Malware Analysis Report

2025-01-23 13:14

Sample ID 241220-req72axrbn
Target google-sketchup-7-0-10247-GoogleSketchUpWEN.exe
SHA256 027ed0df016c1b2263aea59946f567bd089163f7cfefa03104a39d8ce63911f2
Tags
cryptone discovery packer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

027ed0df016c1b2263aea59946f567bd089163f7cfefa03104a39d8ce63911f2

Threat Level: Likely malicious

The file google-sketchup-7-0-10247-GoogleSketchUpWEN.exe was found to be: Likely malicious.

Malicious Activity Summary

cryptone discovery packer

CryptOne packer

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-20 14:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-20 14:06

Reported

2024-12-20 14:13

Platform

win10v2004-20241007-fr

Max time kernel

360s

Max time network

363s

Command Line

"C:\Users\Admin\AppData\Local\Temp\google-sketchup-7-0-10247-GoogleSketchUpWEN.exe"

Signatures

CryptOne packer

cryptone packer
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\mscomct2.ocx C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_J24.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_L12.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0100_SteelBlue.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_J16.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\eula.rtf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0090_LightCyan.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0134_DimGray.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Color Sets\Mint Green.style C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Tools\DynamicComponents\images\tabs.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Markers\Cobalt.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Markers\Sky.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\23006\index.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_G17.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Fencing\Fencing_Picket_Concave.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Default Styles\09Design Style.style C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Stone\Stone_Granite_Midnite.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_B08.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_D24.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0002_MediumVioletRed.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0056_Yellow.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Translucent\Translucent_Glass_Block_Dark.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_D13.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_H12.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21126\index.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Sketchy Edges\Marker Super Fine.style C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\10523\images\animation-pan.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0004_HotPink.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Groundcover\Groundcover_Sand_Raked.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Metal\Metal_Embossed.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_H20.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_K15.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Assorted Styles\01PSO Vignette.style C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Tools\DynamicComponents\images\manager_tool.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_B23.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_I01.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Straight Lines\Straight Lines 02pix.style C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_E10.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Default Styles\01Wireframe.style C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Tools\Sandbox\fromscratch.rbs C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Roofing\Roofing_Tile_Spanish.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Markers\WarmGray1.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_I08.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Fencing\Fencing_Diamond_Mesh.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Sketchy\Sketchy_Siding_Scale.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Tools\Sandbox\images\tbcontourslarge.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Translucent\Translucent_Glass_Tinted.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Blinds\Blinds_Weave.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Default Styles\04Shaded with textures.style C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_C25.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Fencing\Fencing_Mesh_Blue.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Metal\Metal_Steel_Textured.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Markers\CoolGray6.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_D09.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_D12.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_K25.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\DD_AcisRenderer_2.04_8.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_A21.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0030_OldLace.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Sketchy\Sketchy_Lines_Wavy_Vertical.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Straight Lines\Straight Lines 03pix.style C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Styles.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Markers\CoolGray4.skm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Tools\DynamicComponents\ruby\dcloader.rb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0120_Orchid.skm C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\e57edbb.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750688.2\msvcm80.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750688.2\msvcp80.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750578.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E5D52570-5EF1-4576-A434-6CCD92268F0F}\SketchUpIcon.87141840_2563_4894_A918_67E5C9B30163 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750578.0\ATL80.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750672.0\8.0.50727.762.cat C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF59C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750688.1\8.0.50727.762.policy C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750688.0\8.0.50727.762.policy C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\WinSxS\InstallTemp\20241220140750578.0 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750688.2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750703.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750703.0\mfc80.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750703.0\mfcm80u.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57edbd.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750688.0\8.0.50727.762.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750688.2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750703.0\mfc80u.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750703.0\mfcm80.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E5D52570-5EF1-4576-A434-6CCD92268F0F}\SketchUpIcon.87141840_2563_4894_A918_67E5C9B30163 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\WinSxS\InstallTemp\20241220140750672.0 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\WinSxS\InstallTemp\20241220140750703.0 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57edbb.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750578.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.manifest C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750703.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.manifest C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\WinSxS\InstallTemp\20241220140750688.1 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750672.0\8.0.50727.762.policy C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750688.2\msvcr80.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\WinSxS\InstallTemp\20241220140750688.0 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\WinSxS\InstallTemp\20241220140750688.2 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF28E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{E5D52570-5EF1-4576-A434-6CCD92268F0F} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20241220140750688.1\8.0.50727.762.cat C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\google-sketchup-7-0-10247-GoogleSketchUpWEN.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000038a6760542cf76680000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000038a676050000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090038a67605000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d38a67605000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000038a6760500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\DisplayName = "Google" C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\URL = "http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp N/A
Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "234" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32\ = "\"C:\\Windows\\SysWOW64\\mscomct2.ocx\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSComCtl2.UpDown.2\CLSID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\07525D5E1FE567544A43C6DC2962F8F0\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32\ = "\"C:\\Windows\\SysWOW64\\mscomct2.ocx\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\TypeLib\ = "{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComCtl2.FlatScrollBar.2\CLSID\ = "{FE38753A-44A3-11D1-B5B7-0000C09000C4}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{20DD1B9B-87C4-11D1-8BE3-0000F8754DA1}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\MiscStatus\1 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComCtl2.DTPicker\CurVer\ = "MSComCtl2.DTPicker.2" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComCtl2.MonthView\CurVer\ = "MSComCtl2.MonthView.2" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32\ = "C:\\Windows\\SysWOW64\\mscomct2.ocx, 1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5214877-E8F1-47E7-95D3-3BD95C1F6D8C}\TypeLib\Version = "1.0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\MiscStatus\1\ = "131473" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\ = "UpDown Scrolling Property Page Object" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\07525D5E1FE567544A43C6DC2962F8F0\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SketchUp.ShellExtension\CLSID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\Version C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\ = "Microsoft UpDown Control, version 6.0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32\ = "C:\\Windows\\SysWOW64\\mscomct2.ocx, 5" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE387538-44A3-11D1-B5B7-0000C09000C4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}\2.0\0\win32\ = "C:\\Windows\\SysWOW64\\mscomct2.ocx" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\VersionIndependentProgID\ = "MSComCtl2.DTPicker" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{FBD46897-D37D-484F-A4BF-B48EE41F0348}\1.0\HELPDIR C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\VersionIndependentProgID\ = "MSComCtl2.UpDown" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\ = "Flat Scrollbar General Property Page Object" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\07525D5E1FE567544A43C6DC2962F8F0\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\07525D5E1FE567544A43C6DC2962F8F0\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\7zS7697.tmp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\VersionIndependentProgID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\ProgID C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{232E4569-87C3-11D1-8BE3-0000F8754DA1}\ = "DMonthViewEvents" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBD46897-D37D-484F-A4BF-B48EE41F0348}\1.0\ = "ThumbsUp 1.0 Type Library" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{FBD46897-D37D-484F-A4BF-B48EE41F0348}\1.0\0\win32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{B09DE713-87C1-11D1-8BE3-0000F8754DA1} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSComCtl2.FlatScrollBar C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}\TypeLib\ = "{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{603C7E7E-87C2-11D1-8BE3-0000F8754DA1}\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE387539-44A3-11D1-B5B7-0000C09000C4}\TypeLib\ = "{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\ProgID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBD46897-D37D-484F-A4BF-B48EE41F0348} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\07525D5E1FE567544A43C6DC2962F8F0\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7zS7697.tmp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{20DD1B9B-87C4-11D1-8BE3-0000F8754DA1}\ProxyStubClsid C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B09DE714-87C1-11D1-8BE3-0000F8754DA1}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\MiscStatus\1 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBD46897-D37D-484F-A4BF-B48EE41F0348}\1.0\0 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{232E4569-87C3-11D1-8BE3-0000F8754DA1}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{A86C8053-587B-4DFB-A5E2-54E9803E4463} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\ProgID\ = "MSComCtl2.DTPicker.2" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\MiscStatus\1 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SketchUp.ShellExtension C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.skp\SketchUp.Document C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\MiscStatus\ = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\ProgID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSComCtl2.Animation\CLSID C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B09DE714-87C1-11D1-8BE3-0000F8754DA1}\ = "DAnimationEvents" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\MiscStatus\1 C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1500 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\google-sketchup-7-0-10247-GoogleSketchUpWEN.exe C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe
PID 1500 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\google-sketchup-7-0-10247-GoogleSketchUpWEN.exe C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe
PID 1500 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\google-sketchup-7-0-10247-GoogleSketchUpWEN.exe C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe
PID 3748 wrote to memory of 4544 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 3748 wrote to memory of 4544 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 3748 wrote to memory of 2520 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3748 wrote to memory of 2520 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3748 wrote to memory of 2520 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2288 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp
PID 2288 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp
PID 2288 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp
PID 1532 wrote to memory of 228 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\shutdown.exe
PID 1532 wrote to memory of 228 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\shutdown.exe
PID 1532 wrote to memory of 436 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\shutdown.exe
PID 1532 wrote to memory of 436 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\shutdown.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\google-sketchup-7-0-10247-GoogleSketchUpWEN.exe

