njrat | fa82b765ab1020e4723b215541cc36cb631cbfbffc92b6b7e6ac2a831b0c6a7b

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 08:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe
Size

2.0MB
MD5

59a7f82b965826d310b203a3f6e5cac0
SHA1

c903c3522d9c46838a6855f2086d22586b365f05
SHA256

fa82b765ab1020e4723b215541cc36cb631cbfbffc92b6b7e6ac2a831b0c6a7b
SHA512

336c942e9c2609238b58a5a638a190d33b989e53dd71d10f3875020b8942ec6a0932fc3b7d96d7a3f2698d29e23436ad18c694ea62dfa65b827aadf8578b4566
SSDEEP

24576:YPjWLSR4ovS72dnm3xgkLT1bUIxTwMdv9YwEdpQ3yVvcY15v2MurzcR2p:FLfLqYx1f1bUIlw8lopQyngbHL

Score

10^/10

njrat hacked discovery persistence privilege_escalation spyware stealer trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

127.0.0.1:5552

Mutex

1f6a4767a0095c0701aa58616a696751

Attributes

reg_key
1f6a4767a0095c0701aa58616a696751
splitter
|'|'|

Signatures

Njrat family
njrat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\131.0.6778.205\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable"	setup.exe

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe	GoogleUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0"	GoogleUpdate.exe

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	GoogleUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 35 IoCs

pid	Process
3624	a.exe
4596	GoogleUpdate.exe
448	GoogleUpdate.exe
2312	GoogleUpdate.exe
4268	GoogleUpdateComRegisterShell64.exe
1760	GoogleUpdateComRegisterShell64.exe
3380	GoogleUpdateComRegisterShell64.exe
1716	GoogleUpdate.exe
3108	GoogleUpdate.exe
2892	GoogleUpdate.exe
432	131.0.6778.205_chrome_installer.exe
2304	setup.exe
2240	setup.exe
2772	setup.exe
1680	setup.exe
4860	GoogleUpdate.exe
2748	GoogleUpdateOnDemand.exe
2444	GoogleUpdate.exe
864	chrome.exe
1520	chrome.exe
916	chrome.exe
4164	chrome.exe
2060	chrome.exe
4376	chrome.exe
4576	elevation_service.exe
2928	chrome.exe
2616	chrome.exe
944	chrome.exe
680	chrome.exe
3844	chrome.exe
3612	chrome.exe
2888	chrome.exe
5592	chrome.exe
5452	chrome.exe
5732	chrome.exe

Loads dropped DLL 54 IoCs

pid	Process
4596	GoogleUpdate.exe
448	GoogleUpdate.exe
2312	GoogleUpdate.exe
4268	GoogleUpdateComRegisterShell64.exe
2312	GoogleUpdate.exe
1760	GoogleUpdateComRegisterShell64.exe
2312	GoogleUpdate.exe
3380	GoogleUpdateComRegisterShell64.exe
2312	GoogleUpdate.exe
1716	GoogleUpdate.exe
3108	GoogleUpdate.exe
2892	GoogleUpdate.exe
2892	GoogleUpdate.exe
3108	GoogleUpdate.exe
4860	GoogleUpdate.exe
2444	GoogleUpdate.exe
2444	GoogleUpdate.exe
864	chrome.exe
1520	chrome.exe
864	chrome.exe
916	chrome.exe
4164	chrome.exe
916	chrome.exe
4164	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
2060	chrome.exe
4376	chrome.exe
2060	chrome.exe
4376	chrome.exe
2928	chrome.exe
2928	chrome.exe
2616	chrome.exe
2616	chrome.exe
944	chrome.exe
944	chrome.exe
680	chrome.exe
680	chrome.exe
3844	chrome.exe
3844	chrome.exe
3612	chrome.exe
3612	chrome.exe
2888	chrome.exe
2888	chrome.exe
5592	chrome.exe
5592	chrome.exe
5452	chrome.exe
5452	chrome.exe
5732	chrome.exe
5732	chrome.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\shell.exe = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\shell.exe\""	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	chrome.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4684 set thread context of 4192	4684	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe	83

