Analysis Overview
SHA256
027ed0df016c1b2263aea59946f567bd089163f7cfefa03104a39d8ce63911f2
Threat Level: Likely malicious
The file google-sketchup-7-0-10247-GoogleSketchUpWEN.exe was found to be: Likely malicious.
Malicious Activity Summary
CryptOne packer
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Uses Volume Shadow Copy service COM API
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-20 14:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-20 14:06
Reported
2024-12-20 14:13
Platform
win10v2004-20241007-fr
Max time kernel
360s
Max time network
363s
Command Line
Signatures
CryptOne packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
Loads dropped DLL
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\mscomct2.ocx | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_J24.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_L12.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0100_SteelBlue.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_J16.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\eula.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0090_LightCyan.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0134_DimGray.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Color Sets\Mint Green.style | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Tools\DynamicComponents\images\tabs.gif | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Markers\Cobalt.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Markers\Sky.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\23006\index.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_G17.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Fencing\Fencing_Picket_Concave.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Default Styles\09Design Style.style | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Stone\Stone_Granite_Midnite.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_B08.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_D24.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0002_MediumVioletRed.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0056_Yellow.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Translucent\Translucent_Glass_Block_Dark.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_D13.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_H12.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\21126\index.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Sketchy Edges\Marker Super Fine.style | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\helpcontent\tool\10523\images\animation-pan.gif | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0004_HotPink.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Groundcover\Groundcover_Sand_Raked.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Metal\Metal_Embossed.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_H20.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_K15.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Assorted Styles\01PSO Vignette.style | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Tools\DynamicComponents\images\manager_tool.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_B23.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_I01.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Straight Lines\Straight Lines 02pix.style | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_E10.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Default Styles\01Wireframe.style | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Tools\Sandbox\fromscratch.rbs | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Roofing\Roofing_Tile_Spanish.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Markers\WarmGray1.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_I08.