"C:\Users\Admin\AppData\Local\Temp\google-sketchup-7-0-10247-GoogleSketchUpWEN.exe"

C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe

.\setup.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 24077D3981AAF5731B33FEAC09DFA9C7

C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp

"C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp" -setds

C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe

"C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe"

C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe

"C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe"

C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe

"C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe"

C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe

"C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe"

C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe

"C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\shutdown.exe

shutdown

C:\Windows\system32\shutdown.exe

shutdown /s

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa38fc055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe

MD5 c2a4f08b839814809c3dabb7bd8f7dc7
SHA1 100f1e31465b1c660a7d4ce8f4b650d96bc2a9a0
SHA256 0cd9f4ddc4b8be1edf85eea0adb52ca635d16ac371240d6599f7e5051a3c663a
SHA512 0f54d8435668a791edea56eb153db4cf7bb70f8cdac987f8cc3f217a041ad76a298cd5b5cf5fc21bd683b67d64e9ab8c8816ebf2987797a83c606551ddc879f9

C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\GoogleSketchUp7.msi

MD5 44f5ade09c2a1d78a91e0f5fc46025d6
SHA1 f14a6c9a20f776720eb630b9f83e59f7a6a70965
SHA256 4cb1c3d1db0ea5892ad5781dab782cc795a2404be74c16a64a7043afda10f53c
SHA512 0a7ce48e7b97dfb2efe4b9f84a2a66626868578d2386f5617414947152db1b45a6a601d26d0964456fe10b480fd6bc92a3e070bef1aeff2cef1eed1bb65cc868

C:\Windows\Installer\MSIF28E.tmp

MD5 85221b3bcba8dbe4b4a46581aa49f760
SHA1 746645c92594bfc739f77812d67cfd85f4b92474
SHA256 f6e34a4550e499346f5ab1d245508f16bf765ff24c4988984b89e049ca55737f
SHA512 060e35c4de14a03a2cda313f968e372291866cc4acd59977d7a48ac3745494abc54df83fff63cf30be4e10ff69a3b3c8b6c38f43ebd2a8d23d6c86fbee7ba87d

C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe

MD5 67478319968f6ddbc900d6db43ea97a6
SHA1 1f5631a308cd4e19f402a9f4261012d2033d04ad
SHA256 d899edb32093065a9f411a96943217e84c6e383562d0dc5fbea5870d3e9f16e5
SHA512 d26285c9e12ac7c920f0e0bdca435344a712248db474bb358cc54d252ca7561718503788b77f86c0aedcb1c222060a1d53b445903ea14b7ae20d22f87ad42013

\??\Volume{0576a638-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{6f3d0e5f-121c-4b03-b2b0-07972df40cdb}_OnDiskSnapshotProp