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\PrivacySandboxAttestationsPreloaded\privacy-sandbox-attestations.dat	setup.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\ml\messages.json	chrome.exe
File created	C:\Program Files (x86)\Google\Temp\GUMB268.tmp\GoogleUpdateOnDemand.exe	a.exe
File created	C:\Program Files (x86)\Google\Temp\GUMB268.tmp\psuser_64.dll	a.exe
File created	C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_fi.dll	a.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\Locales\ru.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Application\131.0.6778.205\Installer\setup.exe	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\ta\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\da\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\lt\messages.json	chrome.exe
File created	C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_fa.dll	a.exe
File created	C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_fil.dll	a.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.72\goopdateres_bg.dll	GoogleUpdate.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\be\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\manifest.fingerprint	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\ar\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\es\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\pl\messages.json	chrome.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.72\goopdateres_fr.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.72\goopdateres_ru.dll	GoogleUpdate.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\chrome_100_percent.pak	setup.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.72\goopdateres_sr.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleUpdateSetup.exe	GoogleUpdate.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\Locales\sk.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\Locales\sl.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\VisualElements\LogoDev.png	setup.exe
File created	C:\Program Files (x86)\Google\Temp\GUMB268.tmp\GoogleUpdateBroker.exe	a.exe
File created	C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_hi.dll	a.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.72\goopdateres_ml.dll	GoogleUpdate.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\it\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\kn\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\is\messages.json	chrome.exe
File created	C:\Program Files (x86)\Google\Temp\GUMB268.tmp\GoogleUpdateComRegisterShell64.exe	a.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.72\goopdateres_tr.dll	GoogleUpdate.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\chrome_wer.dll	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\chrome.dll.sig	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\gl\messages.json	chrome.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleUpdateOnDemand.exe	GoogleUpdate.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\Locales\gu.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\VisualElements\SmallLogo.png	setup.exe
File created	C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_it.dll	a.exe
File created	C:\Program Files (x86)\Google\Update\Install\{E620F3CC-4290-4D7B-BC4B-1D5FE57F535E}\CR_DD9BF.tmp\SETUP.EX_	131.0.6778.205_chrome_installer.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\libEGL.dll	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\Locales\bn.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\Locales\id.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\am\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\nl\messages.json	chrome.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.72\goopdate.dll	GoogleUpdate.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.72\goopdateres_pt-BR.dll	GoogleUpdate.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\chrome_200_percent.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\zu\messages.json	chrome.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_566528880\LICENSE	chrome.exe
File created	C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_kn.dll	a.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\VisualElements\Logo.png	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_728831362\_locales\zh_TW\messages.json	chrome.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\Locales\ko.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping864_1665957319\manifest.json	chrome.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\Locales\kn.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\chrome.VisualElementsManifest.xml	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.72\goopdateres_es.dll	GoogleUpdate.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\default_apps\external_extensions.json	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2304_1741539664\Chrome-bin\131.0.6778.205\Locales\es.pak	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dw20.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdateOnDemand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GoogleUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1716	GoogleUpdate.exe
4860	GoogleUpdate.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dw20.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dw20.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	dw20.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133807139944499352"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\NumMethods	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both"	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromePDF\Application\ApplicationName = "Google Chrome"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4EC3C18E-7203-41E7-990D-A72B57E286A9}\InProcServer32\ThreadingModel = "Both"	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\ProxyStubClsid32\ = "{4EC3C18E-7203-41E7-990D-A72B57E286A9}"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32\ = "{4EC3C18E-7203-41E7-990D-A72B57E286A9}"	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithProgIds\ChromeHTML	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ = "Google Update Legacy On Demand"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0\CLSID\ = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods\ = "43"	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{708860E0-F641-4611-8895-7D867DD3675B}\AppID = "{708860E0-F641-4611-8895-7D867DD3675B}"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ELEVATION	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\ = "TypeLib for Interface {463ABECF-410D-407F-8AF5-0DF35A005CC8}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\ = "GoogleUpdate CredentialDialog"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ = "IProgressWndEvents"	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32\ = "{4EC3C18E-7203-41E7-990D-A72B57E286A9}"	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\VERSIONINDEPENDENTPROGID	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ = "IAppBundleWeb"	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ = "IApp2"	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ = "IPolicyStatus2"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32\ = "{4EC3C18E-7203-41E7-990D-A72B57E286A9}"	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\ChromeHTML	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\NumMethods\ = "17"	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32\ = "{4EC3C18E-7203-41E7-990D-A72B57E286A9}"	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass\CLSID\ = "{9B2340A0-4068-43D6-B404-32E27217859D}"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ProxyStubClsid32	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods	GoogleUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\PROGID	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\VersionIndependentProgID	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\ChromePDF	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds\ChromeHTML	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods\ = "9"	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\LocalizedString = "@C:\\Program Files (x86)\\Google\\Update\\1.3.36.72\\goopdate.dll,-3000"	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods	GoogleUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\NumMethods	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32\ = "\"C:\\Program Files (x86)\\Google\\Update\\1.3.36.72\\GoogleUpdateOnDemand.exe\""	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.htm	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ = "IGoogleUpdate3Web"	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}	GoogleUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID	GoogleUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromePDF\AppUserModelId = "Chrome"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32	GoogleUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ = "IRegistrationUpdateHook"	GoogleUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods	GoogleUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
4596	GoogleUpdate.exe
4596	GoogleUpdate.exe
4596	GoogleUpdate.exe
4596	GoogleUpdate.exe
4596	GoogleUpdate.exe
4596	GoogleUpdate.exe
3108	GoogleUpdate.exe
3108	GoogleUpdate.exe
4860	GoogleUpdate.exe
4860	GoogleUpdate.exe
4596	GoogleUpdate.exe
4596	GoogleUpdate.exe
4596	GoogleUpdate.exe
4596	GoogleUpdate.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4684	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe
Token: SeRestorePrivilege	2088	dw20.exe
Token: SeBackupPrivilege	2088	dw20.exe
Token: SeBackupPrivilege	2088	dw20.exe
Token: SeBackupPrivilege	2088	dw20.exe
Token: SeDebugPrivilege	4596	GoogleUpdate.exe
Token: SeDebugPrivilege	4596	GoogleUpdate.exe
Token: SeDebugPrivilege	4596	GoogleUpdate.exe
Token: 33	432	131.0.6778.205_chrome_installer.exe
Token: SeIncBasePriorityPrivilege	432	131.0.6778.205_chrome_installer.exe
Token: SeDebugPrivilege	3108	GoogleUpdate.exe
Token: SeDebugPrivilege	4860	GoogleUpdate.exe
Token: SeDebugPrivilege	4596	GoogleUpdate.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe
Token: SeCreatePagefilePrivilege	864	chrome.exe
Token: SeShutdownPrivilege	864	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe
864	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 4192	4684	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe	83
PID 4684 wrote to memory of 4192	4684	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe	83
PID 4684 wrote to memory of 4192	4684	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe	83
PID 4684 wrote to memory of 4192	4684	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe	83
PID 4684 wrote to memory of 4192	4684	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe	83
PID 4684 wrote to memory of 4192	4684	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe	83
PID 4684 wrote to memory of 4192	4684	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe	83
PID 4684 wrote to memory of 4192	4684	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe	83
PID 4192 wrote to memory of 2088	4192	vbc.exe	84
PID 4192 wrote to memory of 2088	4192	vbc.exe	84
PID 4192 wrote to memory of 2088	4192	vbc.exe	84
PID 4684 wrote to memory of 3624	4684	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe	85
PID 4684 wrote to memory of 3624	4684	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe	85
PID 4684 wrote to memory of 3624	4684	JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe	85
PID 3624 wrote to memory of 4596	3624	a.exe	87
PID 3624 wrote to memory of 4596	3624	a.exe	87
PID 3624 wrote to memory of 4596	3624	a.exe	87
PID 4596 wrote to memory of 448	4596	GoogleUpdate.exe	88
PID 4596 wrote to memory of 448	4596	GoogleUpdate.exe	88
PID 4596 wrote to memory of 448	4596	GoogleUpdate.exe	88
PID 4596 wrote to memory of 2312	4596	GoogleUpdate.exe	89
PID 4596 wrote to memory of 2312	4596	GoogleUpdate.exe	89
PID 4596 wrote to memory of 2312	4596	GoogleUpdate.exe	89
PID 2312 wrote to memory of 4268	2312	GoogleUpdate.exe	90
PID 2312 wrote to memory of 4268	2312	GoogleUpdate.exe	90
PID 2312 wrote to memory of 1760	2312	GoogleUpdate.exe	91
PID 2312 wrote to memory of 1760	2312	GoogleUpdate.exe	91
PID 2312 wrote to memory of 3380	2312	GoogleUpdate.exe	92
PID 2312 wrote to memory of 3380	2312	GoogleUpdate.exe	92
PID 4596 wrote to memory of 1716	4596	GoogleUpdate.exe	93
PID 4596 wrote to memory of 1716	4596	GoogleUpdate.exe	93
PID 4596 wrote to memory of 1716	4596	GoogleUpdate.exe	93
PID 4596 wrote to memory of 3108	4596	GoogleUpdate.exe	94
PID 4596 wrote to memory of 3108	4596	GoogleUpdate.exe	94
PID 4596 wrote to memory of 3108	4596	GoogleUpdate.exe	94
PID 2892 wrote to memory of 432	2892	GoogleUpdate.exe	111
PID 2892 wrote to memory of 432	2892	GoogleUpdate.exe	111
PID 432 wrote to memory of 2304	432	131.0.6778.205_chrome_installer.exe	112
PID 432 wrote to memory of 2304	432	131.0.6778.205_chrome_installer.exe	112
PID 2304 wrote to memory of 2240	2304	setup.exe	113
PID 2304 wrote to memory of 2240	2304	setup.exe	113
PID 2304 wrote to memory of 2772	2304	setup.exe	117
PID 2304 wrote to memory of 2772	2304	setup.exe	117
PID 2772 wrote to memory of 1680	2772	setup.exe	118
PID 2772 wrote to memory of 1680	2772	setup.exe	118
PID 2892 wrote to memory of 4860	2892	GoogleUpdate.exe	120
PID 2892 wrote to memory of 4860	2892	GoogleUpdate.exe	120
PID 2892 wrote to memory of 4860	2892	GoogleUpdate.exe	120
PID 2748 wrote to memory of 2444	2748	GoogleUpdateOnDemand.exe	122
PID 2748 wrote to memory of 2444	2748	GoogleUpdateOnDemand.exe	122
PID 2748 wrote to memory of 2444	2748	GoogleUpdateOnDemand.exe	122
PID 2444 wrote to memory of 864	2444	GoogleUpdate.exe	123
PID 2444 wrote to memory of 864	2444	GoogleUpdate.exe	123
PID 864 wrote to memory of 1520	864	chrome.exe	124
PID 864 wrote to memory of 1520	864	chrome.exe	124
PID 864 wrote to memory of 916	864	chrome.exe	126
PID 864 wrote to memory of 916	864	chrome.exe	126
PID 864 wrote to memory of 916	864	chrome.exe	126
PID 864 wrote to memory of 916	864	chrome.exe	126
PID 864 wrote to memory of 916	864	chrome.exe	126
PID 864 wrote to memory of 916	864	chrome.exe	126
PID 864 wrote to memory of 916	864	chrome.exe	126
PID 864 wrote to memory of 916	864	chrome.exe	126
PID 864 wrote to memory of 916	864	chrome.exe	126