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Fencing\Fencing_Diamond_Mesh.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Sketchy\Sketchy_Siding_Scale.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Tools\Sandbox\images\tbcontourslarge.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Translucent\Translucent_Glass_Tinted.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Blinds\Blinds_Weave.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Default Styles\04Shaded with textures.style | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_C25.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Fencing\Fencing_Mesh_Blue.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Metal\Metal_Steel_Textured.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Markers\CoolGray6.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_D09.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_D12.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_K25.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\DD_AcisRenderer_2.04_8.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors\Color_A21.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0030_OldLace.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Sketchy\Sketchy_Lines_Wavy_Vertical.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Styles\Straight Lines\Straight Lines 03pix.style | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Styles.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Markers\CoolGray4.skm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Tools\DynamicComponents\ruby\dcloader.rb | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Google\Google SketchUp 7\Materials\Colors-Named\0120_Orchid.skm | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\e57edbb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750688.2\msvcm80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750688.2\msvcp80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750578.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E5D52570-5EF1-4576-A434-6CCD92268F0F}\SketchUpIcon.87141840_2563_4894_A918_67E5C9B30163 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750578.0\ATL80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750672.0\8.0.50727.762.cat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF59C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750688.1\8.0.50727.762.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750688.0\8.0.50727.762.policy | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241220140750578.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750688.2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750703.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750703.0\mfc80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750703.0\mfcm80u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57edbd.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750688.0\8.0.50727.762.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750688.2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750703.0\mfc80u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750703.0\mfcm80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E5D52570-5EF1-4576-A434-6CCD92268F0F}\SketchUpIcon.87141840_2563_4894_A918_67E5C9B30163 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241220140750672.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241220140750703.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57edbb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750578.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750703.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241220140750688.1 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750672.0\8.0.50727.762.