MD5 59e4d2f8543e8db1e9e8b863b6e9e4d5
SHA1 87eaac7bc2ff32d9dff0d0e15163517d5867f635
SHA256 ce6164b0d4d641a2f8f63ccdc94ab74c28519209357ff9079032152d831b6377
SHA512 49cfd45c7a90e36764f7e51bc4f057d5b2b0c6924550e80b5dfd21121e12e2a30b2aff2be381cd32c58bf512d960e74fe529be3952cc0d5bb56f21e625ebd2b5

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 ca83265c9b6106a089fe7198ef88003b
SHA1 1e184ef3f281aa4befb4df3629bb02a8da38261a
SHA256 5df1601038f63f20d1c063b0bf300fc43adb9d4ec6a41321605edc94076abc97
SHA512 52d469eff63d288cdda307d8d2b50fea1383c71142ee5d6d29c226d60cab9c0360e8c834a854da4e40f3a426f532826e41aad0335d93cc94cf8d672955079402

C:\Config.Msi\e57edbc.rbs

MD5 35a611fa16786c125db4fb511f2ba352
SHA1 c8bd45f999bb42e2a17110693f27dd0a4e38b6f0
SHA256 258e1b92882e9063104f4076c2f2f98a3e3da67138e39d313a57f0c4c644729f
SHA512 4431f3a3cab3c1ab5a43d3108e146c6de251b3a42fbfe839f395eabe5bd3c1ec53c8e601ea6fe67d683f2e3e0da4327abdbbce733db72eb44065d9a03c676153

C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp

MD5 d8228a92a2e41c9e070fd9a41e65b28d
SHA1 134d1723955ca405d31ebc33602ac2908b5fd254
SHA256 3d95becf182fff5e8d6f8fbda47c7ae062460d4e84830e74295924201a8d24c5
SHA512 db869809b18c004b69d435a93cbe1220a094f18a5f2ef9ab82efc301e40d6d7424c07bff064fdfa3e855f10ee3edbf702543e450c66c80fa2d0acd30b45228c2

C:\Program Files (x86)\Google\Google SketchUp 7\DD_Ge_2.04_8.dll

MD5 b0d64108cef72cd18765f068cad32927
SHA1 c5914fad4709027828b9a6a35536b2e57bf8f459
SHA256 350cda677678cf809ec73af545888afe087f9ac01c4f16aac97ca214b20d829e
SHA512 330f150657b7a2f9cfa59598afcd616767ea22caa56ef8c01a142731d4033c76c19e4f288df29e3270cda9df0fba76ad6fdb8f0e630bac9e83dc7d27257f0b5d

C:\Program Files (x86)\Google\Google SketchUp 7\xerces-c_2_6.dll

MD5 fa735f5185b29ea5f3c3ce1b412a18c4
SHA1 8bce2f8e505281f370b209abb5dd9d5c36954083
SHA256 6fa7bc7fffa7d13f926b6837a739f8c6e81a50ff32903cf4f45f825cd27735e1
SHA512 b96e65f4524b70b17cf57aafcbca4ac504184fe627ffffa644b4143c03ea67f112da0e723e48bd0d05151e98fbc6e3d0b79f2c1a9387502c2afa909e8ea3600a

C:\Program Files (x86)\Google\Google SketchUp 7\msvcrt-ruby18.dll

MD5 27d691b625cb3654bf7134568712a7be
SHA1 beb19c07c5aac8176b3a9585312d41989c971170
SHA256 287e94328841a0f71ef0159595255de8b67f0db9e05289652875d43dd110afc5
SHA512 d9fdef5f5edf5963c06f3492b979139e4a022bb49bd8376f58aa8ecc1d6bb6307c8f3b432214fb3b702511eb47afcf225038bdcb443bf90127a62a7f6e76e887