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_59a7f82b965826d310b203a3f6e5cac0.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4192
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    dw20.exe -x -s 788
    3⤵
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious use of AdjustPrivilegeToken
    PID:2088
- C:\Users\Admin\AppData\Local\Temp\a.exe
  C:\Users\Admin\AppData\Local\Temp\a.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3624
- - C:\Program Files (x86)\Google\Temp\GUMB268.tmp\GoogleUpdate.exe
    "C:\Program Files (x86)\Google\Temp\GUMB268.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={6A308EB6-FDFF-F3AE-B563-410A44DDF482}&lang=ru&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4596
  - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:448
  - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2312
    - - C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4268
    - - C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1760
    - - C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3380
  - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi43MiIgc2hlbGxfdmVyc2lvbj0iMS4zLjM2LjcxIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezFGNTkyNDNBLTA5NzktNEZCMC1CRTY2LTU1OUMwNjJDNjQwRH0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9IntEQkNBNjE5MC1CMUZDLTQ1QzEtOUVGNS02MDNDRThGNEY3NDV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IjEuMy4zNi4zNzEiIG5leHR2ZXJzaW9uPSIxLjMuMzYuNzIiIGxhbmc9InJ1IiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7NkEzMDhFQjYtRkRGRi1GM0FFLUI1NjMtNDEwQTQ0RERGNDgyfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI5ODQiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:1716
  - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={6A308EB6-FDFF-F3AE-B563-410A44DDF482}&lang=ru&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{1F59243A-0979-4FB0-BE66-559C062C640D}"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3108

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Program Files (x86)\Google\Update\Install\{E620F3CC-4290-4D7B-BC4B-1D5FE57F535E}\131.0.6778.205_chrome_installer.exe
  "C:\Program Files (x86)\Google\Update\Install\{E620F3CC-4290-4D7B-BC4B-1D5FE57F535E}\131.0.6778.205_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Windows\TEMP\gui194F.tmp"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:432
- - C:\Program Files (x86)\Google\Update\Install\{E620F3CC-4290-4D7B-BC4B-1D5FE57F535E}\CR_DD9BF.tmp\setup.exe
    "C:\Program Files (x86)\Google\Update\Install\{E620F3CC-4290-4D7B-BC4B-1D5FE57F535E}\CR_DD9BF.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{E620F3CC-4290-4D7B-BC4B-1D5FE57F535E}\CR_DD9BF.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Windows\TEMP\gui194F.tmp"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2304
  - - C:\Program Files (x86)\Google\Update\Install\{E620F3CC-4290-4D7B-BC4B-1D5FE57F535E}\CR_DD9BF.tmp\setup.exe
      "C:\Program Files (x86)\Google\Update\Install\{E620F3CC-4290-4D7B-BC4B-1D5FE57F535E}\CR_DD9BF.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.205 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff67e22fd28,0x7ff67e22fd34,0x7ff67e22fd40
      4⤵
      Executes dropped EXE
      PID:2240
  - - C:\Program Files (x86)\Google\Update\Install\{E620F3CC-4290-4D7B-BC4B-1D5FE57F535E}\CR_DD9BF.tmp\setup.exe
      "C:\Program Files (x86)\Google\Update\Install\{E620F3CC-4290-4D7B-BC4B-1D5FE57F535E}\CR_DD9BF.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Suspicious use of WriteProcessMemory
      PID:2772
    - - C:\Program Files (x86)\Google\Update\Install\{E620F3CC-4290-4D7B-BC4B-1D5FE57F535E}\CR_DD9BF.tmp\setup.exe
        
        "C:\Program Files (x86)\Google\Update\Install\{E620F3CC-4290-4D7B-BC4B-1D5FE57F535E}\CR_DD9BF.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.205 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff67e22fd28,0x7ff67e22fd34,0x7ff67e22fd40
        5⤵
        Executes dropped EXE
        
        PID:1680
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi43MiIgc2hlbGxfdmVyc2lvbj0iMS4zLjM2LjcxIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezFGNTkyNDNBLTA5NzktNEZCMC1CRTY2LTU1OUMwNjJDNjQwRH0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9Ins1MDRFREFGNy1GRTU5LTQ2QzYtOUU4OC04NjU4RTYxOEZERkF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzQy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4wLjY3NzguMjA1IiBhcD0ieDY0LXN0YWJsZS1zdGF0c2RlZl8xIiBsYW5nPSJydSIgYnJhbmQ9IiIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjkxIiBpaWQ9Ins2QTMwOEVCNi1GREZGLUYzQUUtQjU2My00MTBBNDREREY0ODJ9IiBjb2hvcnQ9IjE6Z3UvaTE5OiIgY29ob3J0bmFtZT0iU3RhYmxlIEluc3RhbGxzICZhbXA7IFZlcnNpb24gUGlucyI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9lZGdlZGwubWUuZ3Z0MS5jb20vZWRnZWRsL3JlbGVhc2UyL2Nocm9tZS9saGs0NjdiNGN1bmQ1MnZxZ3FqbmYyczRxNF8xMzEuMC42Nzc4LjIwNS8xMzEuMC42Nzc4LjIwNV9jaHJvbWVfaW5zdGFsbGVyLmV4ZSIgZG93bmxvYWRlZD0iMTE2MDU5NTA0IiB0b3RhbD0iMTE2MDU5NTA0IiBkb3dubG9hZF90aW1lX21zPSIxNzUwMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNTc4IiBkb3dubG9hZF90aW1lX21zPSIxODMyOCIgZG93bmxvYWRlZD0iMTE2MDU5NTA0IiB0b3RhbD0iMTE2MDU5NTA0IiBpbnN0YWxsX3RpbWVfbXM9IjI5MTU2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4860

C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleUpdateOnDemand.exe
"C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Drops file in Program Files directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:864
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.205 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc7a8cfd08,0x7ffc7a8cfd14,0x7ffc7a8cfd20
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1520
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1964,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=1868 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:916
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=2208,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4164
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=1316,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=2552 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2060
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3268,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=3304 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:4376
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:2928
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4216,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:2
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:2616
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4724,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:944
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5064,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:680
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5560,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3844
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5592,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3612
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5780,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2888
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=6044,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:2
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:5592
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5588,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=728 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5452
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4048,i,15434102371264073189,4382071857651741135,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5732

C:\Program Files\Google\Chrome\Application\131.0.6778.205\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\131.0.6778.205\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Temp\GUMB268.tmp\GoogleCrashHandler.exe

Filesize
285KB

MD5
e8de6e81b27b60a15b07d63b51f88d2b

SHA1
4b786b4b341ae5854a79f3c05e40fe3e224d056d

SHA256
e66c102ceee633205286f122458a1bade0738a35cdfd7988ec442886aa5c5007

SHA512
3cf1c625031be850df00ed5db02a54a4d647a6cdaedc325fa876e4efdfce0d552fe1cd60341ea5a16664be23a13d98dd151c17f5eec04503329ea305b65976ef

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\GoogleCrashHandler64.exe

Filesize
364KB

MD5
33f147b0c09c965f5a4e7eeeff2d9659

SHA1
c71f0450c603a3fc027c2260b2f6e6090684a169

SHA256
14fd1df8f4bd086f603e2de7552a79bd80afba0708b36e5791461fd195d7ed8c

SHA512
8355ea067ab8c71b290b0fbdbebc95d3e94356a7b9076e0bd4ca54f2c5d5b9e49bbf8b2f68889b5f5fcdb64231cafa9d35d2b8e2f746b0fce65092fb6d19b86b

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\GoogleUpdate.exe

Filesize
150KB

MD5
59ea38acbca05610bfee326da3f2d96b

SHA1
5bbc85ca56e0871f56360cc9c3fad1d63e9b23a5

SHA256
cb7f48f36c649bdb12fd09d8fcb60d99efbff44729515fa3cc77f4cdb18d99b7

SHA512
b1fe1d99ddb8f2c53a1cb3756b0f3dcba5c449721b9aa3ecba44c4316516b60c81163f3198ff869ef68ff8980bc7de7d8142988a05f6c9e9f574b942b622d321

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\GoogleUpdateComRegisterShell64.exe

