Malware Analysis Report

2024-12-07 13:46

Sample ID 241118-ftea8strbm
Target 3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46
SHA256 3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46
Tags
gh0strat purplefox discovery persistence privilege_escalation rat rootkit spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46

Threat Level: Known bad

The file 3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46 was found to be: Known bad.

Malicious Activity Summary

gh0strat purplefox discovery persistence privilege_escalation rat rootkit spyware stealer trojan upx

Gh0strat family

Purplefox family

Gh0strat

PurpleFox

Gh0st RAT payload

Detect PurpleFox Rootkit

Sets service image path in registry

Drops file in Drivers directory

Event Triggered Execution: Image File Execution Options Injection

Server Software Component: Terminal Services DLL

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: Component Object Model Hijacking

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Checks installed software on the system

Checks system information in the registry

Drops file in System32 directory

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Network Configuration Discovery: Internet Connection Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: LoadsDriver

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Runs ping.exe

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-18 05:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-18 05:09

Reported

2024-11-18 05:12

Platform

win7-20241023-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe"

Signatures

Detect PurpleFox Rootkit

rootkit
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0st RAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0strat

rat gh0strat

Gh0strat family

gh0strat

PurpleFox

rootkit trojan purplefox

Purplefox family

purplefox

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\QAssist.sys C:\Windows\SysWOW64\TXPlatfor.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A

Server Software Component: Terminal Services DLL

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Remote Data\Parameters\ServiceDll = "C:\\Windows\\system32\\259438024.txt" C:\Users\Admin\AppData\Local\Temp\R.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QAssist\ImagePath = "system32\\DRIVERS\\QAssist.sys" C:\Windows\SysWOW64\TXPlatfor.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SysWOW64\Remote Data.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\109.0.5414.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\Remote Data.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\109.0.5414.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\259438024.txt C:\Users\Admin\AppData\Local\Temp\R.exe N/A
File opened for modification C:\Windows\SysWOW64\ini.ini C:\Users\Admin\AppData\Local\Temp\R.exe N/A
File created C:\Windows\SysWOW64\Remote Data.exe C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Windows\SysWOW64\Remote Data.exe C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Windows\SysWOW64\TXPlatfor.exe C:\Users\Admin\AppData\Local\Temp\N.exe N/A
File opened for modification C:\Windows\SysWOW64\TXPlatfor.exe C:\Users\Admin\AppData\Local\Temp\N.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_sv.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_fil.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_fr.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_ko.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_sr.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\ta.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_es.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_id.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_bg.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\fi.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_en-GB.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\kn.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\VisualElements\LogoBeta.png C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\fil.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\vi.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_fa.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateCore.exe C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_it.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\en-US.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\zh-TW.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\VisualElements\LogoCanary.png C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_kn.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_kn.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\VisualElements\SmallLogo.png C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\setup.exe C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdateCore.exe C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_lt.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\bn.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\es.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\he.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\hr.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_bg.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_uk.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\ru.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_bn.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_en-GB.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_nl.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\chrome_proxy.exe C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_pt-PT.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\hu.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_ro.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_ur.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\ko.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\psuser_64.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\d3dcompiler_47.dll C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\en-GB.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\et.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\tr.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_uk.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_sr.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\SETUP.EX_ C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\109.0.5414.120_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\libEGL.dll C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_es-419.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_bn.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_pt-BR.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_te.dll C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\109.0.5414.119.manifest C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\Locales\mr.pak C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1496_1019230880\Chrome-bin\109.0.5414.120\mojo_core.dll C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Temp\GUTBB36.tmp C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_pl.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\PING.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Remote Data.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\R.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\TXPlatfor.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\NumMethods\ = "12" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\NumMethods\ = "11" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\VersionIndependentProgID\ = "GoogleUpdate.PolicyStatusMachine" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine.1.0\CLSID\ = "{25461599-633D-42B1-84FB-7CD68D026E53}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods\ = "41" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachineFallback.1.0\ = "Google Update Policy Status Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\ = "Chrome HTML Document" C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\Application\AppUserModelId = "Chrome" C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ProgID\ = "GoogleUpdate.Update3COMClassService.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LOCALSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ = "IAppVersionWeb" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ = "ICoCreateAsyncStatus" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ = "IProgressWndEvents" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods\ = "11" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\NumMethods\ = "23" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\AppID = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ = "IAppCommand" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods\ = "8" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\VersionIndependentProgID\ = "GoogleUpdate.OnDemandCOMClassMachineFallback" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\LocalServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xhtml C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\109.0.5414.120_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\109.0.5414.120_chrome_installer.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2096 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 2096 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 2096 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 2096 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 2096 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 2096 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 2096 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 2096 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 2096 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 2096 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 2096 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 2576 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 2576 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 2576 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 2576 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 2984 wrote to memory of 2476 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 2984 wrote to memory of 2476 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 2984 wrote to memory of 2476 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 2984 wrote to memory of 2476 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 2984 wrote to memory of 2476 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 2984 wrote to memory of 2476 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 2984 wrote to memory of 2476 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 2096 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe
PID 2096 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe
PID 2096 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe
PID 2096 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe
PID 2096 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe
PID 2096 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe
PID 2096 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe
PID 1156 wrote to memory of 2936 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1156 wrote to memory of 2936 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1156 wrote to memory of 2936 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1156 wrote to memory of 2936 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2856 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe
PID 2856 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe
PID 2856 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe
PID 2856 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe
PID 2856 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe
PID 2856 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe
PID 2856 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe
PID 1700 wrote to memory of 876 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1700 wrote to memory of 876 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1700 wrote to memory of 876 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1700 wrote to memory of 876 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1700 wrote to memory of 876 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1700 wrote to memory of 876 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1700 wrote to memory of 876 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1700 wrote to memory of 2380 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1700 wrote to memory of 2380 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1700 wrote to memory of 2380 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1700 wrote to memory of 2380 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1700 wrote to memory of 2380 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1700 wrote to memory of 2380 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1700 wrote to memory of 2380 N/A C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2380 wrote to memory of 1792 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2380 wrote to memory of 1792 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2380 wrote to memory of 1792 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2380 wrote to memory of 1792 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2380 wrote to memory of 2320 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2380 wrote to memory of 2320 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2380 wrote to memory of 2320 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2380 wrote to memory of 2320 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2380 wrote to memory of 2732 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2380 wrote to memory of 2732 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe

"C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Windows\SysWOW64\svchost.exe

C:\Windows\SysWOW64\svchost.exe -k "Remote Data"

C:\Windows\SysWOW64\svchost.exe

C:\Windows\SysWOW64\svchost.exe -k "Remote Data"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe

C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F403DCC2-7F09-8811-74F4-EE2B00D4CD16}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjQxMkY5MTYtQUJEOC00MEZGLUJGOEYtMkE1OUJFRDA4NzNFfSIgdXNlcmlkPSJ7OUI5RDMxMUQtMjk1MC00NkM2LUIzQUUtRjc2NzVFMjFBQTRBfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0JENDY2NjVDLUI3MDYtNDVGMC1BRDVELTc1NjUxQjkyNDBFM30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjE1MSIgbmV4dHZlcnNpb249IjEuMy4zNi4zNzIiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7RjQwM0RDQzItN0YwOS04ODExLTc0RjQtRUUyQjAwRDRDRDE2fSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI4NDMiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F403DCC2-7F09-8811-74F4-EE2B00D4CD16}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{6412F916-ABD8-40FF-BF8F-2A59BED0873E}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Windows\SysWOW64\Remote Data.exe

"C:\Windows\system32\Remote Data.exe" "c:\windows\system32\259438024.txt",MainThread

C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\109.0.5414.120_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\109.0.5414.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\gui344C.tmp"

C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\gui344C.tmp"

C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f751148,0x13f751158,0x13f751168

C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{D8630729-F667-464B-BED9-44CEF9CE803F}\CR_D26BC.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f751148,0x13f751158,0x13f751168

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjQxMkY5MTYtQUJEOC00MEZGLUJGOEYtMkE1OUJFRDA4NzNFfSIgdXNlcmlkPSJ7OUI5RDMxMUQtMjk1MC00NkM2LUIzQUUtRjc2NzVFMjFBQTRBfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0I1ODAxMTJFLUY3NEMtNDM4Ni1CQTZDLUE2QThEOTgwQzUxMn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuNTQxNC4xMjAiIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMjUiIGlpZD0ie0Y0MDNEQ0MyLTdGMDktODgxMS03NEY0LUVFMkIwMEQ0Q0QxNn0iIGNvaG9ydD0iMToxZzh4OiIgY29ob3J0bmFtZT0iV2luZG93cyA3Ij48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL2VkZ2VkbC5tZS5ndnQxLmNvbS9lZGdlZGwvcmVsZWFzZTIvY2hyb21lL2N6YW8yaHJ2cGs1d2dxcmt6NGtrczVyNzM0XzEwOS4wLjU0MTQuMTIwLzEwOS4wLjU0MTQuMTIwX2Nocm9tZV9pbnN0YWxsZXIuZXhlIiBkb3dubG9hZGVkPSI5MzEyMjYwMCIgdG90YWw9IjkzMTIyNjAwIiBkb3dubG9hZF90aW1lX21zPSIyMzUyNSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzQ3OSIgZG93bmxvYWRfdGltZV9tcz0iMjQ1MzkiIGRvd25sb2FkZWQ9IjkzMTIyNjAwIiB0b3RhbD0iOTMxMjI2MDAiIGluc3RhbGxfdGltZV9tcz0iMzMzNjkiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6236b58,0x7fef6236b68,0x7fef6236b78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1056 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1424 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1560 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3056 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2492 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1504 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2236 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3748 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3880 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3772 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3988 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4024 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1312,i,16393241077200701993,1302179121446541121,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.212.227:443 update.googleapis.com tcp
GB 216.58.212.227:443 update.googleapis.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 216.58.201.99:80 o.pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.46:443 clients2.google.com tcp
GB 64.233.167.84:443 accounts.google.com tcp
GB 142.250.200.46:443 clients2.google.com tcp
GB 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.212.227:443 update.googleapis.com tcp
GB 142.250.178.4:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.212.227:443 update.googleapis.com tcp

Files

\Users\Admin\AppData\Local\Temp\R.exe

MD5 8dc3adf1c490211971c1e2325f1424d2
SHA1 4eec4a4e7cb97c5efa6c72e0731cd090c0c4adc5
SHA256 bc29f2022ab3b812e50c8681ff196f090c038b5ab51e37daffac4469a8c2eb2c
SHA512 ae92ea20b359849dcdba4808119b154e3af5ef3687ee09de1797610fe8c4d3eb9065b068074d35adddb4b225d17c619baff3944cb137ad196bcef7a6507f920d