C:\Program Files (x86)\Google\Google SketchUp 7\DD_Root_2.04_8.dll

MD5 0ccea18e3ed49d9f9f520909b8f91200
SHA1 23483ba7be0cab563f278ab0b74b07176324f6f2
SHA256 de7160a8e33c86f43be0d7f126b852a02eb4f1bdc5282cee86177cf273acd8d3
SHA512 8226eee6b54be8917601225ed109283b783b0d1db35afd95e75494e4fe7263e70a9e6ff59572da2cd0afb0cf0e643c8e0c6ef5dd003ea973081277b1745956de

C:\Program Files (x86)\Google\Google SketchUp 7\DD_Db_2.04_8.dll

MD5 4345d63e22af579e98f17c0e024ab60a
SHA1 94630f676e298faa6a9945b42045aef5c378a35a
SHA256 9fe828ecc1862523f7900b210d583b56d013d968f971b8d473ef42033a521c0d
SHA512 b794d1577221a6a75d81ed0addd59fb7e745ceac6dd557ef9a2710614481e5e1428ddfe322aaf0a759d20a7cb933999e7213281908aa1d47976ca7984d53f7bc

C:\Program Files (x86)\Google\Google SketchUp 7\DD_Alloc_2.04_8.dll

MD5 ac6b5bc268ff2a8a6420bba3975efed0
SHA1 c3037104e9f1b71479705b322aef5c9124bdd295
SHA256 9b5135620b7aa3294ea63b1c66d24e2114620db5b997f26810d31f23cd55c06b
SHA512 2c920824253e9b51efa5f249ae8d2d25781e3bc66e29695b2c07b9c329a26a0aa63028ddda17d35177b50ac6dc95f04adb88ff418308c8428aeef71c79eae872

C:\Program Files (x86)\Google\Google SketchUp 7\BugSplat.dll

MD5 ef7f23961b54e39ad3631677e140d260
SHA1 2d07d699edaeb70e6ed94732fa3d84aa3eab8381
SHA256 7484221b0cb35971ce2628d451ddbd4a39379a6ccf11571c4bde5f769d0d0149
SHA512 1dfc8638967d7e6ce5e47e5e12e642cde2cb2c907ca32d1cc56661ad5af4ac7e3ec3ad353669a15eef9cf4aeb926c556e12771bb391fefec001a64253a15d153

C:\Program Files (x86)\Google\Google SketchUp 7\mpiwin32.dll

MD5 6222ef293b72c508b79e7cb4add80572
SHA1 3c08ef5b784c19266c8ee875ca4fd847985c9f02
SHA256 0c02a79007edb36703d79ae79a356cf2b0ccb117ab16ff429cbbe3ef5bf96a30
SHA512 bcdbed88e398ef238a22e8f93c14603da012228124218be945f0a2c177ede233bc30bae22d77c431e7d7726a84e6acaad7288b4b03d0fe1c7bb1bbcae752669f

C:\Program Files (x86)\Google\Google SketchUp 7\gdal12.dll

MD5 efd24408a5ec262ccc17258038f8b1b9
SHA1 34a3538b0bf8f3e98eb7fb3b0725ccbb0f879b64
SHA256 afdc8ef298c882bf7faa954a90ee1ceebefc3f333841bb240fa3911437060543
SHA512 9fa133f1be6337af518b9dc97bb30043c3f403636a02f254a0786ceb77e513231643b05cd0c8711f8f07005e7927f4924b6d55fe109d8cddc485f07205dd8c73

memory/1020-1128-0x0000000000BA0000-0x0000000000C35000-memory.dmp

memory/1020-1130-0x0000000001780000-0x0000000001E0F000-memory.dmp

memory/1020-1124-0x0000000000AC0000-0x0000000000B96000-memory.dmp

memory/1020-1122-0x0000000000A40000-0x0000000000AB8000-memory.dmp

memory/1020-1118-0x0000000000590000-0x00000000005AC000-memory.dmp

memory/1020-1115-0x00000000009C0000-0x0000000000A20000-memory.dmp

C:\Program Files (x86)\Google\Google SketchUp 7\DD_Gi_2.04_8.dll

MD5 2e688c93086bf5eecd17df0d7de8deb9
SHA1 d80ec005de7ada5eec6da2fc58655c47c549a702
SHA256 37ddfc70b1546171e752195193380ad53251dcb45622648459d4552ffa4f7e4f
SHA512 3817fb04f88d19550079759c6023a15af3a0de5b40a84e1d41081d7dfa35e648dc0751c8575dddc021d6c3a007b4dc33ae8cebdcf8e7cf29c1e93397375c3114