Filesize
177KB

MD5
7e6579e6a59157b3a8672d6c43750093

SHA1
50fd4925e975d4a672d6d79fa4523149ad893d6d

SHA256
788f7e65e69484eee27d5a34311357aead31e905fe0f85f165a77d53a12f53ab

SHA512
0fe13270cb3bf8e90f6b92423a3da9410e811048a62d7193ebfb873225180e29b9feb128a1d2b2b1d8a4e906bfa48e5009cc5b8c20e087743fb68e9eb6920deb

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\GoogleUpdateCore.exe

Filesize
211KB

MD5
a801ffd44995fc011fe9adf267eb76ca

SHA1
93002d350f2d68ac2cea3f568080e12ca116e2ba

SHA256
fbddbf7c0f394e9600bc15b38f9829cafd45f252397d5ebd5ad7d07c575be344

SHA512
4a17a33a69ccdab6f06437bd5f98de2eaa2dd3873579c4a8d948735b3f1156dfbd62ed6d23be0d54b208208605bce28f490380c5a716e64a846973cceaa9ca01

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdate.dll

Filesize
1.8MB

MD5
868299ac338e6614e68c0c3c1097c7e8

SHA1
aaecebfda9c3ecfe6fa005422eccab98d9d09ada

SHA256
1d8b2954124a00b8e35040c001b9763c8306307fb13394a884933b0d7cc35d39

SHA512
ead47233041b6f61bb6b51a97fba1bc97d3a3cccb058a1a82ae2426dfcaee6db04b729487849cbc02a845369250d60a43984c901e5333b1228969baf04161204

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_am.dll

Filesize
45KB

MD5
e4b5f0a176365821496e35e6f367cfa4

SHA1
ddc90124c2a692c8b2bb69861d8dc16b921b5ef0

SHA256
40c76a81e9d65da34c322efb9c20a0662f9d651a92e63b04e9e881bce6ddb064

SHA512
8d2d5c10e4d8b908aececb5e848c2a4737ab63c03d7a8bb49a028fcc8ae10850e3dc59e3dd69582296cb7a0b8a466a5930c9b946c0134be1b7a4cdf6ad41985e

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_ar.dll

Filesize
44KB

MD5
0563e595fc218c3fff696e7631b5de57

SHA1
4df9a1d4e8eb8f8e72472457852fdeb072ff0099

SHA256
bf14bede2aa722cd2339129253b30bfdd27b6a85c2892313c22dfe58ce4cd7b5

SHA512
3d4be0c78618ba02f5697b65e5dfcbbddf7c08f3cf4b29373a06948bb27c0676a2fe9ff03e65965fdec77f0a5b325cbf321289aa9cf71b85624ad09fc37d1a72

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_bg.dll

Filesize
47KB

MD5
53d1e0976bbc17c396cdb13b5886ae95

SHA1
c9652edf1c7cb195c2bd1457d99bc918088265f2

SHA256
aa304702ac6ed97c57180ab913b41c9265d1a219ea1431e56af1b594a70b729f

SHA512
3dc250c6e2a3d849472f69158dd8a113e49cdc51fa3eca650dd8f39ac366380abc1a2211dbadf5f927ae16a9b8d8240d0b562076aee98b27e6b2521913ada31f

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_bn.dll

Filesize
47KB

MD5
fa0bf041b36d1223f0f340640b4ab14a

SHA1
2b7f54dc4d1abf0d40ab967b19dc907e5d8b954c

SHA256
8851ab74512cd6988c17e811aa864252348ca91b4907dd1b623a4fe1d65a603f

SHA512
f5cd51e39832e6f4047ee300ab80311fcb08a3284275760056df423d93c327269b6cc9dac26b271b0a5a209dc6d531a37c4b76f980b32e2c2c7cc5fc886cb301

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_ca.dll

Filesize
47KB

MD5
13ffe0461a674d0528c76f23f5519453

SHA1
fcbd6290119d6d23f35de8264c79e679cd1b9266

SHA256
d0cc1a011f71744c1c28f6a8df90ea835c3037dc0f4fbdf412ae541ea1274c26

SHA512
2f021f29d64a3c6fb8e7e5db10869d00c6ba09a3fd64af361d2be7ad94acd062a72f94c5cf96943206c4536abce49c726c406519e45e73c5018674a9a1bfa80b

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_cs.dll

Filesize
46KB

MD5
28c5ea5c7028534a758d5c05a73a3370

SHA1
d2b01eae55c6a28bf08083199fa65afba3d3cbf5

SHA256
58208f1097b10ed757cb38bf62a12b2222c69b016494e42b5aecd1d8cc3b0462

SHA512
9db53763f434911c9606e18005944d0f03548cac0cac3555d4cfdf4a95198e0542c21b256286be66483bdb0ac0db197a5f556fa26dff52f04ec72213f5761e28

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_da.dll

Filesize
46KB

MD5
2d75bd0653b33fe2c69a88f108b0182c

SHA1
baf36a858723c14fc6cf4eeddcd522900b5e3a54

SHA256
eda6f41df6d2ff9f070f0ebdd53eefc97f550ebd8ef57a64224767ea3fdd35bf

SHA512
f9fa9835354f3edaec99cbf117e4e18d763e5249d6a390b36e486925c153fac70e4b9ecf8b96e67972dfe305ec52f44dda4219248b79784b1ec983fd23215598

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_de.dll

Filesize
48KB

MD5
81603293e0a06dfe9f428db0e3467c21

SHA1
c58080fbf5a486c04f2903060f40c68a34a350b7

SHA256
f98ab8b27cb0e7c79f520c65700fc5f9f99e75917f2979a4aa7e363148a6579c

SHA512
710837607b92aa13d3d059f00001e3d93cab788a6793fea83b8228b1bc3b0051be17067ee57bf1182d380bf48359d70e35aae77a5d1e887209d3bc1f6beb9eef

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_el.dll

Filesize
47KB

MD5
033e95c579cee3223f1e8bcfdc733dbb

SHA1
6a8c1e437e18eba95dd4b2d1be5a6b8141ad1b4c

SHA256
2ee47df4d1cae123cb70380b74f3b83d2837233f0a61858e109dc87fb76fda70

SHA512
70ce74e5aa50f6e21bcd1e7247708810cad9ac2619aba33cdfea5a0c3bff583b9d4f6c69f7b5f0d50a623765b053635a5a7e47e8980bbf94de1c70bd4684fb93

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_en-GB.dll

Filesize
45KB

MD5
afea7dfa6953c4c53a65bce6167ca2e0

SHA1
f74875c0c9edd26f6a42670264a79e3b6ddff5f1

SHA256
c9f8fd9429c1e26c2ad0fe5aecd665903b67a2332a83808bad6d600d25d1652e

SHA512
b18d50e900cf8bd0c9349982877a992a2b8d61d9667693796e92c5ea5dd0955e494da4893b1936c732f59160da7c0d371ffe10077883905de4585740f605f963

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_en.dll

Filesize
45KB

MD5
d8d59ac41f1073eb79d310d2ad590f8b

SHA1
80deebb0988bb66ea84b282a340efb6b6dd21d38

SHA256
3a490a7775685087b5ec6f761ffe7ced4cbf1a385d43c067e7769f7483e4f5cc

SHA512
43e59a9d7c0dc0942d24361229770fb590147e816eca15cd5ad70ab9c9817c0447cad2a6087ffed102a364e42bef969c7d46d10b2712f8bedb3171fd6c3852ea

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_es-419.dll

Filesize
46KB

MD5
50a6e734297f06b9a8a828c5cad2dcec

SHA1
4153a961e6925103ac58e86a5a265b17478f20c6

SHA256
6068c6adac5db66a6946ccf8858dc63a605071d2e2f01722388b23e3ce74cac5

SHA512
9295ff73cae6c7024a39fa0bd0ce6d839eec924102a2b49a7351d037fb1564c1243625afee7f1e2b0b76713f2ada7f1ffde4dde46a50e9e86fae92b5f353d735

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_es.dll

Filesize
48KB

MD5
e4672621b456b5588efb0b5cae8bcba3

SHA1
1f09caf3ee7dd85cb6e83cffb340d5d8c3305974

SHA256
79f63ee26987657ad281ec52380d3c62f6041ff7a88b95289b293e9db8095b38

SHA512
a92dc70bb6a4e274f814a45bce331246a4a81e2f1fe037ecb56950f60aed268f5852d391773713babae5b630aeb761268fcd9c129a351f0951f1f8e2da29fa42

