f8a9068ad4d

SHA256
6a254e36971099867f64fb10d58f94f9fb93b328fd1f75310b839bf43bce3909

SHA512
e7368e1686f3128e8d98792282bd5665e1c083cbd7bac4551ae2e76adbd675df7492133ecd397836de28272f84d09b91e1e234737d9bbb556c25c17d1ede01fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8aab0f1fb108495c415f27f91ce2a279

SHA1
0e34f6a1dc9eba1284e65f5da61c1266541e0edc

SHA256
5e9832fcdaf6e732a7598185e0b6bd6248e0e877879a57d8c18bc95f40b2903e

SHA512
fce9a65a87b9b7953eff1419dc46a44143d514097cbb0600b6e35b8102deccace67a8a44bc819079c55ac8eaae79db06bf6451a68780d23eca9f98dbd4c0f084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
922ca1af9862263aa73081068017221e

SHA1
5b6f6f84d92a797101bbdc2d7aa2c3deb0e5b51b

SHA256
e6a3ae3265a53384f1ebf08d46b1080ae4d4c50a6810cd6c8fc1e8a5c9f7b186

SHA512
f174f507c288c6728514cff99124404c1f0726c9361a7332324b8cde3b4d208e400f8014b39ec4f20c386c996f9a21b0ae448e265235c631c7a952af9d371cf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c5f38b78cc61e609c09af1aff6ca254

SHA1
39c270dfd833d13f6e97c8fde4866e67411d1cf8

SHA256
431d0e6a665babbad004b9d3cb38e12a89e5a56fd5769942111ad3c5d6a00156

SHA512
92ffbbd480befecd51badf2a5063516133d255157921208c2fda32789554f143aff79ab6bac150abd0f3c4bcba71814d1acf7de6a8b3178190e38e7a0723e07b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c5ecea9ea11866b9b74f88da54af1f8

SHA1
4b3a05918150c70a078c424947053fa6a8239760

SHA256
35727a451b665faf28b5624cb5ed9a1deea8adef724fb92a0c43e98672e06edd

SHA512
4bb58db56d4993410048bce7011feb25bcf729f662df518af11a346d9ee8828a6328b951fe884449e9289cc1fed9a1eae2b2cb0080ed2568c310d82348fd0fc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
80290e21d4a722112754e16be2077051

SHA1
044461b06e0caff84169f3d0809022fe34b2b693

SHA256
010b965d589d99f274d68fd74c5528a9eb157c162dbdcc60f50c3d546d13f080

SHA512
b4312d409c90bf719d253fc7b0b22286057e0704ade247652103eb5e4cdc08b93636b18a4afba2d4473510059e50a2f3f0994f0fbf9f748d8b292456c2d9dc75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13b7b3ddd5d77caac9b3f112595a7976

SHA1
f1311939b9c537955c301792b45af8808e8594df

SHA256
788bb84fe8939953c84472b4dc3e8acad9db648d2fc42ed873844804a3a315ec

SHA512
bab47199871fca27cea2b423bc6e732e9e18de980fcc3ae57c5f1c374424580e55bab7415ec312a547d114b9cf926c7b9b13c9e84b47b0184599e6c721f31a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b913b97a9523349de4ac793a913a99f

SHA1
9b6f2c69c3c4a4f459b0e67f94a849aa5da8dcbc

SHA256
de2be447234ce127e0524a40b361ca3ded5a18d0d37237bfcf50877d6e8f3727

SHA512
efba6696b59266229cd377c3f57377556561c4ad6b54b2bee46875566414258deeef84ca19c9f460ccd5d963c2252ccceb2896b14247513e85f2679b0d40c4ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1828149462cc583d053587e3249ae932

SHA1
fc7668984b9068f74a96be8873c329b66e622967

SHA256
9a197a4ace75bafeae518883e14330b2b18628502ebceb34014290a75e720c82

SHA512
756e6954bf1290054de03a6a78b8ff4014b7426ffa57303acff70f752756059ebd1ca10a6f0fe2d479f4de10aa08d0f62d79e8ca0077fc455fd9a7b174a94c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
465649b6d858631a3e805a79c8359dd4