memory/1020-1134-0x0000000000C70000-0x0000000000CE5000-memory.dmp

C:\Program Files (x86)\Google\Google SketchUp 7\Support\SketchUp.dat

MD5 ae2c5cfbdafca40c36e7ba1b8fe2bfd2
SHA1 c1ee2458b7b5d17f1b9b5e8b404485c0ce17ca1e
SHA256 1e209d91610801472ffb56e54f1b849d80e62320a85e3825603ac8e1fc489d5f
SHA512 62c0c9b584430d8adc23310d1f3aab44de12df7d78d9e6e61bafed51ac19969388e215dab2fa19509967288b2a21284e4ebf435f0d633d594d22704b4c8fb4f2

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp01a - Simple.skp

MD5 61639a89c2cfab0b1c1a9aa43adf7997
SHA1 9fefc7e7785a947a71d16746526ea048b9866046
SHA256 630b26ac6112d0ae01c98e9d66626ea340fe28d137fdcfa7ce91100468a120be
SHA512 fdb43501f76b6a756179e67f80b8b0c0ef3b5f8ccd32efb9beb1925220c3190eb683b9e02c09164809faefb35bec94da294dc8e4a17f14dba4a3f280307a3751

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp04a - Engineering.skp

MD5 f62da92dbc5e7e933300fe4817c56d70
SHA1 4dc98e91fdbd3251a7081d4459a84d5a46315d82
SHA256 3589ad721b21118cd8f43b04e7b6dd0a1d0024d4670dea7dfb740863954ce6c3
SHA512 c8130f43262d62ddc62dddb5c89bc28d6b33aa5d920448c845f129befee28ec8cffc6a6f595c344571336d67aee5182262a03331be0a35c00f14d9b9ea76b366

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp03b - GoogleEarth.skp

MD5 85605f2bcf96357a4e4ae3afb6068da6
SHA1 ed57c6cb9e3dcf654f628caabed245d30a283592
SHA256 f2d3b51cb6b03aac9facf2aa306335198ba0a65300353124d3ab6d8a76125de7
SHA512 46bb9a713dce0c1a8e321964d27799c45691f6d33abb617759149f4f8e73562481053064d66ed44cf8d1aa29b6d2bf784da9dfe4bb96cc8ad42c7d16de9cfb63

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp03a - GoogleEarth.skp

MD5 9426e5d4700300f439e7a76d9ea368be
SHA1 688000be4cf149dd02197b760a275194f35a3166
SHA256 5fd79ad1c4300a0f29a762959434a2a40095b2971f8a06452447b9f824cc4749
SHA512 167586338ad6b93ac7c5cc145069db464046fea9d552d2956a208bc54850c08ed07855831e0c59d88da5893e58e9445539b00151e9fa095865b59ec7f0b633d9

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp02b - Arch.skp

MD5 c7b34cac81d3027ad1703124abe6ff02
SHA1 bcb418a934244d27d7f32016dbb5c6aede3c13e7
SHA256 b772f99cf69613e2836e941437be0d8746d7b10c4bcbadf9a80fc623dcf47d55
SHA512 8e09f8dbd2726e0a0d5dc3e86bd8fb6536534d39d08abe646f12f09b594dd62906b4f460ee58fc0cefa533790179d557c152fee906928fa630a8276d1eabb2e9