\Windows\SysWOW64\259438024.txt

MD5 7a0a3a5a4df84d73965a486668ac584d
SHA1 8bd004ca9da6d92998ac3a09a00cd3aa14f6475f
SHA256 172df2a77d34d319d569023c3b6b5ba55cde0e214304303883fd2f1f319cd3e0
SHA512 a7cf84e296072eaf3bf7a996c0af1344e8257b9bdebbac80d7acbaf019e16beac6751962919a38cc5fad13377eb8c43c3902af67e41f2c205d96773306fb4fad

\Users\Admin\AppData\Local\Temp\N.exe

MD5 4a36a48e58829c22381572b2040b6fe0
SHA1 f09d30e44ff7e3f20a5de307720f3ad148c6143b
SHA256 3de6c02f52a661b8f934f59541d0cf297bb489eb2155e346b63c7338e09aeaf8
SHA512 5d0ea398792f6b9eb3f188813c50b7f43929183b5733d2b595b2fd1c78722764fd15f62db1086b5c7edfb157661a6dcd544ddd80907ee7699dddbca1ef4022d0

memory/2576-18-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2576-21-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2576-20-0x0000000010000000-0x00000000101B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe

MD5 4c5f20e3e05f9d56c291d6dfe2f6417b
SHA1 610fcce6bd9738958202f49bb3557fadfeade9e6
SHA256 9a19b74e9247f9c4980f985bd4796e65b856081b2b12c9d66bfec3ee1f761ac7
SHA512 efd2b8733737015b5e6d09146fb709d0cffb5ed81dac3c692576a2a880a2935eb1d0ad7996e9cb3485016e5331c94e8e7842c557901815f580884f53335cc49a

memory/2476-43-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2476-47-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2476-48-0x0000000010000000-0x00000000101B6000-memory.dmp

\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdate.exe

MD5 baf0b64af9fceab44942506f3af21c87
SHA1 e78fb7c2db9c1b1f9949f4fcd4b23596c1372e05
SHA256 581edeca339bb8c5ebc1d0193ad77f5cafa329c5a9adf8f5299b1afabed6623b
SHA512 ee590e4d5ccdd1ab6131e19806ffd0c12731dd12cf7bfb562dd8f5896d84a88eb7901c6196c85a0b7d60aee28f8cfbba62f8438d501eabd1bb01ec0b4f8d8004

\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdate.dll

MD5 dce0fd2b11b3e4c79a8f276a1633e9ae
SHA1 568021b117ace23458f1a86cd195d68de7164fa9
SHA256 c917ad2bf8c286ae0b4d3e9203ab3da641af4c8d332e507319ee4df914d6219c
SHA512 ba89867fd2bea6166b6e27c2a03a9a4759aee1affe75d592f381d9cb42facba1af1535f009a26f2613338b50de13b6576ab23c4e24d90827739f1678923ff771

\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_zh-CN.dll

MD5 3238536195c72141bf60ee15ce6413dd
SHA1 5d89916a8f72b9836e3e2e1eb93077b515a231e9
SHA256 5c0e33d4cbda0d878a48c51a7286e6ce3884ef0aa06ce4fc306b888d3e8f07f4
SHA512 78fcc97db95b720e1ce7fa24ec9820d784a8013f791837629021176f8ae416775ed8a25b3afbce33fc18b29de5375f3ea2818a5a345ba0ad87bc71dfb72cbe0c

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_ca.dll

MD5 ba783ac59839551280618c83c760d583
SHA1 53d1d10955e322a6135b047eecd88a4815f9b6da
SHA256 c2d15f8da32907d8cea1aaa0d51f16bc692a74141fdace43a84c78647433a086
SHA512 a635d52c20164a02dc3fc4ddb961bf36177014e0cb27e50588013a0e9f3787194de3c9da160672b62b25eb94ddcea366bcaa44b6bfa593da77c97aba48f8a50b

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_el.dll

MD5 59ba1742a224cb96c89ca335ff208409
SHA1 2b595feed6efe926cc87c16534c3b8bafc511cdb
SHA256 2836ec2d0830b66f281d65cb24f9ea2311e6464f13d4d0e41547be5ce994582e
SHA512 a4e7bd47af97387ef0828daa4d1b6f820faef02c28e77dda0da08e0a4766f2beac42d4ac5dfec82e7c3fd1a39e9d6a1359d45750ebce4c0e6722567b1df6e919

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_es.dll

MD5 f49411f7f8feb475ee096db6a5938290
SHA1 6926ddaf08b3f701fb357f032e76bb33e63f50f0
SHA256 e7a76d367bffea50a8f0b2f8daee91b3e5250431127a9dfdaa25980c39b22573
SHA512 0f95d6cf92882a30dedf4b51bda94cff87da327843569aa4f3c763fa2c658378795adaedbc3d93958128376e51d2d0792958def24a2e19c57d6717153d3512ff

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_es-419.dll

MD5 4a28036303c7f36827a757d0950669b1
SHA1 af5fa8d2dbbd8f8bdac508f187731cf33ff8b960
SHA256 0047475c9353a570604d437d8985cebc7230b26f010ef30f4176f93f0c2361b4
SHA512 b5eaf77b729142abc233974c3900c39cd75fd2252e8ed49059bfe607d2b1c74b28f347b86793aa8e5a12c87701bfce8e9c87d34e262df7be559ecbd0f56e9c0f

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_fil.dll

MD5 b039877936c8bc88efd93656e8e2fc3a
SHA1 b27e928267e2b7085e45cf6f450ba8bcc0af66e2
SHA256 7ffa28c0273c63aad16d3ac3419144f5bb8ce3484be73c45130927aa3ada6e43
SHA512 26992d60966d56b64b0ca2047f9149bbac8e6522d14ac2a9b2a4e57d5991f26a050e02fcb475243f0787221fc2307d5523f2c33b6abc3f6c7aa5daa1938f67f3

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_no.dll

MD5 9efb18e27e49361b5ca0fe4eebb286b2
SHA1 7e522beabde6ad87aec419f4c26395c64d8382a8
SHA256 3c066ff77d407ad1547372027f0c569ff65b06f1a5e34ed578ab9e6b87ce4876
SHA512 5c034c37801cea6fa3219d24f81b62bd416e4ce2e9102285be34ade76d80ed0229d7951c8b4626e2aa602991a8ba5424c2409a50f9dc8909d335a84d6bccc52b

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_pl.dll

MD5 355fe9ce9db81686db356a30c17212a4
SHA1 6eb7892a5ab482f9f2e4c91dc12700e1e0eeffac
SHA256 5a6d70da9a5ebae1d28d8fa97ec40e40b271d5386648a5d00e28d49fd41a2bb0
SHA512 b76653623bbef763639ab79f75173811962727b677bfd359952224d61a4537f8ec8067ce9281145f1500d68b4133792c1a03beae9708067d3a57bf2138e63d9b

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_nl.dll

MD5 092df8fbd33220a72d1a81745cd61722
SHA1 16ee50224dc792a144dd8445c1b1017f0b22d252
SHA256 001666ead47d5efa71ccfa9818269e137f0c4ad90f32d758a9e6d9bc4560bb9d
SHA512 d2da63cfb76879745de3d2b537673f584bd2f28fca9582a8476f78b69ae0caa156085b61c33f03737748b942a1196ec0f1a4628766ad85ad6de60c6d68cb5ea2

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_ms.dll

MD5 7f3113def8e50c086bbe84273477bad4
SHA1 f29165a7988ed9b46fa162b02cbc58e3baf9dc8d
SHA256 60821a3672d3170f4d2e230e4c72aa3fef58cdeea16d0af22b5c2077bd76750a
SHA512 3fb6f5ea722e81ccfbaf01110fa341f8299a81b71ae072f52d11e2c8b3bcf202175f9c8e176c289aeac9d405d9919e406ae75929a942b52f49cc52a0858611dd

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_mr.dll

MD5 b7479d97664ff3f68883a4665ad46f03
SHA1 fed7419a8408adecd531d6f7e1a24bfbbb97a25b
SHA256 d8b54b04a01467927702a439f875de02577721da3d6b393fc9b6d5f81f0e363b
SHA512 3885c46f4763961ac41ecf4e33ef67f560b14672087894bc0d72b6fdf1e73feecc5a4990f0df52759032085ae4b9cf918355010954166614b18e3cfed2e82645

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_ml.dll

MD5 1a68c9a98363c381f08922f560250758
SHA1 5c8fab19a6fce550c541ddae84c1ed1eeb1d9a8f
SHA256 2a308897298977866c0199c137f679773ed63ed703b1286d07cf0e1de45225f1
SHA512 c22490c4660ba897c34eaf2f1681b9ef713bb8da72969db4a462ec8f639eef1a3403a7cbafe8f86906d69a4c716e8d638caf89aa9911996d1d1600b0659bce07

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_lv.dll

MD5 dd5164441187cd34cf6b4571ad06b02f
SHA1 12acf5a1184c074ef04b52f2e855866b815fe61f
SHA256 df49a28d88b5a20f2bd26fe17fd049a04baa5c27c0c9d96203335c4ee52d4413
SHA512 c1bb517c682f211f6894c06810bf13079dabbc1912d8f6932746c0dc774b1ad836c21cb2e7f19f7575eb4ba989644f7806f13fca2653dab7b44960a567788a57

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_lt.dll

MD5 979ddd15d4625f2d9442308ac23b093e
SHA1 41bdaf8e7930a788e72b2e8d812d3ad8cc9614d9
SHA256 546ec90e214472e91048428924aea9853eb1a0baea8fca9af87f5b4640440078
SHA512 148e0c38279d1ae560713fa4c0f2bf1c0245b6971d71d7b4a2cf44c4d512ad1fc8a9cb33ce7554f4a4855cc0ef319c6e72784cb2c4b87b324990ba945c31ef9f

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_ko.dll

MD5 5c8d844a20331d1753b38babc1ec567e
SHA1 ebf130fb8c1550d329aa2eb008780c2a8a69dc06
SHA256 2da70429e0e6b931da700861a2c0b416d9420c3973531edef460079fd2d95c8d
SHA512 0a27588c7f5791940ac4d8946533a1572d70f8c4fbdf0ce35a3c15a3ae56d77d2094b2b2c1ed4090bfad4ce11488d616d5bedfe6dc62ba32ab33714abce8ec65

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_kn.dll

MD5 78ba7d33500cfa4639519609f7cedec8
SHA1 9b0d9c945917d61f8a0caf2c3e11d0cb2c7e6c7f
SHA256 6c8c7692fcce08684ead91e0a68c09121e46e45c1aa5d30aa9342d9ff099a3e8
SHA512 f3e7acbaaee401a2a3b0a68db88fbf6fb620940cfe2891d822f38ef18ee5739d0ce66d5f440eb8ccc1d336ac5a406bb668ca20eba9fb494c0adff3bde8c73d96