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_et.dll

Filesize
45KB

MD5
ecc54f07684d9aa9640aebf45a83fdd4

SHA1
ee20b7f54dc1adaeb29a821e86d13bae9004a673

SHA256
e1287ef88b7a20c42d594a6e171c0bb12974ae8b82414fbef75f848db730f3b4

SHA512
80cac3c6a9304f39c66bf5133ff7c4e3bd27124660604c92793342ea6a628d3be22a7ba03e23fa3a66de525514da4f503319b96b4388cf0a0b6afb8d361d7bcb

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_fa.dll

Filesize
45KB

MD5
d07e0ad08ce9066ceb3e24e8b686fb86

SHA1
84a6152dd61e6bdb64b50f7c13b88241c5ef9920

SHA256
229353227102e5003f8cc246e20859a97879e4911c4060edef328f8f79f6ea84

SHA512
0761e46ad2ac17af99997ecd906b31ddc7aa1520ba56357aab0517c947d408dc943d07b626057d210879e14bab0980373f8e6f20fe85fff2324438d7d512b67e

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_fi.dll

Filesize
46KB

MD5
84db876048b823a551d796ec9fdbedae

SHA1
f8d2d7c66c5fc4706b67a49f14ebf3942b1a41a6

SHA256
6b43f06913491ee88647a20368552a64cbf7c77e613c370a74a4b5e5fe252a21

SHA512
407b3770578fbc41c2bf59118beaa15ced75e5d302d337565f9f17b2bf99a4384323b0f95d361889bdef140dc372bdb45ee0ef8ce51f2258e7d5ec1952d2cfb9

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_fil.dll

Filesize
47KB

MD5
321fdf4b45e1e577049e9eb1b8db7898

SHA1
942ffa962d71b7aded879e36e46e2eee2ccb0419

SHA256
d72c5e564cb9206ee052c34fde1809fd8d33f1e5c09cb19e6be4f5fe3d83f05b

SHA512
0d09e91f0bcd0060253c735815bcb662bfa48707b4487b527d48cefb3bf265b1baf1708519aea72cdb18b08e04f5d56e226e2f2dfbdd317ddaec87f308f035e9

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_fr.dll

Filesize
47KB

MD5
4649fda2561de1b7604f5df73dd565f1

SHA1
2762f78a310d767946521bae06536bf6c9916578

SHA256
d5bae91382fe7c78c8f7aaf051d0975d157c74573724e35337864b0ef14eff56

SHA512
92a95c134b099bca59154accd148b5c5e0541d94c5a7a44256d47552bc552dce0c7d50163dc29e0c109e9f7863e74e921213634cf3176e30a8efa9352c4ed044

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_gu.dll

Filesize
47KB

MD5
d9d6d3a94b91a0c4c963722b414ca46b

SHA1
59f401d62748da26b0c7855d28ef3297d3fa9231

SHA256
f290224e58a44b09de72853e9d0c87da7a6edbebf6e6c936dd8eedfe1cdd8364

SHA512
8c7707245a817b9b9fefdd857e05892eeea8da2ce70f9ec962e88ab3c9855dc4e7ffd5071f6cf69b05f442f14d9633bc320a958941359f8b5f34f0c734a60b43

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_hi.dll

Filesize
46KB

MD5
e88ab66187b8c821d638cf9747b96f83

SHA1
3f004d8c99dbe40fe1fc9a7a0531905dfd324a55

SHA256
695e89b6e1ca72abacf9307270787ae3536e613fbf11f2f71fc4bf2da1b8b23d

SHA512
984dbc78f5c75524a61000b6dad511797733408e73f80a73737f099bc46a3bcc67766df7298f67f994a16ea74c4a431fb34374824a12764c8dc7ede71e5ff8ff

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_hr.dll

Filesize
46KB

MD5
147982aae9f3730db831f096b5874dfc

SHA1
57b48d87968acaf9ef02496b8b2775ce88245f57

SHA256
abc4bccc60c0fd974be793a5d793fab0061b6cbd343f69040227fb4cf53d264b

SHA512
2df69b287ba9e59fe6d916acd52113e30331129bb6da1534e3895c335a71054795fd558e8bfd1ce45697f6760584fa5268733d3a49e94d463fc02c73c38543ff

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_hu.dll

Filesize
46KB

MD5
cd08faf1c96a2b8c2443612e69051c81

SHA1
ae591839390dc61792c435b2116854aa1f642811

SHA256
ea06f93fa77cf4a411fb4297feacd589adaba2ae80b11adf281ad3891a61dc4f

SHA512
c3cc0fbbb51fc793475aa4d7446f33659f8b0b134a413477319830354b04fc05458ca8b491bac63d4bab1d09a42af483e9b858f376e71304318579d09348f842

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_id.dll

Filesize
45KB

MD5
0cf20038e1f91637c9a669834677b2d5

SHA1
58d3cc05ca6bb1b3706a74d5b1aabfc7d3d263a9

SHA256
d4bc617513a66052f898fd1a7eda86c5bc38244eca6acf194fdadd3d291eb36d

SHA512
af7ca7b5175ace1d6ea09ea3a9a4fa79011d6b98e33af87b9d54580267250def13ac95d45144e5297b2953fd02fd1ff78efb790da00157d448bab6017b822b75

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_is.dll

Filesize
46KB

MD5
784c6b659239b0262de49e5f87e4f6af

SHA1
17bc46c06f32cd1bb0e3215fe771b62a1d1eaa24

SHA256
818321d13b1309e30600d5777c8f07c8a2ef1a277a3f29b8cf4cc7e02a772311

SHA512
d21dd8a1a25d1e9e2650b05d430ddc0ac840baa50f4427d72ddb569578cf0a44ac896c666f9b7d15ec1593b6f067f48af2f8696b7dff4b22f2de5df81aeb69dd

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_it.dll

Filesize
47KB

MD5
c5ac9af6c47749454a7bc7268f0c917f

SHA1
5f9ce845fe7921dbdd27fe5429fec4390a1bf4e5

SHA256
bbd87500694bbfb610801eafcb73554c17fa49f6b003a9a0254af92b25fd6523

SHA512
19f7b9f1f6c71293d4c2143ae6c0385a96a005bc67267393e7dd656609dbbefdd6aac2f914e64b6a27ee8c21eda42f49f9c952d8c17851857d6a86f882df3980

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_iw.dll

Filesize
43KB

MD5
b0cb48859b6918e60bdceeb1fd1e346c

SHA1
94ea6ac919aea457947bcbd2c91bf0cfd380017b

SHA256
577b1a4fd4bf64477ca633246ec22d78734e6668d5a8685d9e4c447ddda988be

SHA512
cc3b30578dd66c8dc6f07c324a8696652ba9d93423b7e73a34c60b182ea18b3875919644e566b5a46800d84f3f15dd902fba093cfe405562ab34c0ded7ac2f5e

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_ja.dll

Filesize
42KB

MD5
4a8fec5ad8f5e49e656265576be5eb13

SHA1
d57876ef3634be81b5cfac0eff36ad8ab3496460

SHA256
01fa4f508844d9d99213d26f6ba3d67ac91110a48567ae06138d5ffb7e2cef8c

SHA512
ac96b6482dd360db7bce573918173821e9532055024229c9039e3dac22924338f82f99c5de6228e1a958fac4d80d88b862d6de894979207aa7f21d38fb4e75fe

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_kn.dll

Filesize
47KB

MD5
53c083af8ec358a88f9a0e07382bf940

SHA1
b37c4d65b1f33088a1c94100009d72aeacab28b8

SHA256
8e4f820a1e9fda97b3dfbbfc5f0ffcb1e21e17f3492170d2ab7c0efaee94342a

SHA512
ba86573fd2ea257e4821667be024f4b17d88ba6ac3b83a402a04d6492c1285ffa71bb55860e6735a262cc2efd220174bb0641a344e0fe8032d5d9e1d16c8823c