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750688.2\msvcr80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241220140750688.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241220140750688.2 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF28E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{E5D52570-5EF1-4576-A434-6CCD92268F0F} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241220140750688.1\8.0.50727.762.cat | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\google-sketchup-7-0-10247-GoogleSketchUpWEN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000038a6760542cf76680000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000038a676050000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090038a67605000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d38a67605000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000038a6760500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} | C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" | C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\DisplayName = "Google" | C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\URL = "http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" | C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "234" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32\ = "\"C:\\Windows\\SysWOW64\\mscomct2.ocx\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSComCtl2.UpDown.2\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\07525D5E1FE567544A43C6DC2962F8F0\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32\ = "\"C:\\Windows\\SysWOW64\\mscomct2.ocx\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\TypeLib\ = "{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComCtl2.FlatScrollBar.2\CLSID\ = "{FE38753A-44A3-11D1-B5B7-0000C09000C4}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{20DD1B9B-87C4-11D1-8BE3-0000F8754DA1}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\MiscStatus\1 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComCtl2.DTPicker\CurVer\ = "MSComCtl2.DTPicker.2" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComCtl2.MonthView\CurVer\ = "MSComCtl2.MonthView.2" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32\ = "C:\\Windows\\SysWOW64\\mscomct2.ocx, 1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5214877-E8F1-47E7-95D3-3BD95C1F6D8C}\TypeLib\Version = "1.0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\MiscStatus\1\ = "131473" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\ = "UpDown Scrolling Property Page Object" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\07525D5E1FE567544A43C6DC2962F8F0\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SketchUp.ShellExtension\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\Version | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\ = "Microsoft UpDown Control, version 6.0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32\ = "C:\\Windows\\SysWOW64\\mscomct2.ocx, 5" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE387538-44A3-11D1-B5B7-0000C09000C4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}\2.0\0\win32\ = "C:\\Windows\\SysWOW64\\mscomct2.ocx" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\VersionIndependentProgID\ = "MSComCtl2.DTPicker" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{FBD46897-D37D-484F-A4BF-B48EE41F0348}\1.0\HELPDIR | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\VersionIndependentProgID\ = "MSComCtl2.UpDown" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\ = "Flat Scrollbar General Property Page Object" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\07525D5E1FE567544A43C6DC2962F8F0\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\07525D5E1FE567544A43C6DC2962F8F0\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\7zS7697.tmp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{232E4569-87C3-11D1-8BE3-0000F8754DA1}\ = "DMonthViewEvents" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBD46897-D37D-484F-A4BF-B48EE41F0348}\1.0\ = "ThumbsUp 1.0 Type Library" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{FBD46897-D37D-484F-A4BF-B48EE41F0348}\1.0\0\win32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{B09DE713-87C1-11D1-8BE3-0000F8754DA1} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSComCtl2.FlatScrollBar | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}\TypeLib\ = "{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{603C7E7E-87C2-11D1-8BE3-0000F8754DA1}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE387539-44A3-11D1-B5B7-0000C09000C4}\TypeLib\ = "{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBD46897-D37D-484F-A4BF-B48EE41F0348} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\07525D5E1FE567544A43C6DC2962F8F0\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7zS7697.tmp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{20DD1B9B-87C4-11D1-8BE3-0000F8754DA1}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B09DE714-87C1-11D1-8BE3-0000F8754DA1}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\MiscStatus\1 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FBD46897-D37D-484F-A4BF-B48EE41F0348}\1.0\0 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{232E4569-87C3-11D1-8BE3-0000F8754DA1}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{A86C8053-587B-4DFB-A5E2-54E9803E4463} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\ProgID\ = "MSComCtl2.DTPicker.2" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\MiscStatus\1 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SketchUp.ShellExtension | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.skp\SketchUp.Document | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\MiscStatus\ = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSComCtl2.Animation\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B09DE714-87C1-11D1-8BE3-0000F8754DA1}\ = "DAnimationEvents" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\MiscStatus\1 | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\google-sketchup-7-0-10247-GoogleSketchUpWEN.exe
"C:\Users\Admin\AppData\Local\Temp\google-sketchup-7-0-10247-GoogleSketchUpWEN.exe"
C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe
.\setup.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 24077D3981AAF5731B33FEAC09DFA9C7
C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp
"C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp" -setds
C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe
"C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe"
C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe
"C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe"
C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe
"C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe"
C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe
"C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe"
C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe
"C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\shutdown.exe
shutdown
C:\Windows\system32\shutdown.exe
shutdown /s
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38fc055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\setup.exe
| MD5 | c2a4f08b839814809c3dabb7bd8f7dc7 |
| SHA1 | 100f1e31465b1c660a7d4ce8f4b650d96bc2a9a0 |
| SHA256 | 0cd9f4ddc4b8be1edf85eea0adb52ca635d16ac371240d6599f7e5051a3c663a |
| SHA512 | 0f54d8435668a791edea56eb153db4cf7bb70f8cdac987f8cc3f217a041ad76a298cd5b5cf5fc21bd683b67d64e9ab8c8816ebf2987797a83c606551ddc879f9 |
C:\Users\Admin\AppData\Local\Temp\7zS7697.tmp\GoogleSketchUp7.msi
| MD5 | 44f5ade09c2a1d78a91e0f5fc46025d6 |