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp02a - Arch.skp

MD5 1eb4ce9cb965d403957b3b3e616f8a5f
SHA1 b87e3c4f1643fc589f98f3bbdc92f1643304b240
SHA256 bd69c15d2cefd74f49d944236aa0590b99a52cac60c34861206ee2d55486f6ba
SHA512 d333b52ce07c488c5483817fef206ab2a72f76e94b441e2616bdc607223b5043bf9c7c3541e3d08194152d67ad612d0bca03a109b1f1d5807e0ac81698a55528

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp01b - Simple.skp

MD5 3d58a0e4f2bff52018ff07f4c06820f4
SHA1 fdc474844e200a9fdb05149c766f418920d29e52
SHA256 82b9d5a51784a03e636711a6de6654ad05308bdea489aa46fd40468ef26d2058
SHA512 a7dbd432db9f719643a8bd8affa561d193098d5798e2939286f6997b63c14642904ff981972ff043f2306b10e8f2c6d5cecfbd2500791b19b4bf14fca537a3f0

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\i18n.dat

MD5 9031a6ca6290bee6310ec730a638e189
SHA1 5d0c208127a1f18f84ad436ec8b528b930b221d3
SHA256 ceffb68ca8c5c8ff746b5c8e758dda5ca7d08e2f9c543435ff5325af685c4bcf
SHA512 f4853059807b0ad1b5550a4707ed52abbc315b73aa0ccdb73390e32e253f3af7ca92b8e33e1b86e46fb6596bae6510d334a9267aba173f80a59a049990a8c55e

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp06b - plan.skp

MD5 6dc90aa080f6fe9a4a49c0487f610e6d
SHA1 d58e23c4bd74723778690d647ce24fb843f59494
SHA256 e01c98ae879a7dcd39e59956325171fa0cc5436abc5a66616b4950b89d260d7b
SHA512 88eefec20c64a7af92b1e849c7c90fc39c76a78b9ed9a73e51f084ac05e0050e9ceb419ec5501c6316736aac0b92a8cf3c24f6aaf6d6ca664a927a0f7638f065

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp06a - plan.skp

MD5 c5f4a99ec31c313c5c919903b2560a30
SHA1 84a04d2c08c24a7e075469d6f293fc1b67d26948
SHA256 e16046bd8b4dc55626bf3b7558da543711173300cb503be1ab2f23ba1b2f1cbc
SHA512 a373dd06304c6b903bf2c404d131191e34c40f53519522557e0da34aaf83cc99a62b94622098add3131fb7c7722f315aec7a4a26de0ad75a6f3cd7f2c48a1195

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp05b - Design.skp

MD5 e3d70b75f8bc1acc6cadd6beef3f993c
SHA1 748195fb06ca6972ba532aefca17eb8ca8e31c6c
SHA256 654c6b607472cd0721aff626694f5126db4fe6710bfae79d753a003be49e4673
SHA512 d5202cc12357e77931770baa91d2902df488ce674e50794affefb4044bd7cafddd6ce531438fc3199dd3d0240061a377a42e1d6c3390343c57502cf64569a2ef

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp04b - Engineering.skp

MD5 b08086766d05b66f93fd7992240735b6
SHA1 016cd733d1b30c8fdc81021b749e6b7b2c77f17a
SHA256 9b93531f93427e7be202ab83208aa1f7c452c6c798e98209ec4eef17d5cea312
SHA512 57e3891fb89a657ae57062dda96f20c6620a808c69cdfd70a0dd976fe9e503575a7210ae2c575067888cd09ea082858574fd62730445768d1a96bcf968c96322

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp05a - Design.skp

MD5 955312917b58691356b8b6074234c1a5
SHA1 1640365c71a264c67b434b4eccfa0bfecb9cb237
SHA256 6aaffdbc0aaf173bf0b732395156f767479dd02d62d26a6639b930c8786aa954
SHA512 53dd4c4ba2293496b6c5b5c7cdb499bae513e38cc7748bce0a4c84529012639754079c41ce722592d1a1ba32531b04fc7cb046782f88d246c7cf675e42f6f649

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\welcomescreen\learntab.html