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_ko.dll

Filesize
41KB

MD5
b9f6fb4f7c6e75b973ceee4da4647488

SHA1
5f8e4c4493c653be703ce43b48791a0c70769f64

SHA256
2bf08baf734a577dce87f25811d62e37028f730a25f7c5359239b95f04afa0a4

SHA512
736a473f86dd4f85bb298800791d7e0cf848d50186c87ebf4772c6a32862657448fd59ae6629188d497dfe92363de41d0e95f8d6b67ed5dc0c5375f0def6078c

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_lt.dll

Filesize
45KB

MD5
8055554e9b9feb5d41329df05da9bde1

SHA1
9d6563a7253cb0232f0ec288062afb629a56f253

SHA256
1e27f8a8964c1100796830b08a96a6e302b7d11914e779ba5cf6fb6cf9d28b62

SHA512
c0352e4b5492231d487e68f8794b0b84960e0564cafda8d95e0258a0102cb53d00cdf2e7bd385618297a5f3c87dceacc38887f87c28c1ce18f396aab9eb33e88

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_lv.dll

Filesize
46KB

MD5
e8bd88707afc9678106a4111663c5c43

SHA1
7143a012f1589caefa6dc1556b6e675ba92cfb62

SHA256
10df1047d2dc01af66b1435e27c0155d6ffd88464ac6d8d29c46845f25b22529

SHA512
10aef2fa13c74b2c564f8aa7f466350fdc0dc7a22d3fbd95177c5f76264f9377ba1ae40e63305cde2d8cec396531cda25cdfe06329f63903ba14cba6ff9c2b84

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_ml.dll

Filesize
49KB

MD5
8db9291b82b66ff654c25f4866e32310

SHA1
040c7467301dc0cd742c9a38dd329e817d2efa97

SHA256
51903649428aeebdfd7574af53b82f2725a73ffbd1ab454a20752204c3477d8c

SHA512
81bb3fd5ba91bd5f6b23ea91e543a4a5b49a174570d3c52c1cac728fd2652d9032627b68b7f885d155d40424cb2b29b1512fd74bf02908bb440f6074cd66dda2

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_mr.dll

Filesize
47KB

MD5
cb2420e117867802072802588b33e730

SHA1
258890e382c023975e185b33655fc1ace8de491b

SHA256
8e8c4c8bd177e3da2558374789d4d59d6a717a0c760be88aac0df6d5225dd428

SHA512
0c808929b32c8997af0d7f8f7f6ab200b65d16a8658327971743d6a9eaa3771e774a0748cef84efaca92b59566c3666a3dae1d06da07cd7b7fbbf9d8d67ab05d

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_ms.dll

Filesize
45KB

MD5
ae8069ae48aac2337e76e9a28ef5130f

SHA1
4843eb70bd7602592bf121aaf1ab33978ef1262a

SHA256
7a07202ea07804e167e18622950042b7e88da52f8d22099456fb367804876c49

SHA512
bc7583953304ae3e51f3773f80101794a0956dc66b9308f048efdddcd4351b4c0b0fc5c85972ae1b1e7fe8a16ed58b38338ccae042c87560643b24530b676dae

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_nl.dll

Filesize
47KB

MD5
cffc7d79fbbac7aeb4d654bfa8c1c68a

SHA1
71322b0be950af16f02858e7ba859f494c50c10b

SHA256
7ed754a69d3b1929d2acf0b08c0bc24bbab5681aad40f5c71eaf1d090dc261a6

SHA512
3adb6af758a155b2fbe748f1fa07ae4a3e5aa72386df6c8b3df92a5a40bb3367767253668a8e0f47b0d275799905889adde39114e1fb94828825f165798d6806

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_no.dll

Filesize
46KB

MD5
d61f72e8e074098d512febaf5f35659a

SHA1
23d51472dba9f215a1b1e70a20a86434056839ee

SHA256
2d3308c750bc23285a28d62b425ad670562690882317aaf4943faf9cd878cf53

SHA512
e3a3f2e83a7835206f10283c4e0137e40d6d6c8b47b0daa1801e11108ee08e1e9f8e9fc8cadb425df8dd351067b87ca2ae7f744f381d69704125afd583b796ff

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_pl.dll

Filesize
46KB

MD5
0b697583a204d7ef9a8e7db4dc5351b2

SHA1
67b6c7210292b26f3ea5edc49b4d23748e4b8e38

SHA256
c415d32a26488a5ea3b548417ec9c0c6d50b43b87ca4be29b8eb621cd8ebfdc7

SHA512
941d66b55b8de084bf05f4367e0d551c8c304fc7208d79c933ed67ce849882ba8020ff368dd7d422e9a995c1ab4e6e9eef769d2a2c20b8883da2e36f404c7b71

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_pt-BR.dll

Filesize
46KB

MD5
319b586003b03976aa561df33403886a

SHA1
a5f305d3485427e85a3777ebd80f7030d90e9098

SHA256
9a291e1c5da9938c0db831b85a04d164e43aafb69d1c512e8fc908e8b0dd3b6b

SHA512
3f551602aabec14b1b3624786b9000749a7a26f582247dd6cb42f52645ae387afe13d9d180f3fb9cb0d4d32ac81f7f1639194da9581205a650ee50b0da4c40f7

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_pt-PT.dll

Filesize
46KB

MD5
7c636b6355ebb531dfe885acc2dca1ad

SHA1
fbe97eec09268a9569fa7430b9cb8c9d3079c644

SHA256
35cd80f46689e5f39f3bbbe1479b59c5cab50969a05704a31531bd6f8649b596

SHA512
947a771b9445c04e1169e33ab1c69d3e94bbefcb8a2528fae9fc8a0f9d657bfaf9070ff1daae5d213ccf7819571897b782430f805e5830c5cc440a1cefb592ac

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_ro.dll

Filesize
46KB

MD5
5146973bfb9fdbd7f4a31fa7f48e042c

SHA1
e686856c16d08ccc6f1ca439d0bf7e6255f4d087

SHA256
e345fa972c5d430b77c77467755288d2eb9424f61e934999e6b471e41421d6ba

SHA512
bca98cd579c6734b5cfcf61bfcec99017bb65a308e6642aebe2170ba2ef15b633d28698dbef2b95c7d568cc05f7d0beef14911a11fb271913d76e24886f18175

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_ru.dll

Filesize
45KB

MD5
ad5176fb6a21feecc28f286cf0e94db8

SHA1
86d60c8d8b4cd4f92c2f60f436f4e3dc93277613

SHA256
ddba69519210082f4c1e0dd0ed157f98b5fb8cb2ef0863424864d761ef8dcf35

SHA512
633b71810dac4a4259fbb0af90a5415ccfe726fb6c4897b119f8650ba74ec221defb17003e5c38b020e4e15823da35f84a0bbd5541d9fc98de9419f56a6031f7

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_sk.dll

Filesize
46KB

MD5
8601075412d3dc8bd1e7768f19a4a046

SHA1
1890389b3ebe58f8d7b5aec1d130fa030a37b3bc

SHA256
4dadf3274d081c565e1074a6aa1c7272e71c9b5bf889f5b28af8f47b738fe763

SHA512
5e32781369815a670e3307a841d6e72cfc5f83c8114a5cc1b0559063b88c1eaeb7c89e5f31f485b526348511c574506c58acf8bcbc9c31bc536391f5b06bb8e0

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_sl.dll

Filesize
46KB

MD5
b9e536e3903cfa18aa5a2e205f34b6e0

SHA1
e4fd873b45023ca599c219530223f17cb9ab0e10

SHA256
c1282ced42cb008f53da83a49355703255c173cf6abc5f5de3f604bbf104ad57

SHA512
e3a8bdf8457c29043e7d079607824cd5c3db9919c8bdf2555ffbca33ac3e5a132eba0f6d39e2c16c0150cfc2524ecb7b9b5c74597e7c0596de1d0d13d328371f