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_ja.dll

MD5 56c037987597e28377c43df3fd64a2a0
SHA1 1e769ef90a0c8c5bf3c4a6d4e4ff5897a4e1ab84
SHA256 d158b0a602fafda9a117ad6065ecab3f02159ec1055adbac8979b311db83e1c7
SHA512 b2982807011cc473842aa89aa425fcc504d91072e384246122ebdc33b56ecafe16b746cf5206d2686412f90ee663b1545565cc050dda600295aa8bb4fa0f6828

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_iw.dll

MD5 7c89d57d66e73d8f09ebafa1733e61c2
SHA1 d2cdf93717da261437a841dc7bea321dda20736a
SHA256 936ca4058d17ceff0ad72ffd721ec87e76a7df8066fb10110a8ae7bf311d5c27
SHA512 205eae74837c601e459ba5d7a994f3ba76b279ca67ffc8d694d9b75baf72bedaf72f18443417010c19fd3c97560aa7c1284b319a738afea5a2402d7763fb1674

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_it.dll

MD5 49a37b39ed5f6fc7f8ed271afb7b4b00
SHA1 e688384442cf0c87d95afe2dd4ac9219e2ac6862
SHA256 d6a2194ed9fc11cf4ee229d6282225e732594c345b3a948d78e1e25287e2bb92
SHA512 d75608306a0b44a1a6c8264804fc77dda034a83a2e1198a982a388b99e595687aa2b1c34d49f4ebc92b05f4932319eb0f66caa5d749e1a8f0b33b51a379367aa

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_is.dll

MD5 d9bd75ad7a3a353cee9c40044ce5b794
SHA1 5cfae92b010c7f15c0de3faa2d556501077eba6c
SHA256 569ae0a08a78a956848b5a468247a02a0a0917657de3dfd17ebd67cfc929f38d
SHA512 256c11f9c5adc1efb11a3eb0807226afe72bdf02e6657104001b11c12961accd2e9ce4b7c6f8ec8dc577f8b25d6049f18f143786f2b9b5b2b9b6f14bb480b7ee

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_id.dll

MD5 e8706af39491f7a579a4a03d7e97ee86
SHA1 2f0cb0de6a34f368803003bc33f260137741d525
SHA256 15dbad35e7fa0dcf3ac2f08adbfb56981e3365f91d801c71f913fc0ab7c4cb52
SHA512 b3544f99cbfd0dec7bd2b9169364cb2daac8aa388f24f27862de71e4bcf40a24ae42900510aad30cdcfddd0594b62083ce67c9b573c8fe3a3055873ffab7297a

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_hu.dll

MD5 5601a611f2801a57025ac0f6725ce7e3
SHA1 bd2f8d12a70b19546adfd22fe6a590a4274d2669
SHA256 bd765a07250856c9ecb5a8319f04b9bdf4d2251827324ab5066b3d731b18ac18
SHA512 41ea26924ebf780e5d91ff8e5383d31b04076197b43ba964860556484b845e0590bf4cd805876cafb7cfb3082002cb35454bfc34c55e17113d9778a73182bc38

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_hr.dll

MD5 b9114cc4de1128c5156e3afc7f8123f0
SHA1 ff0fe96553ade4200d68305dd2e694dc91a2995d
SHA256 2846c112a3f0a3c6b050fbac7ea96dd3733f117068a5cccc8b6cf16ede9d4c47
SHA512 3bb6519556cef59d91ad92e11987ae6a36c9436cee5fe79b2a08b24fbbc04207c1114d466c0dc05f63221b368cd13b818b0c87188feb2511716a2ad75675a478

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_hi.dll

MD5 8d62d3b71591fcb40f59b6d0f651614d
SHA1 2c7b1831cead9e2acb85cebaf1c2c53784476f38
SHA256 ad368ca65db3e0a9417634d6bd2ac81c38858f875c1cdc6d641c2389b99d5a59
SHA512 9ad0a199148eb21927c1ee3976fde7be2968063955b1a5526fe18b62bc12c3b4d6e2d7dad7b5b1e8f76937733ae4a38289a32bcebfe60ab50f0f80648ce80711

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_gu.dll

MD5 9acb142c6097bef9a56847eaff078a5c
SHA1 d69d206d06dcf09b46b0e8bb47c177cb2a5bd8e6
SHA256 125b6ee3b4fee064eabc9baf671a366e4e88f68c97e582972cf741d914284628
SHA512 49f06023c4c70b75aabb81b586114704bc905480f4c0978e8d4315c232ea0b5d7d9545b7d02a9b24b71f72b066e926839908e2ace1ccf245716e6ef2fcf1193c

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_fr.dll

MD5 048033bd00459d6a545744ba1d46ab45
SHA1 1f9cb02b84da6b603b8be9a717f4ae3f32cb3f4a
SHA256 52099330cdfdb45b04db7bc0b2003762906afdca4ce16e7a33f0b4f7aebefe7b
SHA512 66a676c37e03dd326777534aba889410a6ecf43e17a5f5736415a5be179d4f8aefd626a1f28b4869d3dd17a296b04eaa88d20c90796f9a9cfc3899007a08748c

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_fi.dll

MD5 0ff6b7be8cceae26bd9ade3914b987c3
SHA1 6bb771e7c844ca501cbd1a05c0c19bb2078a784b
SHA256 52e75123d0c6ca6904a613aebef15dc9e662a7296089923ea690b4e627e5cbe9
SHA512 98e13a07d13691eb113ae63eff36c7c9041582ddfffb26f3918c0e87f484315930a0e924868c83dab46349bc09dddcb5bf0ae7a01155d9b1e2d90aba5ac4834b

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_fa.dll

MD5 66e75aac042e5776513c1a20f360df78
SHA1 2916825a831048eae55402371591221be27eba3b
SHA256 2528329f2177422671714b67c9d292e681791c26e6fca8d3e99d92434f23d686
SHA512 6985d5004b6e919b7977c608be044004d2c1aafe1f855dd4b47dedb2f3a22cb04608df2c6079480b7cb3d08f8605c8aad1b3279c78482afd44280db143508839

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_et.dll

MD5 6d9e77d00e750d6c56784bd03dfe7137
SHA1 e0c8e15adfb6b3efdc2eb1f7f3fbf5301d185ee6
SHA256 feececd2144da0f8d7006695f2e915fef34b1cf1c00c867e2a08cf8d9e5b5bc5
SHA512 8082e6bbf590212cdfd5b844557b66702e60220cd02d5850fb821a4a6527d4d5e82f1fa7595fab01f76090e8992ebab92de614205db4413ffb6bc48c9c10f185

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_en-GB.dll

MD5 68420a06ad032bd6a79b2472c3350476
SHA1 4e301f757c209dc928ab05370a51abca66bd38d8
SHA256 bbd19a75809f516726289377f97d67ae5f9122fdad0ad9f34974cbbbc91b9968
SHA512 9829cb34552d85b99441273174e801f401b1d7df3c7140e8bbdb74b77008e3e258bbafab2afb3f01f7909198c1376a3ae9360c941c7df60ad49309fb916b5f8f

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_en.dll

MD5 0d30a76bbcbc637382fad5a927297a2f
SHA1 39dbd1bcb5372e06aa4ffa3a6fe0010bf8652517
SHA256 dc22cbd055cfae79301c7906ca1e2a1e926aaf943fb11d8060b91202bd5759aa
SHA512 1d73f9a223ff1d292a4886c1377a2dca0459b6f757f814d73e66746f25b4e97fbaf90188d96cc1829bc9a288b5a118ff472fabb1c401994b1524d70e92953f8d

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_de.dll

MD5 c1dd450c8f536604579902fb23013233
SHA1 ae60094a4a1a2a33624a65b0ce3132a77de6c6e6
SHA256 a8422f753e831ea71c41867cfdc767fcbc05874fc039a0101bd05c571f8d822b
SHA512 35ab265a6363856e40156185bffb93d6481ea321f63a033160847cb88cc0764a18f14f9a72265e2f1f9caeff4702efdd147a46b23614fce090e08b78cd3ebc4f

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_da.dll

MD5 13bb66cf80aea019219f9181496b5b74
SHA1 8bbd83fff1bcdc01e93ed263b8564519a7c6fe7c
SHA256 c9e878e8c3a2ebe17df25c3406a0c449d93e56620e3006e83ce777952f47a488
SHA512 e7c84e8c600767cb4df43b9ed1c5220becde79c32f832158bd78368ec9b04422f272715bbca5a261da967fcb019dbf01d154467c77d2775e46e19ab3f6d64f9c

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_cs.dll

MD5 8041b1db1f5a00dc1a617f02d9cd9744
SHA1 963bb4e81134089d12b26ad1631bb0825e9b8fa3
SHA256 c823d54a7777e3cb0ff2bbec829833f0ad5bfbe58290af02e0f85a877db50fb7
SHA512 bfa81a184e2985e2755c941137562c40ad4903a9b883f84471ff10636c363be909db0044bb4320c1fb615303ee375d64675a894abe08414ff1c0a5da0e22d450

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_bn.dll

MD5 64ed14e0070b720fcefe89e2ab323604
SHA1 495c858c55151e2400a1a72023aa62216033f928
SHA256 635f3a7fd3c1f62eb91117189ac84e1a1e5c3a8e104863d125c16e8be570e3d1
SHA512 4fab73de11e595c7e4edd9a66137f8e7b0b13db1799dbe4c10dd766783079d38d560c6cc1bf9af4bc1abd71f1706643bd9a31c0f58e55df3d0dd7d739e1480b7

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_bg.dll

MD5 0d7125b1bda74781d8f1536e43eb0940
SHA1 39818cacce52ff2edfb2a065beb376d43fdb0a93
SHA256 00dfe30f3e747b5788f7ae89b390e63760561a411b7e39257376cd13700a1e0b
SHA512 c34d7405acceb7186cf63e75083981b9230d2755e207fdfd1dbce7d59a96f30ec04c28c12dbe0ed96fb595c63dec8819c08d406840787d9b9797568fbf50dec2

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_ar.dll

MD5 d1c81b89825de4391f3039d8f9305097
SHA1 ecfcf4b50dfbb460e1d107f9d21dd60030bf18c3
SHA256 597fe53d87f8aa43b7e2deb4a729fc77131e4a2b79dc2686e8b86cc96989428e
SHA512 a2be34c226c0a596efa78240984147196a4de8c93187af5835f0cec90ed89e7dffd7030cd27e7a1f1bd7f26d99322e785e195f5d41bf22e00c4af08270699642