| SHA1 | f14a6c9a20f776720eb630b9f83e59f7a6a70965 |
| SHA256 | 4cb1c3d1db0ea5892ad5781dab782cc795a2404be74c16a64a7043afda10f53c |
| SHA512 | 0a7ce48e7b97dfb2efe4b9f84a2a66626868578d2386f5617414947152db1b45a6a601d26d0964456fe10b480fd6bc92a3e070bef1aeff2cef1eed1bb65cc868 |
C:\Windows\Installer\MSIF28E.tmp
| MD5 | 85221b3bcba8dbe4b4a46581aa49f760 |
| SHA1 | 746645c92594bfc739f77812d67cfd85f4b92474 |
| SHA256 | f6e34a4550e499346f5ab1d245508f16bf765ff24c4988984b89e049ca55737f |
| SHA512 | 060e35c4de14a03a2cda313f968e372291866cc4acd59977d7a48ac3745494abc54df83fff63cf30be4e10ff69a3b3c8b6c38f43ebd2a8d23d6c86fbee7ba87d |
C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe
| MD5 | 67478319968f6ddbc900d6db43ea97a6 |
| SHA1 | 1f5631a308cd4e19f402a9f4261012d2033d04ad |
| SHA256 | d899edb32093065a9f411a96943217e84c6e383562d0dc5fbea5870d3e9f16e5 |
| SHA512 | d26285c9e12ac7c920f0e0bdca435344a712248db474bb358cc54d252ca7561718503788b77f86c0aedcb1c222060a1d53b445903ea14b7ae20d22f87ad42013 |
\??\Volume{0576a638-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{6f3d0e5f-121c-4b03-b2b0-07972df40cdb}_OnDiskSnapshotProp
| MD5 | 59e4d2f8543e8db1e9e8b863b6e9e4d5 |
| SHA1 | 87eaac7bc2ff32d9dff0d0e15163517d5867f635 |
| SHA256 | ce6164b0d4d641a2f8f63ccdc94ab74c28519209357ff9079032152d831b6377 |
| SHA512 | 49cfd45c7a90e36764f7e51bc4f057d5b2b0c6924550e80b5dfd21121e12e2a30b2aff2be381cd32c58bf512d960e74fe529be3952cc0d5bb56f21e625ebd2b5 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | ca83265c9b6106a089fe7198ef88003b |
| SHA1 | 1e184ef3f281aa4befb4df3629bb02a8da38261a |
| SHA256 | 5df1601038f63f20d1c063b0bf300fc43adb9d4ec6a41321605edc94076abc97 |
| SHA512 | 52d469eff63d288cdda307d8d2b50fea1383c71142ee5d6d29c226d60cab9c0360e8c834a854da4e40f3a426f532826e41aad0335d93cc94cf8d672955079402 |
C:\Config.Msi\e57edbc.rbs
| MD5 | 35a611fa16786c125db4fb511f2ba352 |
| SHA1 | c8bd45f999bb42e2a17110693f27dd0a4e38b6f0 |
| SHA256 | 258e1b92882e9063104f4076c2f2f98a3e3da67138e39d313a57f0c4c644729f |
| SHA512 | 4431f3a3cab3c1ab5a43d3108e146c6de251b3a42fbfe839f395eabe5bd3c1ec53c8e601ea6fe67d683f2e3e0da4327abdbbce733db72eb44065d9a03c676153 |
C:\Users\Admin\AppData\Local\Temp\MSI487F.tmp
| MD5 | d8228a92a2e41c9e070fd9a41e65b28d |
| SHA1 | 134d1723955ca405d31ebc33602ac2908b5fd254 |
| SHA256 | 3d95becf182fff5e8d6f8fbda47c7ae062460d4e84830e74295924201a8d24c5 |
| SHA512 | db869809b18c004b69d435a93cbe1220a094f18a5f2ef9ab82efc301e40d6d7424c07bff064fdfa3e855f10ee3edbf702543e450c66c80fa2d0acd30b45228c2 |
C:\Program Files (x86)\Google\Google SketchUp 7\DD_Ge_2.04_8.dll
| MD5 | b0d64108cef72cd18765f068cad32927 |
| SHA1 | c5914fad4709027828b9a6a35536b2e57bf8f459 |
| SHA256 | 350cda677678cf809ec73af545888afe087f9ac01c4f16aac97ca214b20d829e |
| SHA512 | 330f150657b7a2f9cfa59598afcd616767ea22caa56ef8c01a142731d4033c76c19e4f288df29e3270cda9df0fba76ad6fdb8f0e630bac9e83dc7d27257f0b5d |
C:\Program Files (x86)\Google\Google SketchUp 7\xerces-c_2_6.dll
| MD5 | fa735f5185b29ea5f3c3ce1b412a18c4 |
| SHA1 | 8bce2f8e505281f370b209abb5dd9d5c36954083 |
| SHA256 | 6fa7bc7fffa7d13f926b6837a739f8c6e81a50ff32903cf4f45f825cd27735e1 |
| SHA512 | b96e65f4524b70b17cf57aafcbca4ac504184fe627ffffa644b4143c03ea67f112da0e723e48bd0d05151e98fbc6e3d0b79f2c1a9387502c2afa909e8ea3600a |
C:\Program Files (x86)\Google\Google SketchUp 7\msvcrt-ruby18.dll
| MD5 | 27d691b625cb3654bf7134568712a7be |
| SHA1 | beb19c07c5aac8176b3a9585312d41989c971170 |
| SHA256 | 287e94328841a0f71ef0159595255de8b67f0db9e05289652875d43dd110afc5 |
| SHA512 | d9fdef5f5edf5963c06f3492b979139e4a022bb49bd8376f58aa8ecc1d6bb6307c8f3b432214fb3b702511eb47afcf225038bdcb443bf90127a62a7f6e76e887 |
C:\Program Files (x86)\Google\Google SketchUp 7\DD_Root_2.04_8.dll
| MD5 | 0ccea18e3ed49d9f9f520909b8f91200 |
| SHA1 | 23483ba7be0cab563f278ab0b74b07176324f6f2 |