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_sr.dll

Filesize
46KB

MD5
300d0f133243f171beb740a9e95c9428

SHA1
9f4b76eca0f23f748eae080a3f541f2ff4411697

SHA256
2ca4cee4a115a9e5bf0603ced8895a797ffcb193fa638564cd3c45765b1422ad

SHA512
afa00b69150df9996ee9b3e4bd1a42c14d2f2c24ec9761989bbc41cfaa4b44a09f3a1ff36f9e0d5e29077e66f28ae3e4985b1181834d71bdfcdd7d67ec38c6ca

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_sv.dll

Filesize
46KB

MD5
ab52665519e81d0a18bb5b02f53cc300

SHA1
cf3ecf4c909756e84cd4b1482438b57a4bdf1eae

SHA256
dfe6568f055a99a4d92e32db0d4ea251fd69834d6a7147bf3e33c115001d3104

SHA512
5c810c405e70f683e3f4d96b389be9d011c2b2ebf7ba98e11afc1a1d7c6cb32749e2f0f2fcda55b49394543943cd8986f1b31bc77f4710e030da661715482a11

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_sw.dll

Filesize
47KB

MD5
1d05f854626c43daa0a174004466a020

SHA1
94ce5ea3e86960268be850905d02554e85012ddc

SHA256
d11e2a501af3662a26a313e6c93cb9b2865eb5592ff16b63da7fd4ae38453376

SHA512
192564546a32c022f337563c608c311382f6cbb5fcaa3f4bb28ed0b8e9170052e32d2185f1b597418599e87bdacbc38a80b5f4836e0aed022f3a9342972eb06f

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_ta.dll

Filesize
48KB

MD5
46c81de1bf0d3a3ab84ded998e2ce329

SHA1
6901d36f2ecdc80b1ef3707cb44a6e653c26c51e

SHA256
4017f9f4f45808c8269359c63d2c0392a607b49f39a198feec4c1719c5a2978f

SHA512
bcc402e9bc4b742f6164fcef2064b17d93b994e679fe55f51d3ccd5b65b2990209b521877c7b29f729357ddcfecf0f49299cf35b8b7b32f252a1dd951d5876c4

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_te.dll

Filesize
47KB

MD5
ceb2eacf3574265297d259e11dab8750

SHA1
1527cb3fba9febe1d083f2e891a616c957b17735

SHA256
532af5255fcc27140b2557941e89a58c76aae7e109f2c0691be5b747a2d49033

SHA512
a69fec68057bc3eb0b0f87f69de643c12316a906bbbc63148c6aa65c97033bd1468922bb4b4793169edbd807bd555b95760a1d82d135c94a8f3ae937f3718c4f

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_th.dll

Filesize
45KB

MD5
b357676deb9c14341986efa261374cb3

SHA1
b1bf7a9b04be22c868ae16476dc7c80ff33c791c

SHA256
aad44e860f18a116ff0ab3e14df81cd9d4638b0fe11d468f1d88ff8337a0d543

SHA512
771575878f981d2cbf995de838da0a15ebbd25b0235274d7f8718b1c43f8a35a99883dde72f2a578305387c54ecb1804a5dabcbfe3ef26762ab5ac95f9871d82

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_tr.dll

Filesize
46KB

MD5
0c76a9bcefc72cef2c3d7c0dad046d2a

SHA1
5a3342f737210dbb199e2b2ab053622799298881

SHA256
d480128087ca40538c9b462c01eb7b336d548653ecd0b4ed587b2e096b91f7e5

SHA512
8ae7cea1d2a66f5a03b472b46a425b1eb084d8b1ac43801a0c1692db168183164cb6e0feca08e9995d17bad8ca1b19d6aef1c21230be31406cbe716f8252659d

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_uk.dll

Filesize
46KB

MD5
9ff8de9b80b1f15e1e24c3b146f871d2

SHA1
21b2a17db4bc55feb37755210372f6cc688b55a2

SHA256
4b4ac11270b163d7bba47debc6e67e087f67032461e3939cff8285f47525ba76

SHA512
4a9ef0957019879383a3ecf8a9b697dd4c28e06550a3393c9955177bd57443ba95747a0a50d41612755c51fc050d517affb5d35f23057fceec0578f14a82d488

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_ur.dll

Filesize
46KB

MD5
50aa7b16c3eea17ca665bd683ae27eaa

SHA1
9236c641c951b979f79b1e1e400e11c68966528a

SHA256
d4095ca0292cdc2a5e0cc8f3dd2975a5071a7b1ae4019930b29743ca5808b9ab

SHA512
13212a25492100bc68c49787bf2cdc5fe61586aa23c8c2e623363d6d49f388231bb9ed876380061cf9ac1899789cca23216a0030f9a29940196a2bb1f794410c

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_vi.dll

Filesize
45KB

MD5
b154d2dad1dd809ba06693cfc02407ae

SHA1
7e91a64eedf1ce14da56a477bf39db5dff6e1777

SHA256
c3afc059b8a2ecffe72e1d6119d26602a3ca801edc72d8208ab4dd899147d004

SHA512
8a451d5ef96259a8af421f6d2b6b506ea7656b823f3fe3b4f5d922faabdcee403ceec5fd80df44ee81d096b058ed36cf4200c7bb2de37186dff62c3bd7f8dd04

Download Submit
C:\Program Files (x86)\Google\Temp\GUMB268.tmp\goopdateres_zh-CN.dll

Filesize
40KB

MD5
32866ddaba0f18c1003c82b04679e3aa

SHA1
bb75fbb33129c9575bfbf3a2d946d97a69458c17

SHA256
7777d174290a5e08b92af9d7d53872879cb614c474d59de6cb459d69db302a4b

SHA512
f4a7f43e01f634d537e7aa2dc21793a90c04f8af73845918699318a3b2c7f44f1eb78c655236da52cadb120ef8ccf9f6deed3c12aa5db1f920a4835c376349ff

Download Submit
C:\Program Files\Google\Chrome\Application\131.0.6778.205\Installer\setup.exe

Filesize
5.7MB

MD5
8d9c429e34fc2b32683951d765f39498

SHA1
21f9ac058c2532eba95bb59c6fb9628115290d12

SHA256
b4e1af45853fba90f9c771026c4c6a4a259b031db9578837f038bac4d9f742f5

SHA512
56e222d88583a0b49a8db3c587aa8fb173f94bec8845e2cc27c8b7119cedad2d5949c2867efd9745220514052fe398d211d1a87059b99015fd0ae574f7c806d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping864_1665957319\Filtering Rules

Filesize
73KB

MD5
eabba602ad039867b52e30e3e59edc38

SHA1
fac94381cb8bd64d6ee5247060a3a3103fcd6d56

SHA256
68ef948a4727c058ed027c201eed5f749a508ae2732518188043af70e6e41e75

SHA512
6c3fb4155fb43a544a4847794511a903a2e2b0dee2fac6c6378c735d8194ff0d7b095dc28eff96f01e42b97e3bac6c68b88fe25d6520dfab131acfdcf88adfac

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping864_1665957319\manifest.json

Filesize
114B

MD5
c5cadab1f82f9b71621c1e776cab86cf

SHA1
c98f0a50560d2d6c60105426a0435f95023a7237

SHA256
a311aa850be76b377f9cf8c39ad706e597b0e52ebf27f5a05dab425271f6652f

SHA512
04dfbea8d35ff5fb2b9926ae095a5243fcafb8bd2ac269bf09cae2daff03d67e777f157649a25ecd388566c54219aa85eb4f6db213c8b1fa001526c5397cce80

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping864_566528880\manifest.json

Filesize
95B

MD5
cd3300d7571770b1800f4505eeda0f06

SHA1
3f6a686d85dc53b90c1fd6724ec476fc38a87b1e

SHA256
b4c780a8b36b0a034c4421ab385f5f1dfbc8a86ee876cfa4e14ad65916aa23d6

SHA512
e981b7b5d3ca9ddb5dd9a402a08c7f6fe76a79a908ee8c333dd8a26fe48044e09e88139c2037ba6c1d2cd4ab244c10c8de8706652f927d9e5904fdd6f2b44eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation\9462\crl-set