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\goopdateres_am.dll

MD5 46f8834dd275c0c165d4e57e0f074310
SHA1 7acbfb7e88e9e29e2dc45083f94a95a409f03109
SHA256 91ac6c9686d339baa0056b1260f4fd1394ce965b1957aa485e83ae73492f46b5
SHA512 b615fe41b226273693da423969a834b72c5148f5438e7a782d39191ad3013e2abfa10d651fa2ded878abb118e31831dc7dec51729b3235cebb2b5d7f3ba2ade1

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdateComRegisterShell64.exe

MD5 0fe3644c905d5547b3a855b2dc3db469
SHA1 80b38b7860a341f049f03bd5a61782ff7468eac7
SHA256 7d5c0ed6617dbc1b78d2994a6e5bbda474b5f4814d4a34d41f844ce9a3a4eb66
SHA512 e2cf9e61c290599f8f92214fae67cce23206a907c0ab27a25be5d70f05d610a326395900b8ed8ed54f9ecbddfd1b890f10280d00dbcdad72e0272d23f0db1e53

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleCrashHandler64.exe

MD5 dae993327723122c9288504a62e9f082
SHA1 153427b6b0a5628360472f9ab0855a8a93855f57
SHA256 38903dec79d41abda6fb7750b48a31ffca418b3eab19395a0a5d75d8a9204ee7
SHA512 517fc9eaf5bf193e984eee4b739b62df280d39cd7b6749bec61d85087cc36bb942b1ebaed73e4a4a6e9fa3c85a162f7214d41ea25b862a4cf853e1129c10293d

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleCrashHandler.exe

MD5 4c3832fbe84b8ce63d8e3ab7d76f9983
SHA1 eea2d91b7d7d2cdf79bb9f354af7a33d6014f544
SHA256 8fe2226e8bec5a45d4b819359192ab92446b54859bf8877573ab7a3c8b4ada76
SHA512 e6e316bf3414ffb2674bf240760b2617ced755b8a34ad4b3213bcca6ea9a0aa3c2e094319d709a958f603b72197bfa34b100dbe87b618e17601b2e0dac749f84

C:\Program Files (x86)\Google\Temp\GUMBB35.tmp\GoogleUpdateCore.exe

MD5 021c57c74de40f7c3b4fcf58a54d3649
SHA1 ef363ab45b6fe3dd5b768655adc4188aadf6b6fd
SHA256 04adf40ba58d0ab892091c188822191f2597bc47dab8b92423e8fc546dc437ef
SHA512 77e3bbb08c661285a49a66e8090a54f535727731c44b7253ea09ffe9548bae9d120ef38a67dfa8a5d8da170dde3e9c1928b96c64dfc07b7f67f93b478937c018

C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\setup.exe

MD5 b42b8ac29ee0a9c3401ac4e7e186282d
SHA1 69dfb1dd33cf845a1358d862eebc4affe7b51223
SHA256 19545e8376807bce8a430c37cab9731e85052103f769dd60a5da3d93ca68c6ec
SHA512 b5269e7392e77a0fa850049ff61e271c5aab90d546945b17a65cc2ea6420432ae56321e1e39cfd97ccdb3dfc37ddbd6ff77907f5685cc2323b8635c8cdb4a84f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Temp\scoped_dir2200_1689384156\deed103c-2f98-442b-8937-bd056a2c2352.tmp

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Temp\scoped_dir2200_1689384156\CRX_INSTALL\_locales\en\messages.json

MD5 dbedf86fa9afb3a23dbb126674f166d2
SHA1 5628affbcf6f897b9d7fd9c17deb9aa75036f1cc
SHA256 c0945dd5fdecab40c45361bec068d1996e6ae01196dce524266d740808f753fe
SHA512 931d7ba6da84d4bb073815540f35126f2f035a71bfe460f3ccaed25ad7c1b1792ab36cd7207b99fddf5eaf8872250b54a8958cf5827608f0640e8aafe11e0071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en\messages.json

MD5 91f5bc87fd478a007ec68c4e8adf11ac
SHA1 d07dd49e4ef3b36dad7d038b7e999ae850c5bef6
SHA256 92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9
SHA512 fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 423d23a6a435d63e88204c6d01072296
SHA1 064c8b6c07e221f7e699c49a84fd7b5d1886e88a
SHA256 d775638fc349d07ba25945a207fb75e96568ede688bbf2085c533e978fd1fc1c
SHA512 e9f9e6acd37efffcc8e877d60408c3e888ace7c52cebf03594d0eeb388da789badab651b5c8761393ff23222d4f7fdab5f9b569cc075d74cab4244b21ecfc15d

C:\Users\Admin\AppData\Local\Temp\HD_X.dat

MD5 4256e159d84900202b80f998b0d24d51
SHA1 d5fa1d523eab526d025c61404aa7340fd771e153
SHA256 e741c94ecfcf316b573ea23d9a0d3c0b63efa570329353a7e12e8012af545777
SHA512 a2f80d6460e6165dcc6215c7493b71a0d8ace7850f7f034e4b514bf6f6bc8cc9cf2290ebce1bf8e4a9ce270734f6d6223890d639f528e73c830d01d328a1b30c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\97bce8c6-8b43-4cb9-879f-18bd61ae8b93.tmp

MD5 7fdad294662205dea79dfa76965c700b
SHA1 2a947ad043e28f1b388c657d99020d2ab255ec6c
SHA256 a6203321d74b155a23e8ea2b7375fa4d62c2d96a4a790c48a8b24a73d9f19f5e
SHA512 d401cfe3bbf7e22b33913b32bddeb2ec1d0ce1c924b0714997bee67589ade55c87f0f5e40ac2b873a84fa5eb72269928900e333c40bfdb9fb0c183ff785daf3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8ddfb16622f5155aec7bade228094f32
SHA1 84bbaf50904db14295a326359f0afb6607db7e6a
SHA256 a23b9f7e056d7ef053b1559a2e88bd594812181f7be1b5f64f9b2ca9ba897f31
SHA512 3ba8a98f904ce1220c77d6ecb977f8e832044adc7c7bff067645bb57356f6b374d7b9b18699f642fb0551c0584bf2cd508fcb16321cbb1b283661664b27a3051

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ced84bf4536dd0b04d4cb2bbebfc35a5
SHA1 66c2225bd53c3c02f3818f36acabea081aad2072
SHA256 22005818da79f9bacafc3201edce662099de1d40b7af0f26d41c218fbc43ea03
SHA512 6b549427137b9ad75c762c5b3b69956f91b7f703bbbdec4614985a7a89a10e3c0a2ff4551cf80649f4fe43f36b444255ba929e11144c38853928809ad5dfcd8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f2ec7a97bef5eb6742a5dc49c543c6c0
SHA1 51cd412baeac0f02524cbfd334e77b09c66e8d79
SHA256 3ce20ddf0d68793abbbbe0504e6811c1d972ff4dd687d327bf96da8f407772b9
SHA512 17961273d224f83acf39a1073cf33a0ebf704951012a7b8d5ce04e4f856bee1bd412ffec4ca8ea6fb6f093ad44836247e584cf44ed474c52625cacf6aa66c73c

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-18 05:09

Reported

2024-11-18 05:12

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe"

Signatures

Detect PurpleFox Rootkit

rootkit
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0st RAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0strat

rat gh0strat

Gh0strat family

gh0strat

PurpleFox

rootkit trojan purplefox

Purplefox family

purplefox

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\131.0.6778.70\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\QAssist.sys C:\Windows\SysWOW64\TXPlatfor.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A