SHA1
cc38d49bc9710a0538d05aabf6c84f3f603116ae

SHA256
127d2e336b66ba1e44146bd3766dd89629a5e821489b5581cd925d4aae357984

SHA512
ca0bc7e79f0f3d9c0ec845e1b21524b9b5bd2449ace436a15cebad4b3833a22c8c7f41a644f941b1ab4b1ed57ad60791b625469ce7e4ae4fe2bc9dacedf411b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
53961b0d26b59193e9762f87a6dfc0c0

SHA1
e8830f951050c54cdfc3638f318c4f2e0cc23b7d

SHA256
9a87e953d59dcd627913e83b78cdf50f77986bb933eee0c9e06c615bd81f45de

SHA512
d62c3bbd8452b20b7935df6d29052873642a00be51d131e38ccf1bbd63580e5d44569f8badf28536eefab69fde6f7c465f86975a71672dac7c9f05d5c8ed3832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
651045979d6aab5f30307e9ff6633d05

SHA1
f48a721e2fbd692ce5d6fc234cda4942eb06a93e

SHA256
d01761a51faac6b5c8204ecd38ad3fe294d1ba1792070c0ebbe0134b256c6513

SHA512
fb79f31573b19ae79b9e486b103c4c3e193ac87368413897472db961062f1266de6c77563a7621eeade5d6f6e2ba2fedad003830699b467722ef1f0d17fb630a

Download Submit
C:\Users\Admin\AppData\Local\Temp\GoogleUpdateSetup_241004211233_3664\GoogleUpdateSetup.exe

Filesize
1.3MB

MD5
8050f9005f263dd7d359518ea7e66365

SHA1
18938feca68d6d6f9988ae205dc7796f23b175d3

SHA256
5b59a02be605468e9dc9d8c0b4e3c2ab66b180c654264be7bf98fa4b36c21286

SHA512
12a11d88c84d67dbb6d4c752a251c6c511effa8f2dd9d75696ed2ed0efc7078927169be0277fbabab0253ddd922fa03d19c831241e5e62a97d6833710a00eaa8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
388B

MD5
4fa301ebdc1e1da486bab6d9983bcf4d

SHA1
0999176e933983177c224197eec4eb96f6b046df

SHA256
e816c69cd8a80c79242e3ce01b07a9babfd69efb356aae72b36c959bcd64f0a7

SHA512
264785aac077f176cfecf05d18b8ebf27dd10f74df12420a24de55aa50fbd1f4ca1fb5dae1a089a8cacebf1aa8382ebd1005841c6d3924529c4ee62654ada465

Download Submit
C:\Users\Admin\Downloads\GoogleDriveSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/3740-2896-0x00007FFEA53D0000-0x00007FFEA53E0000-memory.dmp

Filesize
64KB

Download
memory/3740-2901-0x00007FFEA31B0000-0x00007FFEA31C0000-memory.dmp

Filesize
64KB

Download
memory/3740-2902-0x00007FFEA31B0000-0x00007FFEA31C0000-memory.dmp

Filesize
64KB

Download
memory/3740-2899-0x00007FFEA53D0000-0x00007FFEA53E0000-memory.dmp

Filesize
64KB

Download
memory/3740-2953-0x00007FFEA53D0000-0x00007FFEA53E0000-memory.dmp

Filesize
64KB

Download
memory/3740-2954-0x00007FFEA53D0000-0x00007FFEA53E0000-memory.dmp

Filesize
64KB

Download
memory/3740-2955-0x00007FFEA53D0000-0x00007FFEA53E0000-memory.dmp

Filesize
64KB

Download
memory/3740-2952-0x00007FFEA53D0000-0x00007FFEA53E0000-memory.dmp

Filesize
64KB

Download
memory/3740-2897-0x00007FFEA53D0000-0x00007FFEA53E0000-memory.dmp

Filesize
64KB

Download
memory/3740-2900-0x00007FFEA53D0000-0x00007FFEA53E0000-memory.dmp

Filesize
64KB

Download
memory/3740-2898-0x00007FFEA53D0000-0x00007FFEA53E0000-memory.dmp

Filesize
64KB

Download