| SHA256 | de7160a8e33c86f43be0d7f126b852a02eb4f1bdc5282cee86177cf273acd8d3 |
| SHA512 | 8226eee6b54be8917601225ed109283b783b0d1db35afd95e75494e4fe7263e70a9e6ff59572da2cd0afb0cf0e643c8e0c6ef5dd003ea973081277b1745956de |
C:\Program Files (x86)\Google\Google SketchUp 7\DD_Db_2.04_8.dll
| MD5 | 4345d63e22af579e98f17c0e024ab60a |
| SHA1 | 94630f676e298faa6a9945b42045aef5c378a35a |
| SHA256 | 9fe828ecc1862523f7900b210d583b56d013d968f971b8d473ef42033a521c0d |
| SHA512 | b794d1577221a6a75d81ed0addd59fb7e745ceac6dd557ef9a2710614481e5e1428ddfe322aaf0a759d20a7cb933999e7213281908aa1d47976ca7984d53f7bc |
C:\Program Files (x86)\Google\Google SketchUp 7\DD_Alloc_2.04_8.dll
| MD5 | ac6b5bc268ff2a8a6420bba3975efed0 |
| SHA1 | c3037104e9f1b71479705b322aef5c9124bdd295 |
| SHA256 | 9b5135620b7aa3294ea63b1c66d24e2114620db5b997f26810d31f23cd55c06b |
| SHA512 | 2c920824253e9b51efa5f249ae8d2d25781e3bc66e29695b2c07b9c329a26a0aa63028ddda17d35177b50ac6dc95f04adb88ff418308c8428aeef71c79eae872 |
C:\Program Files (x86)\Google\Google SketchUp 7\BugSplat.dll
| MD5 | ef7f23961b54e39ad3631677e140d260 |
| SHA1 | 2d07d699edaeb70e6ed94732fa3d84aa3eab8381 |
| SHA256 | 7484221b0cb35971ce2628d451ddbd4a39379a6ccf11571c4bde5f769d0d0149 |
| SHA512 | 1dfc8638967d7e6ce5e47e5e12e642cde2cb2c907ca32d1cc56661ad5af4ac7e3ec3ad353669a15eef9cf4aeb926c556e12771bb391fefec001a64253a15d153 |
C:\Program Files (x86)\Google\Google SketchUp 7\mpiwin32.dll
| MD5 | 6222ef293b72c508b79e7cb4add80572 |
| SHA1 | 3c08ef5b784c19266c8ee875ca4fd847985c9f02 |
| SHA256 | 0c02a79007edb36703d79ae79a356cf2b0ccb117ab16ff429cbbe3ef5bf96a30 |
| SHA512 | bcdbed88e398ef238a22e8f93c14603da012228124218be945f0a2c177ede233bc30bae22d77c431e7d7726a84e6acaad7288b4b03d0fe1c7bb1bbcae752669f |
C:\Program Files (x86)\Google\Google SketchUp 7\gdal12.dll
| MD5 | efd24408a5ec262ccc17258038f8b1b9 |
| SHA1 | 34a3538b0bf8f3e98eb7fb3b0725ccbb0f879b64 |
| SHA256 | afdc8ef298c882bf7faa954a90ee1ceebefc3f333841bb240fa3911437060543 |
| SHA512 | 9fa133f1be6337af518b9dc97bb30043c3f403636a02f254a0786ceb77e513231643b05cd0c8711f8f07005e7927f4924b6d55fe109d8cddc485f07205dd8c73 |
memory/1020-1128-0x0000000000BA0000-0x0000000000C35000-memory.dmp
memory/1020-1130-0x0000000001780000-0x0000000001E0F000-memory.dmp
memory/1020-1124-0x0000000000AC0000-0x0000000000B96000-memory.dmp
memory/1020-1122-0x0000000000A40000-0x0000000000AB8000-memory.dmp
memory/1020-1118-0x0000000000590000-0x00000000005AC000-memory.dmp
memory/1020-1115-0x00000000009C0000-0x0000000000A20000-memory.dmp
C:\Program Files (x86)\Google\Google SketchUp 7\DD_Gi_2.04_8.dll
| MD5 | 2e688c93086bf5eecd17df0d7de8deb9 |
| SHA1 | d80ec005de7ada5eec6da2fc58655c47c549a702 |
| SHA256 | 37ddfc70b1546171e752195193380ad53251dcb45622648459d4552ffa4f7e4f |
| SHA512 | 3817fb04f88d19550079759c6023a15af3a0de5b40a84e1d41081d7dfa35e648dc0751c8575dddc021d6c3a007b4dc33ae8cebdcf8e7cf29c1e93397375c3114 |
memory/1020-1134-0x0000000000C70000-0x0000000000CE5000-memory.dmp
C:\Program Files (x86)\Google\Google SketchUp 7\Support\SketchUp.dat
| MD5 | ae2c5cfbdafca40c36e7ba1b8fe2bfd2 |
| SHA1 | c1ee2458b7b5d17f1b9b5e8b404485c0ce17ca1e |
| SHA256 | 1e209d91610801472ffb56e54f1b849d80e62320a85e3825603ac8e1fc489d5f |
| SHA512 | 62c0c9b584430d8adc23310d1f3aab44de12df7d78d9e6e61bafed51ac19969388e215dab2fa19509967288b2a21284e4ebf435f0d633d594d22704b4c8fb4f2 |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp01a - Simple.skp
| MD5 | 61639a89c2cfab0b1c1a9aa43adf7997 |
| SHA1 | 9fefc7e7785a947a71d16746526ea048b9866046 |
| SHA256 | 630b26ac6112d0ae01c98e9d66626ea340fe28d137fdcfa7ce91100468a120be |
| SHA512 | fdb43501f76b6a756179e67f80b8b0c0ef3b5f8ccd32efb9beb1925220c3190eb683b9e02c09164809faefb35bec94da294dc8e4a17f14dba4a3f280307a3751 |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp04a - Engineering.skp