Server Software Component: Terminal Services DLL

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Remote Data\Parameters\ServiceDll = "C:\\Windows\\system32\\240617859.txt" C:\Users\Admin\AppData\Local\Temp\R.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\QAssist\ImagePath = "system32\\DRIVERS\\QAssist.sys" C:\Windows\SysWOW64\TXPlatfor.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SysWOW64\Remote Data.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\131.0.6778.70_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\131.0.6778.70\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SysWOW64\Remote Data.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ini.ini C:\Users\Admin\AppData\Local\Temp\R.exe N/A
File created C:\Windows\SysWOW64\Remote Data.exe C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Windows\SysWOW64\Remote Data.exe C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Windows\SysWOW64\TXPlatfor.exe C:\Users\Admin\AppData\Local\Temp\N.exe N/A
File opened for modification C:\Windows\SysWOW64\TXPlatfor.exe C:\Users\Admin\AppData\Local\Temp\N.exe N/A
File created C:\Windows\SysWOW64\240617859.txt C:\Users\Admin\AppData\Local\Temp\R.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_ja.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_ta.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_te.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_en.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\131.0.6778.70\131.0.6778.70_chrome_installer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\SETUP.EX_ C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\131.0.6778.70_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\Locales\ta.pak C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\optimization_guide_internal.dll C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2688_250836669\_locales\be\messages.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateCore.exe C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_pt-PT.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File opened for modification C:\Program Files\chrome_installer.log C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\Locales\hi.pak C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2688_250836669\_locales\sw\messages.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2688_250836669\_locales\my\messages.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2688_250836669\_locales\lo\messages.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_et.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_sl.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_fr.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_ru.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\Locales\am.pak C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\Locales\bn.pak C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2688_250836669\_locales\sk\messages.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_ro.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_uk.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\Locales\zh-CN.pak C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2688_250836669\_locales\zh_HK\messages.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files (x86)\Google\Temp\GUT9174.tmp C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_lv.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_ml.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\Locales\ar.pak C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\chrome.dll C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\eventlog_provider.dll C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2688_250836669\_locales\ml\messages.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2688_250836669\_locales\ko\messages.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2688_250836669\_locales\pa\messages.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_cs.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File opened for modification C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_en-GB.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_hi.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_tr.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\Locales\fr.pak C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\Locales\th.pak C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2688_250836669\128.png C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_ro.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_sv.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_da.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\131.0.6778.70_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\vk_swiftshader.dll C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2688_250836669\_locales\eu\messages.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\Locales\ca.pak C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_el.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_ml.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_ur.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_bn.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_it.dll C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\icudtl.dat C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\Locales\en-GB.pak C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\WidevineCdm\manifest.json C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source3648_265222773\Chrome-bin\131.0.6778.70\chrome_pwa_launcher.exe C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_uk.dll C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\R.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\PING.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Remote Data.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\TXPlatfor.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133763802557252244" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine\CLSID\ = "{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LOCALSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID\ = "GoogleUpdate.CoreClass" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalizedString = "@C:\\Program Files (x86)\\Google\\Update\\1.3.36.372\\goopdate.dll,-3000" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ = "IPolicyStatus3" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ = "IProcessLauncher" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.372\\psmachine.dll" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49D7563B-2DDB-4831-88C8-768A53833837} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\NumMethods\ = "24" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ = "IPolicyStatus2" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods\ = "5" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc\CLSID\ = "{534F5323-3569-4F42-919D-1E1CF93E5BF6}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\Application\ApplicationDescription = "访问互联网" C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID\ = "GoogleUpdate.Update3COMClassService" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusSvc.1.0\CLSID\ = "{1C4CDEFF-756A-4804-9E77-3E8EB9361016}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ = "IGoogleUpdateCore" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1\ = "Google Update Core Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4C0B6D8C-1ECE-47E8-8C92-4CD88C0274DA} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromePDF\Application\ApplicationName = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32\ = "{B50B3FA2-B519-4C16-A932-46E9FFD1D910}" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\131.0.6778.70_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\131.0.6778.70_chrome_installer.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe N/A
Token: 33 N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4728 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 4728 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 4728 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 4728 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 4728 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 4728 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 1172 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 1172 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 1172 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 3624 wrote to memory of 3100 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 3624 wrote to memory of 3100 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 3624 wrote to memory of 3100 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 4728 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe
PID 4728 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe
PID 4728 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe
PID 2272 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe
PID 2272 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe
PID 2272 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe
PID 4780 wrote to memory of 212 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4780 wrote to memory of 212 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4780 wrote to memory of 212 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4804 wrote to memory of 4416 N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4804 wrote to memory of 4416 N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4804 wrote to memory of 4416 N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4804 wrote to memory of 2552 N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4804 wrote to memory of 2552 N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4804 wrote to memory of 2552 N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2552 wrote to memory of 3648 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2552 wrote to memory of 3648 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2552 wrote to memory of 4528 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2552 wrote to memory of 4528 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2552 wrote to memory of 3296 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 2552 wrote to memory of 3296 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe
PID 4804 wrote to memory of 3036 N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4804 wrote to memory of 3036 N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4804 wrote to memory of 3036 N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4804 wrote to memory of 2148 N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4804 wrote to memory of 2148 N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4804 wrote to memory of 2148 N/A C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3640 wrote to memory of 3580 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\Remote Data.exe
PID 3640 wrote to memory of 3580 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\Remote Data.exe
PID 3640 wrote to memory of 3580 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\Remote Data.exe
PID 4432 wrote to memory of 2612 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\131.0.6778.70_chrome_installer.exe
PID 4432 wrote to memory of 2612 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\131.0.6778.70_chrome_installer.exe
PID 2612 wrote to memory of 3648 N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\131.0.6778.70_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe
PID 2612 wrote to memory of 3648 N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\131.0.6778.70_chrome_installer.exe C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe
PID 3648 wrote to memory of 1208 N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe
PID 3648 wrote to memory of 1208 N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe
PID 3648 wrote to memory of 4560 N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe
PID 3648 wrote to memory of 4560 N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe
PID 4560 wrote to memory of 552 N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe
PID 4560 wrote to memory of 552 N/A C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe
PID 4432 wrote to memory of 5040 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
PID 4432 wrote to memory of 5040 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
PID 4432 wrote to memory of 5040 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
PID 4432 wrote to memory of 3288 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
PID 4432 wrote to memory of 3288 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
PID 4432 wrote to memory of 1872 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4432 wrote to memory of 1872 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4432 wrote to memory of 1872 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4056 wrote to memory of 3604 N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4056 wrote to memory of 3604 N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4056 wrote to memory of 3604 N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3604 wrote to memory of 2688 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe

"C:\Users\Admin\AppData\Local\Temp\3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Windows\SysWOW64\svchost.exe

C:\Windows\SysWOW64\svchost.exe -k "Remote Data"

C:\Windows\SysWOW64\svchost.exe

C:\Windows\SysWOW64\svchost.exe -k "Remote Data"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe

C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F403DCC2-7F09-8811-74F4-EE2B00D4CD16}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzY0NDc0Q0YtNDkyQy00MjRELTg2NjUtNTA3ODYzQTA4OTBCfSIgdXNlcmlkPSJ7RTcyNTY3OEYtMjc5MC00N0FGLThDOEEtMDRCOTQ2MTdBQUU3fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezMyMUUxN0JDLTczMEMtNDFDQi1BODNDLTVEQ0RFQzdGMzI5NX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjM3MSIgbmV4dHZlcnNpb249IjEuMy4zNi4zNzIiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7RjQwM0RDQzItN0YwOS04ODExLTc0RjQtRUUyQjAwRDRDRDE2fSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxMjQ4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F403DCC2-7F09-8811-74F4-EE2B00D4CD16}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{C64474CF-492C-424D-8665-507863A0890B}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Windows\SysWOW64\Remote Data.exe

"C:\Windows\system32\Remote Data.exe" "c:\windows\system32\240617859.txt",MainThread

C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\131.0.6778.70_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\131.0.6778.70_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\gui1E1.tmp"

C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\gui1E1.tmp"

C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.70 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff621957d68,0x7ff621957d74,0x7ff621957d80

C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{160FF141-1B4B-41BC-B221-CF6541595409}\CR_BFCE1.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.70 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff621957d68,0x7ff621957d74,0x7ff621957d80

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzY0NDc0Q0YtNDkyQy00MjRELTg2NjUtNTA3ODYzQTA4OTBCfSIgdXNlcmlkPSJ7RTcyNTY3OEYtMjc5MC00N0FGLThDOEEtMDRCOTQ2MTdBQUU3fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0U1ODkyODBDLTZFMzYtNEJGRC1BRDQ3LUQ4MjMzMDNGRjlEMn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuNjc3OC43MCIgYXA9Ing2NC1zdGFibGUtc3RhdHNkZWZfMSIgbGFuZz0iemgtQ04iIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0MSIgaWlkPSJ7RjQwM0RDQzItN0YwOS04ODExLTc0RjQtRUUyQjAwRDRDRDE2fSIgY29ob3J0PSIxOmd1L2kxOToiIGNvaG9ydG5hbWU9IlN0YWJsZSBJbnN0YWxscyAmYW1wOyBWZXJzaW9uIFBpbnMiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vZWRnZWRsLm1lLmd2dDEuY29tL2VkZ2VkbC9yZWxlYXNlMi9jaHJvbWUvYWNpbXl4dGc1Y3c1dXRtc2N5MnBhd2hvdHpscV8xMzEuMC42Nzc4LjcwLzEzMS4wLjY3NzguNzBfY2hyb21lX2luc3RhbGxlci5leGUiIGRvd25sb2FkZWQ9IjExNjAwMDYyNCIgdG90YWw9IjExNjAwMDYyNCIgZG93bmxvYWRfdGltZV9tcz0iMTc2NzIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjkwNyIgZG93bmxvYWRfdGltZV9tcz0iMTkzOTIiIGRvd25sb2FkZWQ9IjExNjAwMDYyNCIgdG90YWw9IjExNjAwMDYyNCIgaW5zdGFsbF90aW1lX21zPSIzNzE2OCIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.70 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc8ddded08,0x7ffc8ddded14,0x7ffc8ddded20

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1888,i,10421711012029145905,8955384028618427015,262144 --variations-seed-version --mojo-platform-channel-handle=1884 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1872,i,10421711012029145905,8955384028618427015,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files\Google\Chrome\Application\131.0.6778.70\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\131.0.6778.70\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2392,i,10421711012029145905,8955384028618427015,262144 --variations-seed-version --mojo-platform-channel-handle=2536 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3212,i,10421711012029145905,8955384028618427015,262144 --variations-seed-version --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,10421711012029145905,8955384028618427015,262144 --variations-seed-version --mojo-platform-channel-handle=3624 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3860,i,10421711012029145905,8955384028618427015,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4740,i,10421711012029145905,8955384028618427015,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4816,i,10421711012029145905,8955384028618427015,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5592,i,10421711012029145905,8955384028618427015,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5640,i,10421711012029145905,8955384028618427015,262144 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5968,i,10421711012029145905,8955384028618427015,262144 --variations-seed-version --mojo-platform-channel-handle=5976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5924,i,10421711012029145905,8955384028618427015,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.212.227:443 update.googleapis.com tcp
GB 216.58.212.227:443 update.googleapis.com tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 216.58.201.99:80 o.pki.goog tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
GB 216.58.212.227:443 update.googleapis.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 64.233.167.84:443 accounts.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.212.227:443 update.googleapis.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.201.97:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
GB 216.58.212.227:443 update.googleapis.com udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
GB 216.58.212.227:443 update.googleapis.com tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp

Files

C:\Users\Admin\AppData\Local\Temp\R.exe

MD5 8dc3adf1c490211971c1e2325f1424d2
SHA1 4eec4a4e7cb97c5efa6c72e0731cd090c0c4adc5
SHA256 bc29f2022ab3b812e50c8681ff196f090c038b5ab51e37daffac4469a8c2eb2c
SHA512 ae92ea20b359849dcdba4808119b154e3af5ef3687ee09de1797610fe8c4d3eb9065b068074d35adddb4b225d17c619baff3944cb137ad196bcef7a6507f920d

C:\Windows\SysWOW64\240617859.txt

MD5 7a0a3a5a4df84d73965a486668ac584d
SHA1 8bd004ca9da6d92998ac3a09a00cd3aa14f6475f
SHA256 172df2a77d34d319d569023c3b6b5ba55cde0e214304303883fd2f1f319cd3e0
SHA512 a7cf84e296072eaf3bf7a996c0af1344e8257b9bdebbac80d7acbaf019e16beac6751962919a38cc5fad13377eb8c43c3902af67e41f2c205d96773306fb4fad

C:\Users\Admin\AppData\Local\Temp\N.exe

MD5 4a36a48e58829c22381572b2040b6fe0
SHA1 f09d30e44ff7e3f20a5de307720f3ad148c6143b
SHA256 3de6c02f52a661b8f934f59541d0cf297bb489eb2155e346b63c7338e09aeaf8
SHA512 5d0ea398792f6b9eb3f188813c50b7f43929183b5733d2b595b2fd1c78722764fd15f62db1086b5c7edfb157661a6dcd544ddd80907ee7699dddbca1ef4022d0

memory/1172-17-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1172-19-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1172-23-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1172-20-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/3624-29-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/3624-27-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/3624-28-0x0000000010000000-0x00000000101B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HD_3b890b103509bbe71c22752c61efff21a04d9c93bf4d7219ac9b4b452fd7ec46.exe