Filesize
626KB

MD5
4cccfca2d549f6bf9e421bb367025d43

SHA1
63113e18dd6320880b6baaac408ebeba1846b1ee

SHA256
a729eccd37e7e2c24a53b900b6c6b1db34958cb931024d26b63f886c321e27d9

SHA512
afccc3e734603efad0b527b2160445f4f4d5160a284b895fcaf8f41afc2524a6da56686a1f9745e0703b4283def6343adde33c750bb5643968b7e32826288a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
87781f36c8d42ff52db0137a02f0f532

SHA1
860e9e263257d64408429451540ac47653cbc33f

SHA256
635a080f79503775cd94545e9d2689593b317d3b82e26813b11f31513e9277fa

SHA512
3b71ec5d3273553d4f32dc9ec5b67965dd2b99eb6c2f5c7fa2eab4fe1fb3dd24ebefc474da9369398540de254b626ed24f000a1c02b5e6b9ca64ea09443fd17d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6e90afae643c67d2071a501895537c33

SHA1
e08a2750a02410cc82520e44afe1a27491a99b77

SHA256
8aade81057ded9b109cd510172ccc53877a2184c7102d188697fca590d70fe7c

SHA512
307e1792518e980eb9b7258e09dacd8c6d8d44836edc1002d975fc6c5231da078a1a2fd4e6e11a384a17b1f3fa84bfc710c385f8b53459d457020c0686178940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

Filesize
192KB

MD5
505a174e740b3c0e7065c45a78b5cf42

SHA1
38911944f14a8b5717245c8e6bd1d48e58c7df12

SHA256
024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d

SHA512
7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
55b0fca69190d3960a8dd3d89597ec91

SHA1
3b3ad744bcf40cddd81e2b0e96ef52c83ae0bd92

SHA256
5cd44e023232431c8b31e39aaa6b9fe7e9ea9b569d4c0114ac92d09fb6ade14d

SHA512
273017cfc83b8f82562f728c553b714f48bbe08b69a37fd0d141f353b4c128beef32367b2a3153552a7a90ccc2a70670cfe02fbfb780c861b1633da40410ce30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9463ed0fd6a997caf12de3f8ddbeee2c

SHA1
add6558ed5553e30ec23c9957d9cc359fbeed173

SHA256
9bce240533c7a4acef9c871aed2aecce3b3fbc851545f8cc3d6b9a5d0b7f588e

SHA512
c9661c9b8c47cf72980ff8784838dfdda1e88d2a9e07b32e3642d9ec1a976884af12c6036145b6731f2f6326911ee3608a66ca759451ee4869689f9a1c0e71dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2a89856a5282c8910abc6a67961e4c5d

SHA1
eb38af99c24e79207bbf8b813cf30e0c83fa1e7f

SHA256
f29d685766565f456c14dc643b186870e9412e27320b0d8656af17ff9ab44c53

SHA512
a2690e04b4881ab1f2832d9133e7ca3c3fe540bdf81b564b9b410e7e83d06536537a407c9477af69aa4b4f6193e726aa13e41489437f9f53861f556754ab365d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9bf0d6b92563ddf6ac80b5073dfb4f78

SHA1
87816e9e8556149c36ca480fb36a395efeaed6fe

SHA256
9b85d5595c108c0762c9f4749d4b52d8d0466a0a50c9129ecc1c16dbceb70e69

SHA512
2dce24bbe23ff3b8c1c09ff1676f826be9364aa718de48f955c9e7f21d8bbf4b6ec795d67c6df438ea2901936ae7cb4270abd6328d9effe705333b87e01e95cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d16b1b61cec2ad9cd771cbe282428050

SHA1
145082b3be8ca96ce2927cdb93ecce916e7629e9

SHA256
c1cc6caa773fee8b8e482683381bd8a84faa61f3e8ef28c4cfed123cb024d06c

SHA512
d04e8757b41914d6a32d516103759d2ad3e59c0fa0e3d20a5bff5db05807a9d2e63c1315ce4e54d6c416d7a7c3402818afd3074d98c2bc50a543f99d6cb776fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

Filesize
38B

MD5
3433ccf3e03fc35b634cd0627833b0ad

SHA1
789a43382e88905d6eb739ada3a8ba8c479ede02

SHA256
f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d

SHA512
21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
ba83ed563412dff71fadbc8139edce92

SHA1
125f55026ec3d0a4aa6ecbbfef3c2be6f9db0df4

SHA256
255bbfd7ed149cf2714ef83d8b4cedcebfdc4e7a8e6f51f48f060726432f44c6

SHA512
c216b688f261334595cd7661e8abf7e1434e0ff2dcdb9889cc0e6909bce1dcacbeda03d941d9347f9ed625541f0ae0ef9f6bd26aefc252014ae99e73b5b2195e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
58041297e4f1430020590791c7cb6c0e

SHA1
d47af240fc8e01f0e08b16feb6e67350c0a56f99

SHA256
15cc7b7dcffd1a99c1fcb0ca204343c2006481f2adea857e923856ff5f91211c

SHA512
5d7f2a42077744569754b80703ebe6b05fc294cffc41849347cf5ef6bc62dba69d92ef564ed9f93ca24d37e6bbbda61edc91ba9ad452b16325b424b2886bbfaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
aca8d4746d26ebeb421c12dde8407df4

SHA1
f5538ab5cdaeb1762536e90a30beeb7b9e477e83

SHA256
e08f7bbb3db848290a2f33a4021ee0dba7192728d0cc5b86b15c61de54584ae8

SHA512
b65123e74b6f46e913d6147257f3ea69277ce42eb7bd98177e0263b117f0427d99a3bc40eb5626b4c5b325dba9ee7604f917327b5fcd7de6b6cffd1080c2f09d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
9e950305221b402ebdfc2cf7fa13c885

SHA1
3d0a38a2363a1d4feec0d244c9252cf9eb220e62

SHA256
d53cbe959861e3b2f340c76a310927c012c10c46bfa0e587b9ea8a8a66bfcc86

SHA512
f3c3367a347d490b3d56a9d16cb5fc09bb7da81965d9c04e35aa257e63bc886d4267446a80cd67bd99b2ac8bedf4291874436b5065609c98a72ccd148f012b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\a.exe

Filesize
1.2MB

MD5
791c5c20736bd8034fe33f623dbdafba

SHA1
70768f7e0dda08bcc29f53ef476852973b22cc18

SHA256
bdd0c988721f1338bb50a80f52bfe9228501da13530a7312007b6e00f30215ba

SHA512
5d3066feb610fea78c8952fd8fee0fd23fb446c14565703d0f8fe9b6cb04b27406512b9b677ca20b7361e4f5c3055d5f5de69469dc969a1c0780ddab89e603b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir864_2141300875\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/4192-51-0x0000000074A00000-0x0000000074FB1000-memory.dmp

Filesize
5.7MB

Download
memory/4192-33-0x0000000000410000-0x00000000004D9000-memory.dmp

Filesize
804KB

Download
memory/4192-5-0x0000000074A00000-0x0000000074FB1000-memory.dmp

Filesize
5.7MB

Download
memory/4192-3-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4684-305-0x0000000074A00000-0x0000000074FB1000-memory.dmp

Filesize
5.7MB

Download
memory/4684-304-0x0000000074A02000-0x0000000074A03000-memory.dmp

Filesize
4KB

Download
memory/4684-0-0x0000000074A02000-0x0000000074A03000-memory.dmp

Filesize
4KB

Download
memory/4684-308-0x0000000074A00000-0x0000000074FB1000-memory.dmp

Filesize
5.7MB

Download
memory/4684-1-0x0000000074A00000-0x0000000074FB1000-memory.dmp

Filesize
5.7MB

Download
memory/4684-2-0x0000000074A00000-0x0000000074FB1000-memory.dmp

Filesize
5.7MB

Download