| MD5 | f62da92dbc5e7e933300fe4817c56d70 |
| SHA1 | 4dc98e91fdbd3251a7081d4459a84d5a46315d82 |
| SHA256 | 3589ad721b21118cd8f43b04e7b6dd0a1d0024d4670dea7dfb740863954ce6c3 |
| SHA512 | c8130f43262d62ddc62dddb5c89bc28d6b33aa5d920448c845f129befee28ec8cffc6a6f595c344571336d67aee5182262a03331be0a35c00f14d9b9ea76b366 |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp03b - GoogleEarth.skp
| MD5 | 85605f2bcf96357a4e4ae3afb6068da6 |
| SHA1 | ed57c6cb9e3dcf654f628caabed245d30a283592 |
| SHA256 | f2d3b51cb6b03aac9facf2aa306335198ba0a65300353124d3ab6d8a76125de7 |
| SHA512 | 46bb9a713dce0c1a8e321964d27799c45691f6d33abb617759149f4f8e73562481053064d66ed44cf8d1aa29b6d2bf784da9dfe4bb96cc8ad42c7d16de9cfb63 |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp03a - GoogleEarth.skp
| MD5 | 9426e5d4700300f439e7a76d9ea368be |
| SHA1 | 688000be4cf149dd02197b760a275194f35a3166 |
| SHA256 | 5fd79ad1c4300a0f29a762959434a2a40095b2971f8a06452447b9f824cc4749 |
| SHA512 | 167586338ad6b93ac7c5cc145069db464046fea9d552d2956a208bc54850c08ed07855831e0c59d88da5893e58e9445539b00151e9fa095865b59ec7f0b633d9 |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp02b - Arch.skp
| MD5 | c7b34cac81d3027ad1703124abe6ff02 |
| SHA1 | bcb418a934244d27d7f32016dbb5c6aede3c13e7 |
| SHA256 | b772f99cf69613e2836e941437be0d8746d7b10c4bcbadf9a80fc623dcf47d55 |
| SHA512 | 8e09f8dbd2726e0a0d5dc3e86bd8fb6536534d39d08abe646f12f09b594dd62906b4f460ee58fc0cefa533790179d557c152fee906928fa630a8276d1eabb2e9 |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp02a - Arch.skp
| MD5 | 1eb4ce9cb965d403957b3b3e616f8a5f |
| SHA1 | b87e3c4f1643fc589f98f3bbdc92f1643304b240 |
| SHA256 | bd69c15d2cefd74f49d944236aa0590b99a52cac60c34861206ee2d55486f6ba |
| SHA512 | d333b52ce07c488c5483817fef206ab2a72f76e94b441e2616bdc607223b5043bf9c7c3541e3d08194152d67ad612d0bca03a109b1f1d5807e0ac81698a55528 |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp01b - Simple.skp
| MD5 | 3d58a0e4f2bff52018ff07f4c06820f4 |
| SHA1 | fdc474844e200a9fdb05149c766f418920d29e52 |
| SHA256 | 82b9d5a51784a03e636711a6de6654ad05308bdea489aa46fd40468ef26d2058 |
| SHA512 | a7dbd432db9f719643a8bd8affa561d193098d5798e2939286f6997b63c14642904ff981972ff043f2306b10e8f2c6d5cecfbd2500791b19b4bf14fca537a3f0 |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\i18n.dat
| MD5 | 9031a6ca6290bee6310ec730a638e189 |
| SHA1 | 5d0c208127a1f18f84ad436ec8b528b930b221d3 |
| SHA256 | ceffb68ca8c5c8ff746b5c8e758dda5ca7d08e2f9c543435ff5325af685c4bcf |
| SHA512 | f4853059807b0ad1b5550a4707ed52abbc315b73aa0ccdb73390e32e253f3af7ca92b8e33e1b86e46fb6596bae6510d334a9267aba173f80a59a049990a8c55e |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp06b - plan.skp
| MD5 | 6dc90aa080f6fe9a4a49c0487f610e6d |
| SHA1 | d58e23c4bd74723778690d647ce24fb843f59494 |
| SHA256 | e01c98ae879a7dcd39e59956325171fa0cc5436abc5a66616b4950b89d260d7b |
| SHA512 | 88eefec20c64a7af92b1e849c7c90fc39c76a78b9ed9a73e51f084ac05e0050e9ceb419ec5501c6316736aac0b92a8cf3c24f6aaf6d6ca664a927a0f7638f065 |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp06a - plan.skp
| MD5 | c5f4a99ec31c313c5c919903b2560a30 |
| SHA1 | 84a04d2c08c24a7e075469d6f293fc1b67d26948 |
| SHA256 | e16046bd8b4dc55626bf3b7558da543711173300cb503be1ab2f23ba1b2f1cbc |
| SHA512 | a373dd06304c6b903bf2c404d131191e34c40f53519522557e0da34aaf83cc99a62b94622098add3131fb7c7722f315aec7a4a26de0ad75a6f3cd7f2c48a1195 |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp05b - Design.skp
| MD5 | e3d70b75f8bc1acc6cadd6beef3f993c |
| SHA1 | 748195fb06ca6972ba532aefca17eb8ca8e31c6c |
| SHA256 | 654c6b607472cd0721aff626694f5126db4fe6710bfae79d753a003be49e4673 |
| SHA512 | d5202cc12357e77931770baa91d2902df488ce674e50794affefb4044bd7cafddd6ce531438fc3199dd3d0240061a377a42e1d6c3390343c57502cf64569a2ef |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp04b - Engineering.skp