MD5 4c5f20e3e05f9d56c291d6dfe2f6417b
SHA1 610fcce6bd9738958202f49bb3557fadfeade9e6
SHA256 9a19b74e9247f9c4980f985bd4796e65b856081b2b12c9d66bfec3ee1f761ac7
SHA512 efd2b8733737015b5e6d09146fb709d0cffb5ed81dac3c692576a2a880a2935eb1d0ad7996e9cb3485016e5331c94e8e7842c557901815f580884f53335cc49a

memory/3100-39-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/3100-57-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/3100-113-0x0000000010000000-0x00000000101B6000-memory.dmp

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdate.exe

MD5 baf0b64af9fceab44942506f3af21c87
SHA1 e78fb7c2db9c1b1f9949f4fcd4b23596c1372e05
SHA256 581edeca339bb8c5ebc1d0193ad77f5cafa329c5a9adf8f5299b1afabed6623b
SHA512 ee590e4d5ccdd1ab6131e19806ffd0c12731dd12cf7bfb562dd8f5896d84a88eb7901c6196c85a0b7d60aee28f8cfbba62f8438d501eabd1bb01ec0b4f8d8004

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdate.dll

MD5 dce0fd2b11b3e4c79a8f276a1633e9ae
SHA1 568021b117ace23458f1a86cd195d68de7164fa9
SHA256 c917ad2bf8c286ae0b4d3e9203ab3da641af4c8d332e507319ee4df914d6219c
SHA512 ba89867fd2bea6166b6e27c2a03a9a4759aee1affe75d592f381d9cb42facba1af1535f009a26f2613338b50de13b6576ab23c4e24d90827739f1678923ff771

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_zh-CN.dll

MD5 3238536195c72141bf60ee15ce6413dd
SHA1 5d89916a8f72b9836e3e2e1eb93077b515a231e9
SHA256 5c0e33d4cbda0d878a48c51a7286e6ce3884ef0aa06ce4fc306b888d3e8f07f4
SHA512 78fcc97db95b720e1ce7fa24ec9820d784a8013f791837629021176f8ae416775ed8a25b3afbce33fc18b29de5375f3ea2818a5a345ba0ad87bc71dfb72cbe0c

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdateCore.exe

MD5 021c57c74de40f7c3b4fcf58a54d3649
SHA1 ef363ab45b6fe3dd5b768655adc4188aadf6b6fd
SHA256 04adf40ba58d0ab892091c188822191f2597bc47dab8b92423e8fc546dc437ef
SHA512 77e3bbb08c661285a49a66e8090a54f535727731c44b7253ea09ffe9548bae9d120ef38a67dfa8a5d8da170dde3e9c1928b96c64dfc07b7f67f93b478937c018

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleCrashHandler.exe

MD5 4c3832fbe84b8ce63d8e3ab7d76f9983
SHA1 eea2d91b7d7d2cdf79bb9f354af7a33d6014f544
SHA256 8fe2226e8bec5a45d4b819359192ab92446b54859bf8877573ab7a3c8b4ada76
SHA512 e6e316bf3414ffb2674bf240760b2617ced755b8a34ad4b3213bcca6ea9a0aa3c2e094319d709a958f603b72197bfa34b100dbe87b618e17601b2e0dac749f84

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleCrashHandler64.exe

MD5 dae993327723122c9288504a62e9f082
SHA1 153427b6b0a5628360472f9ab0855a8a93855f57
SHA256 38903dec79d41abda6fb7750b48a31ffca418b3eab19395a0a5d75d8a9204ee7
SHA512 517fc9eaf5bf193e984eee4b739b62df280d39cd7b6749bec61d85087cc36bb942b1ebaed73e4a4a6e9fa3c85a162f7214d41ea25b862a4cf853e1129c10293d

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_en-GB.dll

MD5 68420a06ad032bd6a79b2472c3350476
SHA1 4e301f757c209dc928ab05370a51abca66bd38d8
SHA256 bbd19a75809f516726289377f97d67ae5f9122fdad0ad9f34974cbbbc91b9968
SHA512 9829cb34552d85b99441273174e801f401b1d7df3c7140e8bbdb74b77008e3e258bbafab2afb3f01f7909198c1376a3ae9360c941c7df60ad49309fb916b5f8f

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_ja.dll

MD5 56c037987597e28377c43df3fd64a2a0
SHA1 1e769ef90a0c8c5bf3c4a6d4e4ff5897a4e1ab84
SHA256 d158b0a602fafda9a117ad6065ecab3f02159ec1055adbac8979b311db83e1c7
SHA512 b2982807011cc473842aa89aa425fcc504d91072e384246122ebdc33b56ecafe16b746cf5206d2686412f90ee663b1545565cc050dda600295aa8bb4fa0f6828

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_ko.dll

MD5 5c8d844a20331d1753b38babc1ec567e
SHA1 ebf130fb8c1550d329aa2eb008780c2a8a69dc06
SHA256 2da70429e0e6b931da700861a2c0b416d9420c3973531edef460079fd2d95c8d
SHA512 0a27588c7f5791940ac4d8946533a1572d70f8c4fbdf0ce35a3c15a3ae56d77d2094b2b2c1ed4090bfad4ce11488d616d5bedfe6dc62ba32ab33714abce8ec65

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_kn.dll

MD5 78ba7d33500cfa4639519609f7cedec8
SHA1 9b0d9c945917d61f8a0caf2c3e11d0cb2c7e6c7f
SHA256 6c8c7692fcce08684ead91e0a68c09121e46e45c1aa5d30aa9342d9ff099a3e8
SHA512 f3e7acbaaee401a2a3b0a68db88fbf6fb620940cfe2891d822f38ef18ee5739d0ce66d5f440eb8ccc1d336ac5a406bb668ca20eba9fb494c0adff3bde8c73d96

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_iw.dll

MD5 7c89d57d66e73d8f09ebafa1733e61c2
SHA1 d2cdf93717da261437a841dc7bea321dda20736a
SHA256 936ca4058d17ceff0ad72ffd721ec87e76a7df8066fb10110a8ae7bf311d5c27
SHA512 205eae74837c601e459ba5d7a994f3ba76b279ca67ffc8d694d9b75baf72bedaf72f18443417010c19fd3c97560aa7c1284b319a738afea5a2402d7763fb1674

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_it.dll

MD5 49a37b39ed5f6fc7f8ed271afb7b4b00
SHA1 e688384442cf0c87d95afe2dd4ac9219e2ac6862
SHA256 d6a2194ed9fc11cf4ee229d6282225e732594c345b3a948d78e1e25287e2bb92
SHA512 d75608306a0b44a1a6c8264804fc77dda034a83a2e1198a982a388b99e595687aa2b1c34d49f4ebc92b05f4932319eb0f66caa5d749e1a8f0b33b51a379367aa

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_is.dll

MD5 d9bd75ad7a3a353cee9c40044ce5b794
SHA1 5cfae92b010c7f15c0de3faa2d556501077eba6c
SHA256 569ae0a08a78a956848b5a468247a02a0a0917657de3dfd17ebd67cfc929f38d
SHA512 256c11f9c5adc1efb11a3eb0807226afe72bdf02e6657104001b11c12961accd2e9ce4b7c6f8ec8dc577f8b25d6049f18f143786f2b9b5b2b9b6f14bb480b7ee

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_id.dll

MD5 e8706af39491f7a579a4a03d7e97ee86
SHA1 2f0cb0de6a34f368803003bc33f260137741d525
SHA256 15dbad35e7fa0dcf3ac2f08adbfb56981e3365f91d801c71f913fc0ab7c4cb52
SHA512 b3544f99cbfd0dec7bd2b9169364cb2daac8aa388f24f27862de71e4bcf40a24ae42900510aad30cdcfddd0594b62083ce67c9b573c8fe3a3055873ffab7297a

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_hu.dll

MD5 5601a611f2801a57025ac0f6725ce7e3
SHA1 bd2f8d12a70b19546adfd22fe6a590a4274d2669
SHA256 bd765a07250856c9ecb5a8319f04b9bdf4d2251827324ab5066b3d731b18ac18
SHA512 41ea26924ebf780e5d91ff8e5383d31b04076197b43ba964860556484b845e0590bf4cd805876cafb7cfb3082002cb35454bfc34c55e17113d9778a73182bc38

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_hr.dll

MD5 b9114cc4de1128c5156e3afc7f8123f0
SHA1 ff0fe96553ade4200d68305dd2e694dc91a2995d
SHA256 2846c112a3f0a3c6b050fbac7ea96dd3733f117068a5cccc8b6cf16ede9d4c47
SHA512 3bb6519556cef59d91ad92e11987ae6a36c9436cee5fe79b2a08b24fbbc04207c1114d466c0dc05f63221b368cd13b818b0c87188feb2511716a2ad75675a478

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_hi.dll

MD5 8d62d3b71591fcb40f59b6d0f651614d
SHA1 2c7b1831cead9e2acb85cebaf1c2c53784476f38
SHA256 ad368ca65db3e0a9417634d6bd2ac81c38858f875c1cdc6d641c2389b99d5a59
SHA512 9ad0a199148eb21927c1ee3976fde7be2968063955b1a5526fe18b62bc12c3b4d6e2d7dad7b5b1e8f76937733ae4a38289a32bcebfe60ab50f0f80648ce80711

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_gu.dll

MD5 9acb142c6097bef9a56847eaff078a5c
SHA1 d69d206d06dcf09b46b0e8bb47c177cb2a5bd8e6
SHA256 125b6ee3b4fee064eabc9baf671a366e4e88f68c97e582972cf741d914284628
SHA512 49f06023c4c70b75aabb81b586114704bc905480f4c0978e8d4315c232ea0b5d7d9545b7d02a9b24b71f72b066e926839908e2ace1ccf245716e6ef2fcf1193c

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_sl.dll

MD5 10c0234687254950bb93f7c379c1da49
SHA1 45b21d2531ca4f8ed67767c3e813b3a5f51845d3
SHA256 0eaf7f8721f2b51d10ff36c1ef0bc7cd958b351a81a720e0b8908f93048fb88d
SHA512 1a6ea2cdc3b55618f8145ba957089f01c613e407797256fa540a7ac9723a216419463a07a0a99fdc62d827dccc5f6290f84e79b21e810ded9f990331e422d70d

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_sk.dll

MD5 59e7c6d09737f36d43dc66cf6550109b
SHA1 4bdc91ba8fc182ed213345e49b2806918cc03712
SHA256 99c406740386846de02fd0b8af6d63b1b6de586f0d3125846b904c8b2f35ffef
SHA512 bbac8e066927efb40545e2d474dad921dca646407e2bb2360f6f7802e0cbfb71c4b60ae8eca6c13b49cbe469141a301194cc43cb12464e1e826c56ba0a04e4cd