MD5 a4d1fc9ea1b11054aa3d9cadbac17a41
SHA1 993ca08a2b6b15fc6946c13f27ec856e5e87eb7a
SHA256 663a70f3feb421878fb10b1c6480cd254a32142916a90b212ddd24ff510268ad
SHA512 3f117e6b907cac2b2effb36a982e5efebe3e12527605ef5d1fe47b9ee1788ddf83b863b4da6065642f6ad75b15056a839ceca3052a785ba8b6f998f1f1a8e57b

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\welcomescreen\images\sketchup-welcome.gif

MD5 ba58a41dffad0550eef13e119ebb20c1
SHA1 008fdfedbf68c5246c5e172ab1f22d0f3b71305e
SHA256 37571b06315bd7c50ae67963e9c1fdab8617460b1c479b96852abede5ffa9717
SHA512 9b1282165e2afec58e26b6e568b9e74444be7584ab1574db5271c2c3b70aec128079eaa6b71790b53bb3d9c0c0afe3f4c88204261134b6d5a4a2a0de76e61279

C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\welcomescreen\images\sketchup-welcome_back.gif

MD5 5e9676c4d1452321865e64395d3ddea7
SHA1 5bcf7ba960d762513c22885bb575b52fff53a961
SHA256 b14edc9e4bbfd1b5f8d5fca17ab60e425f599de00abf44a76b2912bbc33ad36b
SHA512 d832658e79fe992c1e12e372f4636d92f0f29abc8233e71e844be70dcb54b5dada1b21854e8d9dbaf30e1fff5e5112924e6bb2b39ab63cf183a1f7d50d7e02f9

memory/1540-1167-0x0000000001EC0000-0x0000000001F55000-memory.dmp

memory/1540-1168-0x0000000001DE0000-0x0000000001EB6000-memory.dmp

memory/1540-1171-0x0000000001F80000-0x000000000260F000-memory.dmp

memory/1540-1172-0x0000000002610000-0x0000000002685000-memory.dmp

memory/1540-1165-0x0000000001780000-0x00000000017F8000-memory.dmp

memory/1540-1164-0x0000000000D00000-0x0000000000D1C000-memory.dmp

memory/1540-1162-0x0000000000CA0000-0x0000000000D00000-memory.dmp

memory/3624-1174-0x0000000001C00000-0x0000000001C60000-memory.dmp

memory/3624-1181-0x0000000002870000-0x0000000002905000-memory.dmp

memory/3624-1184-0x0000000002930000-0x00000000029A5000-memory.dmp

memory/3624-1183-0x0000000002060000-0x00000000026EF000-memory.dmp

memory/3624-1179-0x0000000002790000-0x0000000002866000-memory.dmp

memory/3624-1177-0x0000000002700000-0x0000000002778000-memory.dmp

memory/3624-1176-0x0000000001C70000-0x0000000001C8C000-memory.dmp

memory/1536-1186-0x0000000001780000-0x00000000017E0000-memory.dmp

memory/3276-1208-0x0000000000B10000-0x0000000000B85000-memory.dmp

memory/3276-1206-0x0000000000A70000-0x0000000000B05000-memory.dmp

memory/3276-1204-0x0000000000990000-0x0000000000A66000-memory.dmp

memory/3276-1200-0x0000000000690000-0x00000000006AC000-memory.dmp

memory/1536-1189-0x00000000017F0000-0x0000000001E7F000-memory.dmp

memory/1536-1196-0x00000000020B0000-0x0000000002125000-memory.dmp

memory/1536-1194-0x0000000002000000-0x0000000002095000-memory.dmp

memory/1536-1192-0x0000000001F20000-0x0000000001FF6000-memory.dmp

memory/1536-1190-0x0000000001E90000-0x0000000001F08000-memory.dmp

memory/1536-1188-0x0000000000D10000-0x0000000000D2C000-memory.dmp

memory/3276-1202-0x0000000000910000-0x0000000000988000-memory.dmp

memory/3276-1198-0x0000000000630000-0x0000000000690000-memory.dmp