| MD5 | b08086766d05b66f93fd7992240735b6 |
| SHA1 | 016cd733d1b30c8fdc81021b749e6b7b2c77f17a |
| SHA256 | 9b93531f93427e7be202ab83208aa1f7c452c6c798e98209ec4eef17d5cea312 |
| SHA512 | 57e3891fb89a657ae57062dda96f20c6620a808c69cdfd70a0dd976fe9e503575a7210ae2c575067888cd09ea082858574fd62730445768d1a96bcf968c96322 |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\Templates\Temp05a - Design.skp
| MD5 | 955312917b58691356b8b6074234c1a5 |
| SHA1 | 1640365c71a264c67b434b4eccfa0bfecb9cb237 |
| SHA256 | 6aaffdbc0aaf173bf0b732395156f767479dd02d62d26a6639b930c8786aa954 |
| SHA512 | 53dd4c4ba2293496b6c5b5c7cdb499bae513e38cc7748bce0a4c84529012639754079c41ce722592d1a1ba32531b04fc7cb046782f88d246c7cf675e42f6f649 |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\welcomescreen\learntab.html
| MD5 | a4d1fc9ea1b11054aa3d9cadbac17a41 |
| SHA1 | 993ca08a2b6b15fc6946c13f27ec856e5e87eb7a |
| SHA256 | 663a70f3feb421878fb10b1c6480cd254a32142916a90b212ddd24ff510268ad |
| SHA512 | 3f117e6b907cac2b2effb36a982e5efebe3e12527605ef5d1fe47b9ee1788ddf83b863b4da6065642f6ad75b15056a839ceca3052a785ba8b6f998f1f1a8e57b |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\welcomescreen\images\sketchup-welcome.gif
| MD5 | ba58a41dffad0550eef13e119ebb20c1 |
| SHA1 | 008fdfedbf68c5246c5e172ab1f22d0f3b71305e |
| SHA256 | 37571b06315bd7c50ae67963e9c1fdab8617460b1c479b96852abede5ffa9717 |
| SHA512 | 9b1282165e2afec58e26b6e568b9e74444be7584ab1574db5271c2c3b70aec128079eaa6b71790b53bb3d9c0c0afe3f4c88204261134b6d5a4a2a0de76e61279 |
C:\Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\welcomescreen\images\sketchup-welcome_back.gif
| MD5 | 5e9676c4d1452321865e64395d3ddea7 |
| SHA1 | 5bcf7ba960d762513c22885bb575b52fff53a961 |
| SHA256 | b14edc9e4bbfd1b5f8d5fca17ab60e425f599de00abf44a76b2912bbc33ad36b |
| SHA512 | d832658e79fe992c1e12e372f4636d92f0f29abc8233e71e844be70dcb54b5dada1b21854e8d9dbaf30e1fff5e5112924e6bb2b39ab63cf183a1f7d50d7e02f9 |
memory/1540-1167-0x0000000001EC0000-0x0000000001F55000-memory.dmp
memory/1540-1168-0x0000000001DE0000-0x0000000001EB6000-memory.dmp
memory/1540-1171-0x0000000001F80000-0x000000000260F000-memory.dmp
memory/1540-1172-0x0000000002610000-0x0000000002685000-memory.dmp
memory/1540-1165-0x0000000001780000-0x00000000017F8000-memory.dmp
memory/1540-1164-0x0000000000D00000-0x0000000000D1C000-memory.dmp
memory/1540-1162-0x0000000000CA0000-0x0000000000D00000-memory.dmp
memory/3624-1174-0x0000000001C00000-0x0000000001C60000-memory.dmp
memory/3624-1181-0x0000000002870000-0x0000000002905000-memory.dmp
memory/3624-1184-0x0000000002930000-0x00000000029A5000-memory.dmp
memory/3624-1183-0x0000000002060000-0x00000000026EF000-memory.dmp
memory/3624-1179-0x0000000002790000-0x0000000002866000-memory.dmp
memory/3624-1177-0x0000000002700000-0x0000000002778000-memory.dmp
memory/3624-1176-0x0000000001C70000-0x0000000001C8C000-memory.dmp
memory/1536-1186-0x0000000001780000-0x00000000017E0000-memory.dmp
memory/3276-1208-0x0000000000B10000-0x0000000000B85000-memory.dmp
memory/3276-1206-0x0000000000A70000-0x0000000000B05000-memory.dmp
memory/3276-1204-0x0000000000990000-0x0000000000A66000-memory.dmp
memory/3276-1200-0x0000000000690000-0x00000000006AC000-memory.dmp
memory/1536-1189-0x00000000017F0000-0x0000000001E7F000-memory.dmp
memory/1536-1196-0x00000000020B0000-0x0000000002125000-memory.dmp
memory/1536-1194-0x0000000002000000-0x0000000002095000-memory.dmp
memory/1536-1192-0x0000000001F20000-0x0000000001FF6000-memory.dmp
memory/1536-1190-0x0000000001E90000-0x0000000001F08000-memory.dmp
memory/1536-1188-0x0000000000D10000-0x0000000000D2C000-memory.dmp
memory/3276-1202-0x0000000000910000-0x0000000000988000-memory.dmp
memory/3276-1198-0x0000000000630000-0x0000000000690000-memory.dmp