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_ru.dll

MD5 6534fdfc9541218c0cc45450ff5cf322
SHA1 e34f0094597907895db8e5460a2177231c4e3c82
SHA256 08fb286a2823fef7a25b8359beef81f6f1ba65de7a9e76ca598612a981e3bc8e
SHA512 4c86efbab153ef7fd06f5283737f1859cf6f10dc3f64d36684ab0cd81d3eb5b2a7ac2fbe6c1ef2f21c3eceb67694560894e162e57dfa1e177a64d67cd8537e52

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_ro.dll

MD5 dd97a63df7ddfc0ed38f09dcfb8f31f8
SHA1 ed049d9162f9216ee6b440ede178af8ae489501c
SHA256 69333435afbc6821a0f40497466f98fa8e20a10ee928b2a85ec711ac77d7442c
SHA512 f2b99a9fde86c21bf99423d1686a0d9a7d4a064ae9b648346db65ec071e86e6070b0bd72d24a2806a316108ed7cb9b1bdfe8713e1c8f661bd66ef5f540e1207c

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_pt-PT.dll

MD5 82ef6ec70333a490acfa9e46680a5d50
SHA1 7dee942e0af205b0d5e65a237fcb571602080d61
SHA256 21193d4beead2b2d43ad2417219018803103b5e0db94273005c0f480c3ef5d73
SHA512 c819ba1f42fbf11e446dcd2e4a51e9f2d607a941d0380768747286d0f8dcc7872fd76669f411a4a61e9e0417aae4e2d6085611abae62777feac6e9a4e1cd6061

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_pt-BR.dll

MD5 9dd85190c1ca43e4ea964f6695f34865
SHA1 f0c597a48312d55a6b820eeea05747b99d815a96
SHA256 ee5403a3ea60d3308d4999e6092aa4ad80fec2a90a701e7ede44f29298c48737
SHA512 3ba6b4143dfd3be9f9f5cf4d80e54f99bc68976f7bb662f97bccc80bc1789494a35fa958921589d65131d5cb1784fd09c48f7bbe940ced165ef4b0dc9afb998b

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_pl.dll

MD5 355fe9ce9db81686db356a30c17212a4
SHA1 6eb7892a5ab482f9f2e4c91dc12700e1e0eeffac
SHA256 5a6d70da9a5ebae1d28d8fa97ec40e40b271d5386648a5d00e28d49fd41a2bb0
SHA512 b76653623bbef763639ab79f75173811962727b677bfd359952224d61a4537f8ec8067ce9281145f1500d68b4133792c1a03beae9708067d3a57bf2138e63d9b

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_no.dll

MD5 9efb18e27e49361b5ca0fe4eebb286b2
SHA1 7e522beabde6ad87aec419f4c26395c64d8382a8
SHA256 3c066ff77d407ad1547372027f0c569ff65b06f1a5e34ed578ab9e6b87ce4876
SHA512 5c034c37801cea6fa3219d24f81b62bd416e4ce2e9102285be34ade76d80ed0229d7951c8b4626e2aa602991a8ba5424c2409a50f9dc8909d335a84d6bccc52b

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_nl.dll

MD5 092df8fbd33220a72d1a81745cd61722
SHA1 16ee50224dc792a144dd8445c1b1017f0b22d252
SHA256 001666ead47d5efa71ccfa9818269e137f0c4ad90f32d758a9e6d9bc4560bb9d
SHA512 d2da63cfb76879745de3d2b537673f584bd2f28fca9582a8476f78b69ae0caa156085b61c33f03737748b942a1196ec0f1a4628766ad85ad6de60c6d68cb5ea2

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_ms.dll

MD5 7f3113def8e50c086bbe84273477bad4
SHA1 f29165a7988ed9b46fa162b02cbc58e3baf9dc8d
SHA256 60821a3672d3170f4d2e230e4c72aa3fef58cdeea16d0af22b5c2077bd76750a
SHA512 3fb6f5ea722e81ccfbaf01110fa341f8299a81b71ae072f52d11e2c8b3bcf202175f9c8e176c289aeac9d405d9919e406ae75929a942b52f49cc52a0858611dd

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_mr.dll

MD5 b7479d97664ff3f68883a4665ad46f03
SHA1 fed7419a8408adecd531d6f7e1a24bfbbb97a25b
SHA256 d8b54b04a01467927702a439f875de02577721da3d6b393fc9b6d5f81f0e363b
SHA512 3885c46f4763961ac41ecf4e33ef67f560b14672087894bc0d72b6fdf1e73feecc5a4990f0df52759032085ae4b9cf918355010954166614b18e3cfed2e82645

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_ml.dll

MD5 1a68c9a98363c381f08922f560250758
SHA1 5c8fab19a6fce550c541ddae84c1ed1eeb1d9a8f
SHA256 2a308897298977866c0199c137f679773ed63ed703b1286d07cf0e1de45225f1
SHA512 c22490c4660ba897c34eaf2f1681b9ef713bb8da72969db4a462ec8f639eef1a3403a7cbafe8f86906d69a4c716e8d638caf89aa9911996d1d1600b0659bce07

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_lv.dll

MD5 dd5164441187cd34cf6b4571ad06b02f
SHA1 12acf5a1184c074ef04b52f2e855866b815fe61f
SHA256 df49a28d88b5a20f2bd26fe17fd049a04baa5c27c0c9d96203335c4ee52d4413
SHA512 c1bb517c682f211f6894c06810bf13079dabbc1912d8f6932746c0dc774b1ad836c21cb2e7f19f7575eb4ba989644f7806f13fca2653dab7b44960a567788a57

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_lt.dll

MD5 979ddd15d4625f2d9442308ac23b093e
SHA1 41bdaf8e7930a788e72b2e8d812d3ad8cc9614d9
SHA256 546ec90e214472e91048428924aea9853eb1a0baea8fca9af87f5b4640440078
SHA512 148e0c38279d1ae560713fa4c0f2bf1c0245b6971d71d7b4a2cf44c4d512ad1fc8a9cb33ce7554f4a4855cc0ef319c6e72784cb2c4b87b324990ba945c31ef9f

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_fr.dll

MD5 048033bd00459d6a545744ba1d46ab45
SHA1 1f9cb02b84da6b603b8be9a717f4ae3f32cb3f4a
SHA256 52099330cdfdb45b04db7bc0b2003762906afdca4ce16e7a33f0b4f7aebefe7b
SHA512 66a676c37e03dd326777534aba889410a6ecf43e17a5f5736415a5be179d4f8aefd626a1f28b4869d3dd17a296b04eaa88d20c90796f9a9cfc3899007a08748c

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_fil.dll

MD5 b039877936c8bc88efd93656e8e2fc3a
SHA1 b27e928267e2b7085e45cf6f450ba8bcc0af66e2
SHA256 7ffa28c0273c63aad16d3ac3419144f5bb8ce3484be73c45130927aa3ada6e43
SHA512 26992d60966d56b64b0ca2047f9149bbac8e6522d14ac2a9b2a4e57d5991f26a050e02fcb475243f0787221fc2307d5523f2c33b6abc3f6c7aa5daa1938f67f3

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_fi.dll

MD5 0ff6b7be8cceae26bd9ade3914b987c3
SHA1 6bb771e7c844ca501cbd1a05c0c19bb2078a784b
SHA256 52e75123d0c6ca6904a613aebef15dc9e662a7296089923ea690b4e627e5cbe9
SHA512 98e13a07d13691eb113ae63eff36c7c9041582ddfffb26f3918c0e87f484315930a0e924868c83dab46349bc09dddcb5bf0ae7a01155d9b1e2d90aba5ac4834b

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_fa.dll

MD5 66e75aac042e5776513c1a20f360df78
SHA1 2916825a831048eae55402371591221be27eba3b
SHA256 2528329f2177422671714b67c9d292e681791c26e6fca8d3e99d92434f23d686
SHA512 6985d5004b6e919b7977c608be044004d2c1aafe1f855dd4b47dedb2f3a22cb04608df2c6079480b7cb3d08f8605c8aad1b3279c78482afd44280db143508839

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_es-419.dll

MD5 4a28036303c7f36827a757d0950669b1
SHA1 af5fa8d2dbbd8f8bdac508f187731cf33ff8b960
SHA256 0047475c9353a570604d437d8985cebc7230b26f010ef30f4176f93f0c2361b4
SHA512 b5eaf77b729142abc233974c3900c39cd75fd2252e8ed49059bfe607d2b1c74b28f347b86793aa8e5a12c87701bfce8e9c87d34e262df7be559ecbd0f56e9c0f

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_es.dll

MD5 f49411f7f8feb475ee096db6a5938290
SHA1 6926ddaf08b3f701fb357f032e76bb33e63f50f0
SHA256 e7a76d367bffea50a8f0b2f8daee91b3e5250431127a9dfdaa25980c39b22573
SHA512 0f95d6cf92882a30dedf4b51bda94cff87da327843569aa4f3c763fa2c658378795adaedbc3d93958128376e51d2d0792958def24a2e19c57d6717153d3512ff

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_en.dll

MD5 0d30a76bbcbc637382fad5a927297a2f
SHA1 39dbd1bcb5372e06aa4ffa3a6fe0010bf8652517
SHA256 dc22cbd055cfae79301c7906ca1e2a1e926aaf943fb11d8060b91202bd5759aa
SHA512 1d73f9a223ff1d292a4886c1377a2dca0459b6f757f814d73e66746f25b4e97fbaf90188d96cc1829bc9a288b5a118ff472fabb1c401994b1524d70e92953f8d

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_el.dll

MD5 59ba1742a224cb96c89ca335ff208409
SHA1 2b595feed6efe926cc87c16534c3b8bafc511cdb
SHA256 2836ec2d0830b66f281d65cb24f9ea2311e6464f13d4d0e41547be5ce994582e
SHA512 a4e7bd47af97387ef0828daa4d1b6f820faef02c28e77dda0da08e0a4766f2beac42d4ac5dfec82e7c3fd1a39e9d6a1359d45750ebce4c0e6722567b1df6e919

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_de.dll

MD5 c1dd450c8f536604579902fb23013233
SHA1 ae60094a4a1a2a33624a65b0ce3132a77de6c6e6
SHA256 a8422f753e831ea71c41867cfdc767fcbc05874fc039a0101bd05c571f8d822b
SHA512 35ab265a6363856e40156185bffb93d6481ea321f63a033160847cb88cc0764a18f14f9a72265e2f1f9caeff4702efdd147a46b23614fce090e08b78cd3ebc4f

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_da.dll

MD5 13bb66cf80aea019219f9181496b5b74
SHA1 8bbd83fff1bcdc01e93ed263b8564519a7c6fe7c
SHA256 c9e878e8c3a2ebe17df25c3406a0c449d93e56620e3006e83ce777952f47a488
SHA512 e7c84e8c600767cb4df43b9ed1c5220becde79c32f832158bd78368ec9b04422f272715bbca5a261da967fcb019dbf01d154467c77d2775e46e19ab3f6d64f9c

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_cs.dll

MD5 8041b1db1f5a00dc1a617f02d9cd9744
SHA1 963bb4e81134089d12b26ad1631bb0825e9b8fa3
SHA256 c823d54a7777e3cb0ff2bbec829833f0ad5bfbe58290af02e0f85a877db50fb7
SHA512 bfa81a184e2985e2755c941137562c40ad4903a9b883f84471ff10636c363be909db0044bb4320c1fb615303ee375d64675a894abe08414ff1c0a5da0e22d450

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_ca.dll

MD5 ba783ac59839551280618c83c760d583
SHA1 53d1d10955e322a6135b047eecd88a4815f9b6da
SHA256 c2d15f8da32907d8cea1aaa0d51f16bc692a74141fdace43a84c78647433a086
SHA512 a635d52c20164a02dc3fc4ddb961bf36177014e0cb27e50588013a0e9f3787194de3c9da160672b62b25eb94ddcea366bcaa44b6bfa593da77c97aba48f8a50b

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_bn.dll

MD5 64ed14e0070b720fcefe89e2ab323604
SHA1 495c858c55151e2400a1a72023aa62216033f928
SHA256 635f3a7fd3c1f62eb91117189ac84e1a1e5c3a8e104863d125c16e8be570e3d1
SHA512 4fab73de11e595c7e4edd9a66137f8e7b0b13db1799dbe4c10dd766783079d38d560c6cc1bf9af4bc1abd71f1706643bd9a31c0f58e55df3d0dd7d739e1480b7

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_bg.dll

MD5 0d7125b1bda74781d8f1536e43eb0940
SHA1 39818cacce52ff2edfb2a065beb376d43fdb0a93
SHA256 00dfe30f3e747b5788f7ae89b390e63760561a411b7e39257376cd13700a1e0b
SHA512 c34d7405acceb7186cf63e75083981b9230d2755e207fdfd1dbce7d59a96f30ec04c28c12dbe0ed96fb595c63dec8819c08d406840787d9b9797568fbf50dec2

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_ar.dll

MD5 d1c81b89825de4391f3039d8f9305097
SHA1 ecfcf4b50dfbb460e1d107f9d21dd60030bf18c3
SHA256 597fe53d87f8aa43b7e2deb4a729fc77131e4a2b79dc2686e8b86cc96989428e
SHA512 a2be34c226c0a596efa78240984147196a4de8c93187af5835f0cec90ed89e7dffd7030cd27e7a1f1bd7f26d99322e785e195f5d41bf22e00c4af08270699642

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_am.dll

MD5 46f8834dd275c0c165d4e57e0f074310
SHA1 7acbfb7e88e9e29e2dc45083f94a95a409f03109
SHA256 91ac6c9686d339baa0056b1260f4fd1394ce965b1957aa485e83ae73492f46b5
SHA512 b615fe41b226273693da423969a834b72c5148f5438e7a782d39191ad3013e2abfa10d651fa2ded878abb118e31831dc7dec51729b3235cebb2b5d7f3ba2ade1

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\goopdateres_et.dll

MD5 6d9e77d00e750d6c56784bd03dfe7137
SHA1 e0c8e15adfb6b3efdc2eb1f7f3fbf5301d185ee6
SHA256 feececd2144da0f8d7006695f2e915fef34b1cf1c00c867e2a08cf8d9e5b5bc5
SHA512 8082e6bbf590212cdfd5b844557b66702e60220cd02d5850fb821a4a6527d4d5e82f1fa7595fab01f76090e8992ebab92de614205db4413ffb6bc48c9c10f185

C:\Program Files (x86)\Google\Temp\GUM9173.tmp\GoogleUpdateComRegisterShell64.exe

MD5 0fe3644c905d5547b3a855b2dc3db469
SHA1 80b38b7860a341f049f03bd5a61782ff7468eac7
SHA256 7d5c0ed6617dbc1b78d2994a6e5bbda474b5f4814d4a34d41f844ce9a3a4eb66
SHA512 e2cf9e61c290599f8f92214fae67cce23206a907c0ab27a25be5d70f05d610a326395900b8ed8ed54f9ecbddfd1b890f10280d00dbcdad72e0272d23f0db1e53

C:\Users\Admin\AppData\Local\Temp\HD_X.dat

MD5 4256e159d84900202b80f998b0d24d51
SHA1 d5fa1d523eab526d025c61404aa7340fd771e153
SHA256 e741c94ecfcf316b573ea23d9a0d3c0b63efa570329353a7e12e8012af545777
SHA512 a2f80d6460e6165dcc6215c7493b71a0d8ace7850f7f034e4b514bf6f6bc8cc9cf2290ebce1bf8e4a9ce270734f6d6223890d639f528e73c830d01d328a1b30c

C:\Program Files\Google\Chrome\Application\131.0.6778.70\Installer\setup.exe

MD5 1b71bae8bb7536b2f4a9b240720763d8
SHA1 628bd4608a0fa1c11388c9aa500174e9af05625a
SHA256 b8c6e44308a0282dde16d7a8206ecdb43fe2a25697a6b074d5ec0e1fc997064c
SHA512 3b893a3508d9b0fa59e00da2c9307868c13b9fb86086ffb16145fe0703b5a1d1cd3ee4b098f76373d46736c6142f90807854640264843490a58e770c135c2a45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 323c7fcea1fee57dacd5df981a6ff64e
SHA1 7ac428aec1d6b82b8c7d720d9661c493ef37a6c8
SHA256 cbc722d2ea5a9cea32ad2e0712d4a6a502068763f94779a144d8b7288a1c4d61
SHA512 60f4b1119d45c6ca406badf5f01649d272e205efe88c35b31e84f9beeee1359d61769cf6d357d1d15d1259ae199a22ffca39d76a54e890e4fd00861450e62965

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fd13cf7529bd00779fc0454dcaa0a1bb
SHA1 a905e3c1c09f2a936aa86ba7ae775a65c091515c
SHA256 67943a5ae83e6bfe40eb4128b18195e1a9f15d7a4581231d4d1302b4692824f8
SHA512 fb1e42b636acf6f25fe322385fc8bd3573e876a9d4b807302dc58fdfe4a6d94590c38321b5e4edcedf2bd3fb1bbb4221954415b5a638035b9146106bbb548436

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\df097c29-8eef-49d5-b360-95ff0aa54d1e.tmp

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir2688_452813176\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 9522d2ff6c9e90affb99c93d86b0b018
SHA1 898e3904da4d3f56e0ee2ff1520224a521be48c2
SHA256 c8ba22280f759f595e2dc99af4b385c5916bf3508ac58531c7628908368bddef
SHA512 bb10e708d284441633a05fe2c6a05a842556543d45fce2a677a5c0ad1066687a1c723679ca52a41150272a5d0ce385f12e9fa7b8f26cd1d75863e424ffd29728

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 24f9290f970bf857e2dd46ded1f483df
SHA1 e9cf6fd52e5dbfbea44caff1b806ddad50a8b128
SHA256 cb7b9eb86b79e1e895c4c26de6c6f59c0d8850d96f766b818c53d2bcac90693f
SHA512 b8dfb6e9ed52d758174e4a8ffb6d3bf64becaa338da8075846f4f8c11e6fd6f373faf186c0903bca5e3bc2e0d9a08949c1006258ccaf5e5d201432959c2c64d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 016a5c8e7e576eb00710b93b4c511232
SHA1 d0544130cc34cc00d8c69f8f135371913cef588a
SHA256 6eb81abdc684aad4fd6c974229158554e071a4c9f74fdbb1ce7dd8c5ecb73799
SHA512 ce625bd8022ba079fcf3b1a7c10b5b588580f2c9e55e9a8ab1cfa1a796ea0a81c62937526558dab45e99c3913629b78321353035c191421fb6d12d406604933e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 666b2f8a5c714ec2894a7058678852e9
SHA1 a758d1b694dda68a2595f080987d31e811799184
SHA256 3e0ae772b8dab130fade3244ba89567442972e9ef018dae597f31a60e6fff7f8
SHA512 4d573922330d0766dbf75d41d46b4bf03b7263b51e42efe62f3d3739b004566a3fe5989e82b3df2534ab5a94bd341d8ba802cb17701eb967f623bbbed2ac5346

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 29d6fcebe89ec9cfd73d0506a8b51acb
SHA1 523c1659fe55eb6c2ffc9144f7649708f1b093fd
SHA256 817514963e722ca8e5fceeec998c822fc7de4234025af5ccb50da4e48ac66d50
SHA512 77e7709725ccb221f40dd3d8a3158ea94ae79c50248de95fddcee147d7a6161ebfa94505220d96a72599b42d26c2753f5ae94e01d72882261357d82fb5382a9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0e35b51c80639498224a5618a2f44a9a
SHA1 631743f0ed41c75e1671762993471953314986fa
SHA256 bb169a71078c552b568616916b2d4ccb07107113c0fb317df2645206bad6c26e
SHA512 68061a607b60fe3d1f73b7baa4c584d1a85307332b94d3bcfa10f9a5f19243e803d907f788a27d100ba092c881ddcf37632517d7152d67905a313bce5d17010a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 71d2a7a7c3d52d0768bc24f1c5057172
SHA1 960af05eb1e2dc55748fdcf2b4ee4a388b5dd34d
SHA256 962022f6a12cc4ac164aa4625c429d81f26707b0154c66ebcd9ae46cb8f0baec
SHA512 7967254cf5bb17b66c4a634500565d27be002bc482e07d6713bc7850bb3311ad3bf1bcdc61dbf84c51c939c25bbb0161c1bfbfb4345726cc3741e4b469ca6aab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d7d819839196170d5b4741a044a4144d
SHA1 bf99946fd6fdfb43ce2f6a50884eda5accb92683
SHA256 52f0e8a9fe8acd3d340b47c53e1017a7429f88e2b272e70c68bf3e842a9ab33b
SHA512 1fd7b8ebc49c8cabbc95d3e758546e4e92e2d632f15db6ff8ffbc48fcb6bfe194809de020c76e5daa434295ecce8e6334cbb931010444b38bc2d1f120e8bfa56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e646383dd714835738f387150b7be67d
SHA1 b035ec285d4458f35a5047382a39bea5bd645d7d
SHA256 32968290c287a7dad12cd0e34020c369ca695d05c47a85fbc9c27d6ef2e93b4b
SHA512 8850b0a88165b4c4c8cffde141d30649dbdacb2dfa81ce7b14842d4e3c07a2cb560c4c27334a685d874e0956f0bb84f9cc269e512217f4459d88543d11f00905